Important iThemes Security Update Alert

A security release for ithemes Security was released last night (April 13) that immediately affects versions 4.6.13 and 1.14.18 (Pro).

What was patched?

iThemes fixed a stored XSS (Cross Site Scripting) issue that could have allowed dangerous Javascript to run when viewing 404 logs. When the 404 detection feature is enabled, the list of non-existent pages are stored in a database. The flaw allowed attackers to potentially add and save Javascript code to these page requests. This was a severe security issue, so the issue was immediately addressed. This update prevents the security flaw that would allow those scripts to run when viewing the Security > Logs page.

This security issue affects all versions of iThemes Security Pro and all versions of iThemes Security, including back to version 3.0.0 of Better WP Security.

There are 3 ways to update:

Forced Automatic Updates for iThemes Security

The issue of patching this flaw was of utmost importance, so the WordPress.org team put out a forced automatic update for iThemes Security. Note: If you are running an older version of iThemes Security, you are strongly recommended to update to the latest version (4.6.13).

Previous versionAuto-updated to
4.6.*4.6.13
4.5.*4.5.11
4.4.*4.4.24
4.3.*4.3.12
4.2.*4.2.16
4.1.*4.1.6
4.0.*4.0.28
3.6.*3.6.7
3.5.*3.5.7
3.4.*3.4.11
3.3.*3.3.1
3.2.*3.2.8

*Denotes a higher version. For example, 4.6.1

If your site did not auto-update, then update it as soon as possible!

(original Alert from iThemes)

AC
Arnel Custodio Content Writer I

As a writer for InMotion Hosting, Arnel has always aimed to share helpful information and provide knowledge that will help solve problems and aid in achieving goals. He's also been active with WordPress local community groups and events since 2004.

More Articles by Arnel

Was this article helpful? Join the conversation!