CVE-2020-36176

Name of the Vulnerable Software and Affected Versions: iThemes Security plugin versions prior to 7.7.0

Description: The issue concerns the iThemes Security plugin, which does not enforce a new-password requirement for an existing account until the second login occurs. This affects existing accounts, potentially allowing unauthorized access.

Recommendations: For versions prior to 7.7.0, update to version 7.7.0 or later to resolve the issue. As a temporary workaround, consider manually enforcing new-password requirements for existing accounts until the update can be applied.