ithemes 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、vendor risk sql injection, and パス処理の欠陥 があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact session compromise、vendor impact data exposure, and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-31474 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1. | [email protected] | 7.5 | 91.94% | 2023-03-13 | 2026-04-28 |
| CVE-2022-4897 | The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting | [email protected] | 6.1 | 21.68% | 2023-02-21 | 2025-03-14 |
| CVE-2020-36176 | The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs. | [email protected] | 7.5 | 0.21% | 2021-01-06 | 2024-11-21 |
| CVE-2020-14092 | The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection. | [email protected] | 9.8 | 79.66% | 2020-07-02 | 2024-11-21 |
| CVE-2015-9379 | iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg(). | [email protected] | 6.1 | 0.44% | 2019-08-28 | 2024-11-21 |
| CVE-2015-9378 | iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg(). | [email protected] | 6.1 | 0.44% | 2019-08-28 | 2024-11-21 |
| CVE-2015-9377 | iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg(). | [email protected] | 6.1 | 0.44% | 2019-08-28 | 2024-11-21 |
| CVE-2015-9376 | iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg(). | [email protected] | 6.1 | 0.44% | 2019-08-28 | 2024-11-21 |
| CVE-2015-9375 | Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | [email protected] | 6.1 | 0.44% | 2019-08-28 | 2024-11-21 |
| CVE-2015-9374 | Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | [email protected] | 6.1 | 0.44% | 2019-08-28 | 2024-11-21 |
| CVE-2015-9372 | Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | [email protected] | 6.1 | 0.44% | 2019-08-28 | 2024-11-21 |
| CVE-2015-9371 | Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | [email protected] | 6.1 | 0.44% | 2019-08-28 | 2024-11-21 |
| CVE-2015-9370 | Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | [email protected] | 6.1 | 0.44% | 2019-08-28 | 2024-11-21 |
| CVE-2015-9369 | Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | [email protected] | 6.1 | 0.44% | 2019-08-28 | 2024-11-21 |
| CVE-2015-9368 | Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | [email protected] | 6.1 | 0.43% | 2019-08-28 | 2024-11-21 |
| CVE-2015-9367 | Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | [email protected] | 6.1 | 0.44% | 2019-08-28 | 2024-11-21 |
| CVE-2015-9366 | Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | [email protected] | 6.1 | 0.44% | 2019-08-28 | 2024-11-21 |
| CVE-2015-9365 | Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | [email protected] | 6.1 | 0.44% | 2019-08-28 | 2024-11-21 |
| CVE-2015-9363 | iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | [email protected] | 6.1 | 0.44% | 2019-08-28 | 2024-11-21 |
| CVE-2018-12636 | The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page. | [email protected] | 7.2 | 40.72% | 2018-06-22 | 2024-11-21 |