cleantalk
Vulnerabilities and Security Researches

Solid Security – Password, Two Factor Authentication, and Brute Force Protection, CVE-2020-36176

CVE, Research URL

CVE-2020-36176

Home page URL

Security reports for Solid Security – Password, Two Factor Authentication, and Brute Force Protection

Application

Solid Security – Password, Two Factor Authentication, and Brute Force Protection

Published on
Jan 06, 2021
Research Description
The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.
Affected versions
Min -, max 7.7.0.
Status
vulnerable
Previous vulnerability researches
Solid Security – Password, Two Factor Authentication, and Brute Force Protection (CVE-2018-12636) , Jun 07, 2024
Solid Security – Password, Two Factor Authentication, and Brute Force Protection (CVE-2012-4264) , Jun 07, 2024
Solid Security – Password, Two Factor Authentication, and Brute Force Protection (CVE-2020-36176) , Jun 07, 2024
Solid Security – Password, Two Factor Authentication, and Brute Force Protection (CVE-2012-4263) , Jun 07, 2024
Solid Security – Password, Two Factor Authentication, and Brute Force Protection (CVE-2018-7433) , Jun 07, 2024
New vulnerability
Falang multilanguage for WordPress (CVE-2025-48285) , Jun 15, 2025
Social Sharing Plugin – Sassy Social Share (CVE-2025-5528) , Jun 15, 2025
PSW – Login and registration (CVE-2025-4607) , Jun 15, 2025
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2024-9994) , Jun 15, 2025
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2024-9993) , Jun 15, 2025