Rewterz Threat Advisory – CVE-2021-21111 – Google Chrome WebUI security bypass
January 8, 2021Rewterz Threat Advisory – ICS: Delta Electronics CNCSoft-B
January 8, 2021Rewterz Threat Advisory – CVE-2021-21111 – Google Chrome WebUI security bypass
January 8, 2021Rewterz Threat Advisory – ICS: Delta Electronics CNCSoft-B
January 8, 2021Severity
Medium
Analysis Summary
CVE-2020-36176
IThemes Security plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by the failure to enforce a new-password requirement for an existing account until the second login occurs. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
Impact
Security bypass
Affected Vendors
WordPress
Affected Products
- WordPress iThemes Security plugin for WordPress 6.9.0
- WordPress IThemes Security plugin for WordPress 7.4.0
Remediation
Upgrade to the latest version of IThemes Security plugin for WordPress (7.9.0 or later).