WordPress is a set of blogging platforms developed using the PHP language by the WordPress (Wordpress) Foundation. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of WordPress Ibtana plugin prior to 1.1.4.9, which stems from a failure to authorize and CSRF check in the ive_save_general_settings AJAX operation, allowing any authenticated user (such as a subscriber) to invoke it and change the plugin’s settings. An attacker could exploit this vulnerability to cause a stored cross-site scripting attack.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress ibtana plugin <1. | eq | 1.4.9 |