ByteOS Network

iThemes

Source -

CNA

BOS Name -

SolidWP (iThemes)

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

3Vulnerabilities found

CVE-2025-49895

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-8.8||HIGH

EPSS-0.02% / 3.27%

7 Day CHG~0.00%

Published-16 Aug, 2025 | 02:34

Updated-18 Aug, 2025 | 20:16

WordPress ServerBuddy by PluginBuddy.com plugin <= 1.0.5 - CSRF to PHP Object Injection vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a through 1.0.5.

Vendor-SolidWP (iThemes)

Product-ServerBuddy by PluginBuddy.com

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2022-45825

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.15% / 36.57%

7 Day CHG~0.00%

Published-28 Mar, 2023 | 07:04

Updated-10 Jan, 2025 | 19:15

WordPress WPComplete Plugin <= 2.9.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in iThemes WPComplete plugin <= 2.9.2 versions.

Vendor-Liquid Web, LLC SolidWP (iThemes)

Product-wpcomplete WPComplete

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-31474

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.5||HIGH

EPSS-92.66% / 99.74%

7 Day CHG+0.28%

Published-13 Mar, 2023 | 13:21

Updated-08 Jan, 2025 | 22:08

WordPress BackupBuddy Plugin 8.5.8.0-8.7.4.1 is vulnerable to Directory Traversal

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1.

Vendor-SolidWP (iThemes)

Product-backupbuddy BackupBuddy

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')