• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Woocommerce/Update iThemes Security Free and Pro

Update iThemes Security Free and Pro

Written by

Dan Knauss

on

March 24, 2023

Last Updated on March 24, 2023

Update to iThemes Security Free 8.1.5+ and Pro 7.3.1+

We have patched a vulnerability in our Security Pro plugin, as well as the free version available at WordPress.org. The security releases that patch this vulnerability are available now. You should apply them immediately.

Ensure you have updated your WordPress sites to the current versions:

  • Security Pro version 7.3.1 or higher.
  • Security (Free) version 8.1.5 or higher.

Your trust as our community and customers is of utmost importance to us. That’s why we aim to be as honest and transparent as we can about every security issue. In our effort to be as open as possible, we are providing all of the details we currently know.

No Active Exploits, Risk is Low

This is a low-risk open redirect vulnerability in the Enforce SSL feature in Security Pro 7.3.0 and all earlier versions. The same vulnerability affects our free Security plugin’s 8.1.4 release and all earlier versions.

The vulnerability is not being exploited in the wild. To actually be used to do harm, other adverse conditions would also need to exist, like a compromised browser or improperly configured hosting environment. Specifically, in combination with a means of spoofing the Host HTTP header, an attacker exploiting the vulnerability could redirect visitors to an arbitrary URL due to improper sanitization of $_SERVER data. This defect is fixed in our 7.3.1+ and 8.1.5+ releases.

Practicing Open Source Values

Once in a while vulnerabilities come to light that are not in someone else’s products — they are in ours. Transparency works best when we all practice it as well as we want others to. That’s the open-source way.

Thanks to the Patchstack Alliance for reporting the vulnerability. Patchstack is the CVE Numbering Authority and security research network we’ve partnered with to provide our customers and the WordPress ecosystem with timely vulnerability alerts. Patchstack also helps discover, responsibly disclose, and secure potentially exploitable vulnerabilities before hackers find them.

Dan Knauss

Dan Knauss is StellarWP’s Technical Content Generalist. He’s been a writer, teacher, and freelancer working in open source since the late 1990s and with WordPress since 2004.

Source link

Written by:
Abdul Wahid
Published on:
March 25, 2023

Categories: Woocommerce

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (28)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Potential with WordPress: Tips, Tools, and Strategies

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: Tips, Tools, and Strategies

Unlock Your Internet Marketing Potential: Harnessing the Power of WordPress

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential: Harnessing the Power of WordPress

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter