WordPress Ibtana plugin <= 1.1.4.8 - Plugin Settings Update vulnerability leading to Stored Cross-Site Scripting (XSS)

ibtana-visual-editor

Software
Ibtana
Vulnerable Versions
<= 1.1.4.8
Fixed in version
1.1.4.9
Classification
Other Vulnerability Type
OWASP Top 10
A5: Broken Access Control
Disclosure Date
2022-01-12
CVSS 3.0 score

5.4

Medium

Requires subscriber or higher role user authentication.

Are your websites subject to this vulnerability?

Details

Plugin Settings Update vulnerability leading to Stored Cross-Site Scripting (XSS) discovered by Krzysztof Zając in WordPress Ibtana plugin (versions <= 1.1.4.8).

Solution

Update the WordPress Ibtana plugin to the latest available version (at least 1.1.4.9).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.