A security release for ithemes Security was released that immediately affects versions 4.6.13 and 1.14.18 (Pro).

What did iThemes fix?

iThemes patched a stored cross site scripting(XSS) issue that could have allowed dangerous Javascript to run when viewing 404 logs. The 404 detection feature is a feature of iThemes that creates a list of the non-existent pages (the 404 pages) and stores the results in a database. The flaw allowed attackers to potentially add Javascript code to these page requests. This was a severe security issue, so the issue was immediately addressed. This fix prevents the security flaw that would allow those scripts to run when viewing the Security Logs page.

The security issue affects all versions of iThemes Security Pro and all versions of iThemes Security, including back to version 3.0.0 of Better WP Security.

If you are using iThemes, you can update in 3 ways:

Forced Automatic Updates for iThemes Security

Due to the severity of the flaw, the WordPress.org team put out a forced automatic update for iThemes Security. Note: If you are running an older version of iThemes Security, you are strongly recommended to update to the latest version (4.6.13).

Previous version Auto-updated to
4.6.* 4.6.13
4.5.* 4.5.11
4.4.* 4.4.24
4.3.* 4.3.12
4.2.* 4.2.16
4.1.* 4.1.6
4.0.* 4.0.28
3.6.* 3.6.7
3.5.* 3.5.7
3.4.* 3.4.11
3.3.* 3.3.1
3.2.* 3.2.8
*Denotes a higher version. For example, 4.6.1

If your site did not auto-update, then update it as soon as possible!



(original Alert from iThemes)

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Did you find this article helpful?

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!

Help Center Search

Current Customers

Email: support@WebHostingHub.com Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.