cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8282,https://securityvulnerability.io/vulnerability/CVE-2024-8282,Cross-Site Scripting Vulnerability in WordPress Website Builder Plugin,"The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:ive/ive-productscarousel' Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Ibtana – WordPress Website Builder,5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-10-02T09:31:59.026Z,0
CVE-2024-5541,https://securityvulnerability.io/vulnerability/CVE-2024-5541,Unauthorized Modification of Data Vulnerability in Ibtana WordPress Website Builder Plugin,"The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for unauthenticated attackers to update option values for reCAPTCHA keys on the WordPress site. This can be leveraged to bypass reCAPTCHA on the site.",Wordpress,Ibtana – WordPress Website Builder,5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-18T02:37:13.166Z,0
CVE-2023-6684,https://securityvulnerability.io/vulnerability/CVE-2023-6684,Stored Cross-Site Scripting Vulnerability in Ibtana WordPress Website Builder Plugin,"The Ibtana plugin for WordPress is susceptible to Stored Cross-Site Scripting (XSS), enabling authenticated attackers with contributor-level access and above to inject malicious scripts through the 'ive' shortcode. This vulnerability arises from inadequate input sanitization and output escaping of the 'width' and 'height' attributes, allowing harmful scripts to execute on pages viewed by other users. This can lead to unauthorized actions and data exposure, compelling website administrators to apply patches to safeguard their sites and users.",Wordpress,Ibtana – WordPress Website Builder,5.4,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2024-01-11T08:32:28.173Z,0
CVE-2021-25014,https://securityvulnerability.io/vulnerability/CVE-2021-25014,Ibtana < 1.1.4.9 - Subscriber+ Settings Update to Stored XSS,"The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings which could lead to Stored Cross-Site Scripting issue.",Wordpress,Ibtana – WordPress Website Builder,3.5,LOW,0.000539999979082495,false,,false,false,false,,false,false,2022-02-14T09:20:42.000Z,0