Vulnerability Description
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
CVSS Score
7.2
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ithemes | Security | < 7.0.3 |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995
- https://wordpress.org/plugins/better-wp-security/#developersThird Party Advisory
- https://www.exploit-db.com/exploits/44943/ExploitThird Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995
- https://wordpress.org/plugins/better-wp-security/#developersThird Party Advisory
- https://www.exploit-db.com/exploits/44943/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2018-12636?
CVE-2018-12636 is a vulnerability with a CVSS score of 7.2 (HIGH). The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
How severe is CVE-2018-12636?
CVE-2018-12636 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-12636?
Check the references section above for vendor advisories and patch information. Affected products include: Ithemes Security.