Lucene search
WPScanCVELIST:CVE-2021-25014HistoryFeb 14, 2022 - 9:20 a.m.
CVE-2021-25014 Ibtana < 1.1.4.9 - Subscriber+ Settings Update to Stored XSS
2022-02-1409:20:42
CWE-862
WPScan
www.cve.org
The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin’s settings which could lead to Stored Cross-Site Scripting issue.
CNA Affected
[
{
"product": "Ibtana – WordPress Website Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.1.4.9",
"status": "affected",
"version": "1.1.4.9",
"versionType": "custom"
}
]
}
]Related
wpvulndb
wpvulndb
Ibtana < 1.1.4.9 - Subscriber+ Settings Update to Stored XSS
2022-01-12 00:00:00
wpexploit
wpexploit
Ibtana < 1.1.4.9 - Subscriber+ Settings Update to Stored XSS
2022-01-12 00:00:00
cve
cve
CVE-2021-25014
2022-02-14 12:15:14
patchstack
patchstack
prion
prion
Cross site scripting
2022-02-14 12:15:00
nvd
nvd
CVE-2021-25014
2022-02-14 12:15:14
cnvd
cnvd
WordPress Ibtana plugin cross-site scripting vulnerability
2022-02-16 00:00:00