Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ithemes vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-31474
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 up to and including 8.7.4.1.
Ithemes Backupbuddy
NA
CVE-2022-4897
The BackupBuddy WordPress plugin prior to 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting
Ithemes Backupbuddy
4.3
CVSSv2
CVE-2015-9363
iThemes Exchange prior to 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Ithemes Exchange
4.3
CVSSv2
CVE-2015-9370
Invoices Add-on for iThemes Exchange prior to 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Ithemes Invoices
7.5
CVSSv2
CVE-2020-14092
The CodePeople Payment Form for PayPal Pro plugin prior to 1.1.65 for WordPress allows SQL Injection.
Ithemes Paypal Pro
4.3
CVSSv2
CVE-2015-9364
2Checkout Add-on for iThemes Exchange prior to 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
2checkout Ithemes 2checkout
4.3
CVSSv2
CVE-2015-9371
Manual Purchases Add-on for iThemes Exchange prior to 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Ithemes Manual Purchases
5
CVSSv2
CVE-2013-2744
importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote malicious users to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function.
Ithemes Backupbuddy 2.2.25
4.3
CVSSv2
CVE-2015-9366
Custom URL Tracking Add-on for iThemes Exchange prior to 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Ithemes Custom Url Tracking
4.3
CVSSv2
CVE-2015-9373
PayPal Pro Add-on for iThemes Exchange prior to 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Webdevstudios Ithemes Paypal Pro
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »