CVE-2021-25014
CVE-2021-25014 affects the WordPress Ibtana plugin up to version 1.1.4.9. The root cause is missing authorization and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated user (e.g., a subscriber) to modify plugin settings and trigger a Stored XSS. Remediation: upd...