iThemes Sync <= 2.0.17 - Insufficient Secure Key Validation
| Description | iThemes Sync allows users to manage multiple websites from a single dashboard. This vulnerability, affecting secret key validation, could lead to full compromise of a WordPress site. |
Affects Plugin
|
fixed in version 2.0.18
|
References
| URL | https://ithemes.com/important-ithemes-sync-vulnerability-patched/ |
| URL | https://plugins.trac.wordpress.org/changeset/2170620/ithemes-sync |
Classification
| Type | AUTHBYPASS |
| OWASP Top 10 | A2: Broken Authentication and Session Management |
| CWE | CWE-287 |
Miscellaneous
| Original Researcher | iThemes |
| Submitter | Ryan Dewhurst |
| Submitter Website | https://dewhurstsecurity.com/ |
| Submitter Twitter | ethicalhack3r |
| Views | 2477 |
| Verified | No |
| WPVDB ID | 9901 |
Timeline
| Publicly Published | 2019-10-09 (12 days ago) |
| Added | 2019-10-10 (11 days ago) |
| Last Updated | 2019-10-10 (11 days ago) |
Our Other Services
| Online WordPress Vulnerability Scanner | WPScan WordPress Security Plugin |
