iThemes Sync <= 2.0.17 - Insufficient Secure Key Validation
Description | iThemes Sync allows users to manage multiple websites from a single dashboard. This vulnerability, affecting secret key validation, could lead to full compromise of a WordPress site. |
Affects Plugin
|
References
URL | https://ithemes.com/important-ithemes-sync-vulnerability-patched/ |
URL | https://plugins.trac.wordpress.org/changeset/2170620/ithemes-sync |
Classification
Type | AUTHBYPASS |
OWASP Top 10 | A2: Broken Authentication and Session Management |
CWE | CWE-287 |
Miscellaneous
Original Researcher | iThemes |
Submitter | Ryan Dewhurst |
Submitter Website | https://dewhurstsecurity.com/ |
Submitter Twitter | ethicalhack3r |
Views | 4041 |
Verified | No |
WPVDB ID | 9901 |
Timeline
Publicly Published | 2019-10-09 (2 months ago) |
Added | 2019-10-10 (2 months ago) |
Last Updated | 2019-11-28 (14 days ago) |
Our Other Services
Online WordPress Vulnerability Scanner | WPScan WordPress Security Plugin |