vulnerability

WordPress Plugin: better-wp-security: CVE-2020-36176: Incorrect User Management

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Jan 6, 2021	May 15, 2025	Jun 24, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Jan 6, 2021

Added

May 15, 2025

Modified

Jun 24, 2025

Description

The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.

Solution

better-wp-security-plugin-cve-2020-36176

References

URL-https://www.cve.org/CVERecord?id=CVE-2020-36176
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/5749a496-930a-4e31-968e-0c2a72e03555?source=api-prod
CVE-2020-36176
https://attackerkb.com/topics/CVE-2020-36176
CWE-287

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today