Lucene search
China National Vulnerability DatabaseCNVD-2023-06869HistoryFeb 16, 2022 - 12:00 a.m.
WordPress Ibtana plugin cross-site scripting vulnerability
2022-02-1600:00:00
China National Vulnerability Database
www.cnvd.org.cn
5
0.001 Low
EPSS
Percentile
24.8%
WordPress is a set of blogging platforms developed using the PHP language by the WordPress (Wordpress) Foundation. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of WordPress Ibtana plugin prior to 1.1.4.9, which stems from a failure to authorize and CSRF check in the ive_save_general_settings AJAX operation, allowing any authenticated user (such as a subscriber) to invoke it and change the plugin’s settings. An attacker could exploit this vulnerability to cause a stored cross-site scripting attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress ibtana plugin <1. | eq | 1.4.9 |
Related
wpvulndb
wpvulndb
Ibtana < 1.1.4.9 - Subscriber+ Settings Update to Stored XSS
2022-01-12 00:00:00
wpexploit
wpexploit
Ibtana < 1.1.4.9 - Subscriber+ Settings Update to Stored XSS
2022-01-12 00:00:00
cve
cve
CVE-2021-25014
2022-02-14 12:15:14
patchstack
patchstack
prion
prion
Cross site scripting
2022-02-14 12:15:00
cvelist
cvelist
CVE-2021-25014 Ibtana < 1.1.4.9 - Subscriber+ Settings Update to Stored XSS
2022-02-14 09:20:42
nvd
nvd
CVE-2021-25014
2022-02-14 12:15:14