iThemes Sync <= 2.0.17 - Insufficient Secure Key Validation



Description
iThemes Sync allows users to manage multiple websites from a single dashboard. This vulnerability, affecting secret key validation, could lead to full compromise of a WordPress site.

Affects Plugin

fixed in version 2.0.18

References

URL https://ithemes.com/important-ithemes-sync-vulnerability-patched/
URL https://plugins.trac.wordpress.org/changeset/2170620/ithemes-sync

Classification

Type AUTHBYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-287

Miscellaneous

Original Researcher iThemes
Submitter Ryan Dewhurst
Submitter Website https://dewhurstsecurity.com/
Submitter Twitter ethicalhack3r
Views 2477
Verified No
WPVDB ID 9901

Timeline

Publicly Published 2019-10-09 (12 days ago)
Added 2019-10-10 (11 days ago)
Last Updated 2019-10-10 (11 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin