What the vulnerability does
01Description
Missing Authorization vulnerability in VW THEMES Ibtana ibtana-visual-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through <= 1.2.5.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
What the vulnerability does
Missing Authorization vulnerability in VW THEMES Ibtana ibtana-visual-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through <= 1.2.5.3.
Explanation of Vulnerability in Simple Terms
Ibtana versions up to 1.2.5.3 lack proper authorization checks, allowing authenticated users with low privileges to disrupt site availability. An attacker with a basic user account can trigger a denial-of-service condition without requiring any user interaction. The vulnerability does not expose sensitive data or allow unauthorized modifications.
What an attacker can do
Disrupt site availability by triggering a denial-of-service condition.
Potential impact on your site
Authenticated users can crash or slow the site, affecting all visitors until the issue is resolved.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources