WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
[resolved] [Plugin: Better WP Security] Security vulnerability? (2 posts)

  1. Mavrouka
    Member
    Posted 1 year ago #

    Does Better WP Security 3.4.3 have a security vulnerability? See links below:

    http://www.securityfocus.com/bid/55451/
    http://packetstormsecurity.org/files/116317/Better-WP-Security-3.4.3-Cross-Site-Scripting.html

    I have installed your plugin on two sites and have found it to be great, so this is very worrying. I'd be grateful for your comments.

    http://wordpress.org/extend/plugins/better-wp-security/

  2. There could have been an issue that, if you were logged in as an admin and could access the settings, you could have set the email or IP addresses in the option to a malicious script. In the wild, for an attacker to make use of this they would have had to already compromised your site. That said, it has been fixed in 3.4.4.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic