CVE-2021-25014

Name of the Vulnerable Software and Affected Versions Ibtana WordPress plugin versions prior to 1.1.4.9

Description The issue concerns a lack of authorization and CSRF checks in the ive save general settings AJAX action. This allows any authenticated user, such as a subscriber, to call the action and change the plugin's settings, potentially leading to a Stored Cross-Site Scripting issue.

Recommendations For versions prior to 1.1.4.9, update to version 1.1.4.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the ive save general settings AJAX action to prevent unauthorized changes to the plugin's settings.