Important iThemes Security Update Alert Updated on April 14, 2015 by InMotion Hosting Contributor 1 Minutes, 7 Seconds to Read A security release for ithemes Security was released last night (April 13) that immediately affects versions 4.6.13 and 1.14.18 (Pro). What was patched? iThemes fixed a stored XSS (Cross Site Scripting) issue that could have allowed dangerous Javascript to run when viewing 404 logs. When the 404 detection feature is enabled, the list of non-existent pages are stored in a database. The flaw allowed attackers to potentially add and save Javascript code to these page requests. This was a severe security issue, so the issue was immediately addressed. This update prevents the security flaw that would allow those scripts to run when viewing the Security > Logs page. This security issue affects all versions of iThemes Security Pro and all versions of iThemes Security, including back to version 3.0.0 of Better WP Security. There are 3 ways to update: the Sync Dashboard the WordPress dashboard for licensed Pro sites latest version from iThemes Member Panel Forced Automatic Updates for iThemes Security The issue of patching this flaw was of utmost importance, so the WordPress.org team put out a forced automatic update for iThemes Security. Note: If you are running an older version of iThemes Security, you are strongly recommended to update to the latest version (4.6.13). Previous version Auto-updated to 4.6.* 4.6.13 4.5.* 4.5.11 4.4.* 4.4.24 4.3.* 4.3.12 4.2.* 4.2.16 4.1.* 4.1.6 4.0.* 4.0.28 3.6.* 3.6.7 3.5.* 3.5.7 3.4.* 3.4.11 3.3.* 3.3.1 3.2.* 3.2.8 *Denotes a higher version. For example, 4.6.1 If your site did not auto-update, then update it as soon as possible! (original Alert from iThemes) Share this Article InMotion Hosting Contributor Content Writer InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals! More Articles by InMotion Hosting Related Articles WP Cerber Security Antispam and Bot Detection Settings WP Cerber Security Tools Search for PunyCode Look-alikes With Hold Integrity IDN Checker How to Secure WordPress using Security Keys and Salts Resetting the cPanel Password in WHM How to Change your root Password in WHM How To Open a Port in UFW How to Stop and Disable Firewalld Content Security Policy (CSP) Headers – Complete Reference Guide Why You Need To Keep Your Website’s PHP Version Up-to-Date
