Known Vulnerabilities for products from Ithemes
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ithemes".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-27056 json | Not Provided | 2026-02-19 | 2026-04-28 | |
| CVE-2025-49895 json | Not Provided | 2025-08-16 | 2026-04-28 | |
| CVE-2023-40001 json | Not Provided | 2024-12-13 | 2026-04-28 | |
| CVE-2022-31474 json | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Pa... | Not Provided | 2023-03-13 | 2026-04-28 |
| CVE-2022-4897 json | The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in var... | 6.1 - MEDIUM | 2023-02-21 | 2023-11-07 |
| CVE-2020-36176 json | The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirem... | 7.5 - HIGH | 2021-01-06 | 2021-07-21 |
| CVE-2020-14092 json | The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection. | 9.8 - CRITICAL | 2020-07-02 | 2020-07-08 |
| CVE-2018-12636 json | The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin pri... | 7.2 - HIGH | 2018-06-22 | 2023-11-07 |
| CVE-2018-7433 json | The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. | 7.5 - HIGH | 2018-03-02 | 2018-03-17 |
| CVE-2015-9379 json | iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 6.1 - MEDIUM | 2019-08-28 | 2019-09-03 |
| CVE-2015-9378 json | iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 6.1 - MEDIUM | 2019-08-28 | 2019-09-03 |
| CVE-2015-9377 json | iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 6.1 - MEDIUM | 2019-08-28 | 2019-09-03 |
| CVE-2015-9376 json | iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 6.1 - MEDIUM | 2019-08-28 | 2019-08-29 |
| CVE-2015-9375 json | Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg()... | 6.1 - MEDIUM | 2019-08-28 | 2019-09-04 |
| CVE-2015-9374 json | Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 6.1 - MEDIUM | 2019-08-28 | 2019-09-03 |
| CVE-2015-9372 json | Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 6.1 - MEDIUM | 2019-08-28 | 2019-09-03 |
| CVE-2015-9371 json | Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 6.1 - MEDIUM | 2019-08-28 | 2019-09-03 |
| CVE-2015-9370 json | Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 6.1 - MEDIUM | 2019-08-28 | 2019-09-03 |
| CVE-2015-9369 json | Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg()... | 6.1 - MEDIUM | 2019-08-28 | 2019-09-04 |
| CVE-2015-9368 json | Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove... | 6.1 - MEDIUM | 2019-08-28 | 2019-09-03 |
Known software with vulnerabilities from Ithemes
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Ithemes | 2checkout | - |
| Application | Ithemes | Authorize.net | - |
| Application | Ithemes | Builder Style Manager | - |
| Application | Ithemes | Builder Theme Depot | - |
| Application | Ithemes | Builder Theme Market | - |
| Application | Ithemes | Custom Url Tracking | - |
| Application | Ithemes | Easy Canadian Sales Taxes | - |
| Application | Ithemes | Easy Us Sales Taxes | - |
| Application | Ithemes | Exchange | - |
| Application | Ithemes | Invoices | - |
| Application | Ithemes | Ithemes Exchange | 1.0 |
| Application | Ithemes | Ithemes Security | - |
| Application | Ithemes | Manual Purchases | - |
| Application | Ithemes | Membership | - |
| Application | Ithemes | Mobile | - |
| Application | Ithemes | Paypal Pro | - |
| Application | Ithemes | Security | 5.6.0 |
| Application | Ithemes | Stripe | - |
| Application | Ithemes | Table Rate Shipping | - |