CVE-2024-5541

Name of the Vulnerable Software and Affected Versions Ibtana – WordPress Website Builder plugin versions up to, and including, 1.2.3.3

Description The issue allows unauthorized modification of data due to a missing capability check on the ibtana visual editor register ajax json endpont function. This enables unauthenticated attackers to update option values for reCAPTCHA keys on the WordPress site, potentially bypassing reCAPTCHA on the site.

Recommendations For versions up to, and including, 1.2.3.3, as a temporary workaround, consider disabling the ibtana visual editor register ajax json endpont function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.