Delayed New-Password Requirement Vulnerability in iThemes Security Plugin for WordPress

CVE-2020-36176 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.

Learn more about our Wordpress Pen Testing.