Vulnerabilities > Vowelweb > Low

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-14	CVE-2021-25014	Unspecified vulnerability in Vowelweb Ibtana The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings which could lead to Stored Cross-Site Scripting issue. network low complexity vowelweb	3.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.