---
title: "Important iThemes Security Update Alert"
description: "A security release for ithemes Security was released last night (April 13) that immediately affects versions 4.6.13 and 1.14.18 (Pro). What was patched? iThemes fixed a stored XSS (Cross Site..."
url: https://www.inmotionhosting.com/support/edu/wordpress/ithemes-security-alert-xss-issue/
date: 2015-04-14
modified: 2015-04-14
author: "InMotion Hosting Contributor"
categories: ["Security", "WordPress Tutorials"]
type: post
lang: en
---

# Important iThemes Security Update Alert

A security release for ithemes Security was released last night (April 13) that immediately affects versions 4.6.13 and 1.14.18 (Pro).

## What was patched?

**iThemes** fixed a stored XSS (Cross Site Scripting) issue that could have allowed dangerous Javascript to run when viewing 404 logs. When the 404 detection feature is enabled, the list of non-existent pages are stored in a database. The flaw allowed attackers to potentially add and save Javascript code to these page requests. This was a severe security issue, so the issue was immediately addressed. *This update prevents the security flaw that would allow those scripts to run when viewing the Security > Logs page*.

This security issue affects all versions of **iThemes Security Pro** and all versions of **iThemes Security**, including back to version 3.0.0 of Better WP Security.

There are 3 ways to update:

- the **[Sync Dashboard](https://sync.ithemes.com/)**
- the WordPress dashboard for **licensed Pro sites**
- latest version from **[iThemes Member Panel](https://ithemes.com/member/panel)**

### Forced Automatic Updates for iThemes Security

The issue of patching this flaw was of utmost importance, so the WordPress.org team put out a forced automatic update for iThemes Security. *Note: If you are running an older version of iThemes Security, you are strongly recommended to update to the latest version (4.6.13).*

| Previous version | Auto-updated to |
| --- | --- |
| 4.6.* | 4.6.13 |
| 4.5.* | 4.5.11 |
| 4.4.* | 4.4.24 |
| 4.3.* | 4.3.12 |
| 4.2.* | 4.2.16 |
| 4.1.* | 4.1.6 |
| 4.0.* | 4.0.28 |
| 3.6.* | 3.6.7 |
| 3.5.* | 3.5.7 |
| 3.4.* | 3.4.11 |
| 3.3.* | 3.3.1 |
| 3.2.* | 3.2.8 |

**Denotes a higher version. For example, 4.6.1*

If your site did not auto-update, then update it as soon as possible!

([original Alert from iThemes](https://ithemes.com/2015/04/14/security-release-for-ithemes-security-update-to-v4-6-13-or-v1-14-18-pro-immediately/))
