VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 9 known issues Latest disclosed Mar 30, 2026

Ibtana – WordPress Website Builder Vulnerabilities

Review known vulnerability records for the WordPress plugin Ibtana – WordPress Website Builder (`ibtana-visual-editor`), including severity, CVE references, affected versions, and patch status.

View on WordPress.org Back to Feed
Known Records
9
High or Critical
0
Linked CVEs
9
Last Updated
Mar 30, 2026
Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Ibtana – WordPress Website Builder so operators can quickly confirm whether a disclosed issue maps to the installed slug and version range.

Patch Visibility
9 records include a published patch path.
Severity Mix
0 critical and 0 high severity findings.
Reference Workflow
Jump from the hub into the full report when you need remediation notes, CVSS vector details, or source references.
Known Vulnerabilities

Reports for Ibtana – WordPress Website Builder

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-1834
Ibtana - WordPress Website Builder <= 1.2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

Published
Mar 30, 2026
Patched Release
1.2.5.8
Affected Versions
Versions up to 1.2.5.7
Next Step
Update to 1.2.5.8 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-5092
Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library

Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library (

Published
Nov 19, 2025
Patched Release
1.2.5.2
Affected Versions
Versions up to 1.2.5.1
Next Step
Update to 1.2.5.2 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-59581
Ibtana <= 1.2.5.3 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in all versions up to, and including, 1.2.5.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

Published
Sep 22, 2025
Patched Release
1.2.5.4
Affected Versions
Versions up to 1.2.5.3
Next Step
Update to 1.2.5.4 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: No CVE-2025-26891
Ibtana <= 1.2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Ibtana plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...

Published
Feb 24, 2025
Patched Release
Not published
Affected Versions
Versions up to 1.2.4.9
Next Step
Open the full report for remediation notes and references.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-8282
Ibtana – WordPress Website Builder <= 1.2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:ive/ive-productscarousel' Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient input sanitization and out...

Published
Oct 01, 2024
Patched Release
1.2.4.5
Affected Versions
Versions up to 1.2.4.4
Next Step
Update to 1.2.4.5 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-5541
Ibtana - WordPress Website Builder <= 1.2.3.3 - Unauthenticated reCAPTCHA Settings Update

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. This makes it possible...

Published
Jun 17, 2024
Patched Release
1.2.3.4
Affected Versions
Versions up to 1.2.3.3
Next Step
Update to 1.2.3.4 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-6684
Ibtana – WordPress Website Builder <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ive' shortcode in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on 'width' and 'height' user supplied attribute. Thi...

Published
Dec 07, 2023
Patched Release
1.2.2.1
Affected Versions
Versions up to 1.2.2
Next Step
Update to 1.2.2.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-4674
Ibtana – WordPress Website Builder <= 1.1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [ive] shortcode in versions up to, and including, 1.1.8.7 due to insufficient input sanitization and output escaping on 'id' user supplied attribute. This mak...

Published
Dec 20, 2022
Patched Release
1.1.8.8
Affected Versions
Versions up to 1.1.8.7
Next Step
Update to 1.1.8.8 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-25014
Ibtana – WordPress Website Builder <= 1.1.4.7 - Missing Authorization to Stored Cross-Site Scripting

The Ibtana – WordPress Website Builder WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings which could lead to St...

Published
Jan 12, 2022
Patched Release
1.1.4.9
Affected Versions
Versions before 1.1.4.9
Next Step
Update to 1.1.4.9 or newer if supported.
Open Full Report Open CVE Reference