Important iThemes Security Update Alert

A security release for ithemes Security was released last night (April 13) that immediately affects versions 4.6.13 and 1.14.18 (Pro).

What was patched?

iThemes fixed a stored XSS (Cross Site Scripting) issue that could have allowed dangerous Javascript to run when viewing 404 logs. When the 404 detection feature is enabled, the list of non-existent pages are stored in a database. The flaw allowed attackers to potentially add and save Javascript code to these page requests. This was a severe security issue, so the issue was immediately addressed. This update prevents the security flaw that would allow those scripts to run when viewing the Security > Logs page.

This security issue affects all versions of iThemes Security Pro and all versions of iThemes Security, including back to version 3.0.0 of Better WP Security.

There are 3 ways to update:

Forced Automatic Updates for iThemes Security

The issue of patching this flaw was of utmost importance, so the WordPress.org team put out a forced automatic update for iThemes Security. Note: If you are running an older version of iThemes Security, you are strongly recommended to update to the latest version (4.6.13).

Previous versionAuto-updated to
4.6.*4.6.13
4.5.*4.5.11
4.4.*4.4.24
4.3.*4.3.12
4.2.*4.2.16
4.1.*4.1.6
4.0.*4.0.28
3.6.*3.6.7
3.5.*3.5.7
3.4.*3.4.11
3.3.*3.3.1
3.2.*3.2.8

*Denotes a higher version. For example, 4.6.1

If your site did not auto-update, then update it as soon as possible!

(original Alert from iThemes)

AC
Arnel Custodio Content Writer I

More Articles by Arnel

Was this article helpful? Join the conversation!