First published: Wed Jan 06 2021(Updated: )
The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ithemes Ithemes Security | <7.7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-36176.
The severity of CVE-2020-36176 is high with a CVSS score of 7.5.
The affected software version for CVE-2020-36176 is iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress.
CVE-2020-36176 allows an attacker to bypass the new-password requirement for an existing account until the second login occurs.
To fix CVE-2020-36176, update the iThemes Security plugin to version 7.7.0 or later.