Ibtana < 188.8.131.52 - Subscriber+ Settings Update to Stored XSS
The plugin does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings which could lead to Stored Cross-Site Scripting issue.
Note: v184.108.40.206 added CSRF check, authorisation was added in 220.127.116.11
Proof of Concept
}).then(response => response.text())
.then(data => console.log(data));
The XSS will be triggered in all frontend pages in the Pro version