CVE-2018-12636

HIGH

iThemes Security <7.0.3 - SQL Injection

Title source: llm

Description

The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.

Exploits (2)

exploitdb WORKING POC

by Çlirim Emini · textwebappsphp

https://www.exploit-db.com/exploits/44943

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by nth347 · poc

https://github.com/nth347/CVE-2018-12636_exploit

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44943/

Third Party Advisory x_refsource_confirm

https://wordpress.org/plugins/better-wp-security/#developers

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E

Scores

CVSS v3 7.2

EPSS 0.4728

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

ithemes/security < 7.0.3

Published Jun 22, 2018

Tracked Since Feb 18, 2026