Vulnerabilities and security researches forbetter-wp-security better-wp-security

Jun 07, 2024

CVE, Research URL: CVE-2018-12636
Home page URL: Security reports for Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Application: Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Date: Jun 22, 2018
Research Description: The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2012-4264
Home page URL: Security reports for Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Application: Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Date: Aug 14, 2012
Research Description: Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2020-36176
Home page URL: Security reports for Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Application: Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Date: Jan 06, 2021
Research Description: The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2012-4263
Home page URL: Security reports for Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Application: Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Date: Aug 14, 2012
Research Description: Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2018-7433
Home page URL: Security reports for Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Application: Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Date: Mar 03, 2018
Research Description: The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-28786
Home page URL: Security reports for Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Application: Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Date: Dec 29, 2023
Research Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4.
Affected versions: Min -, max -.
Status: vulnerable

Jun 24, 2024

CVE, Research URL: CVE-2022-44593
Home page URL: Security reports for Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Application: Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Date: Jun 21, 2024
Research Description: Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through 9.3.1.
Affected versions: Min -, max -.
Status: vulnerable

May 29, 2025

PSC, Research URL: PSC-2025-64574
Home page URL: Security reports for Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Application: Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Date: May 29, 2025
Research Description: Solid Security – Password, Two Factor Authentication, and Brute Force Protection is a comprehensive WordPress security plugin designed to protect websites from the most common and dangerous cyber threats. With a proactive security strategy, this plugin guards against brute force attacks, malware infections, session hijacking, and unauthorized logins. Built to adapt to various types of websites – from eCommerce to blogs – Solid Security provides real-time monitoring, intelligent user-level protection, and automated vulnerability patching. The plugin has undergone a detailed security audit and successfully received the Plugin Security Certification (PSC) from CleanTalk, guaranteeing robust code integrity and secure implementation practices for WordPress environments.
Affected versions: Min -, max -.
Status: SAFE & CERTIFIED