Vulnerabilities and security researches forithemes-sync ithemes-sync

Feb 27, 2026

CVE, Research URL: CVE-2026-27056
Home page URL: Security reports for Solid Central – Site Management, Backups, Security, and Reporting
Application: Solid Central – Site Management, Backups, Security, and Reporting
Date: Feb 19, 2026
Research Description: Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through <= 3.2.8.
Affected versions: max 3.2.8.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-40001
Home page URL: Security reports for Solid Central – Site Management, Backups, Security, and Reporting
Application: Solid Central – Site Management, Backups, Security, and Reporting
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13.
Affected versions: max 2.1.14.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: c2dff4feca46465307a104e23da922695469d2d4
Home page URL: Security reports for Solid Central – Site Management, Backups, Security, and Reporting
Application: Solid Central – Site Management, Backups, Security, and Reporting
Date: Oct 10, 2019
Research Description: Solid Central – Site Management, Backups, Security, and Reporting [ithemes-sync] < 3.0.1 WordPress iThemes Sync plugin <= 2.0.17 - Insufficient Secure Key Validation vulnerability Insufficient Secure Key Validation vulnerability found in WordPress iThemes Sync plugin (versions <= 2.0.17).
Affected versions: max 3.0.1.
Status: vulnerable