Vulmon Recent Vulnerabilities Trends Blog About Contact

ithemes vulnerabilities and exploits

(subscribe to this query)

4.3
CVSSv2
CVE-2015-9363
iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg()....
IthemesExchange
7.5
CVSSv2
CVE-2013-2741
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct...
IthemesBackupbuddy
4.3
CVSSv2
CVE-2015-9378
iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg()....
IthemesBuilder Theme Market
7.5
CVSSv2
CVE-2013-2742
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script....
IthemesBackupbuddy
4.3
CVSSv2
CVE-2015-9371
Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg()....
IthemesManual Purchases
4.3
CVSSv2
CVE-2015-9379
iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg()....
IthemesBuilder Style Manager
5
CVSSv2
CVE-2013-2744
importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function....
IthemesBackupbuddy
4.3
CVSSv2
CVE-2015-9365
Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg()....
IthemesAuthorize.net
4.3
CVSSv2
CVE-2015-9369
Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg()....
IthemesEasy Us Sales Taxes
4.3
CVSSv2
CVE-2015-9375
Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg()....
IthemesTable Rate Shipping
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
log injectionCVE-2020-5617spectrum protect plusCVE-2020-16199CVE-2020-4542arbitrary codeCVE-2019-18394CVE-2020-4328pleski2 analysts notebookunprivilegedp30 firmwareCVE-2020-15467