Ibtana < 220.127.116.11 - Subscriber+ Settings Update to Stored XSS
The plugin does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings which could lead to Stored Cross-Site Scripting issue.
Note: v18.104.22.168 added CSRF check, authorisation was added in 22.214.171.124
Proof of Concept
}).then(response => response.text())
.then(data => console.log(data));
The XSS will be triggered in all frontend pages in the Pro version