ithemes vulnerabilities and exploits

4.3

CVSSv2

Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg()....

Ithemes Authorize.net

4.3

CVSSv2

iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg()....

Ithemes Exchange

4.3

CVSSv2

iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg()....

Ithemes Builder Theme Market

7.5

CVSSv2

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct...

Ithemes Backupbuddy

7.5

CVSSv2

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter....

Ithemes Backupbuddy

4.3

CVSSv2

iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg()....

Ithemes Mobile

4.3

CVSSv2

Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg()....

Ithemes Easy Canadian Sales Taxes

4.3

CVSSv2

Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg()....

Ithemes Invoices

4.3

CVSSv2

iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg()....

Ithemes Builder Style Manager

5

CVSSv2

importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function....

Ithemes Backupbuddy

1 2 3 NEXT »