ThreatPress

WordPress Vulnerabilities Database

Back

WordPress iThemes Security plugin <= 7.0.2 - Authenticated SQL Injection (SQLi) vulnerability

Product
iThemes Security
Description
Authenticated SQL Injection (SQLi) vulnerability found by Çlirim Emini in WordPress iThemes Security plugin (versions <= 7.0.2).
Solution
Update the WordPress iThemes Security plugin to the latest available version (at least 7.0.3).
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-2018-12636
Versions
Affected In <= 7.0.2
Fixed In 7.0.3
Disclosure date
2018-06-25
Credits
Çlirim Emini
Submitter
ThreatPress