ithemes
Web & CMS Pluginscommercial
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting ithemes.
- CVE-2025-49895WordPress ServerBuddy by PluginBuddy.com plugin <= 1.0.5 - CSRF to PHP Object Injection vulnerability6.5
- CVE-2022-45825WordPress WPComplete Plugin <= 2.9.4 is vulnerable to Cross Site Scripting (XSS)7.1
- CVE-2022-31474WordPress BackupBuddy Plugin 8.5.8.0-8.7.4.1 is vulnerable to Directory Traversal7.5
- CVE-2022-4897BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting6.1
- CVE-2020-36176The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.7.5
- CVE-2020-14092The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection.9.8
- CVE-2015-9379iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg().6.1
- CVE-2015-9378iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg().6.1
- CVE-2015-9377iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg().6.1
- CVE-2015-9376iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg().6.1
- CVE-2015-9375Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().6.1
- CVE-2015-9374Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg().6.1
- CVE-2015-9372Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg().6.1
- CVE-2015-9371Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().6.1
- CVE-2015-9370Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg().6.1