Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Vowelweb Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-4674 1 Vowelweb 1 Ibtana 2023-02-14 N/A 5.4 MEDIUM
The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack
CVE-2021-25014 1 Vowelweb 1 Ibtana 2022-02-22 3.5 LOW 3.5 LOW
The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings which could lead to Stored Cross-Site Scripting issue.