Описание
The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.
Ссылки
- ProductRelease NotesThird Party Advisory
- ProductRelease NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.7.0 (исключая)
cpe:2.3:a:ithemes:ithemes_security:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 44%
0.00213
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
больше 3 лет назад
The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.
EPSS
Процентиль: 44%
0.00213
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-287