CVE-2021-25014

CVE-2021-25014: Ibtana < 1.1.4.9 - Subscriber+ Settings Update to Stored XSS

Vendor Unknown
Product Ibtana – WordPress Website Builder
Weakness CWE-862 · Missing authorization
Published February 14, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings which could lead to Stored Cross-Site Scripting issue.

Key dates

02Disclosure timeline

February 14, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE