cleantalk
Vulnerabilities and Security Researches

Ibtana – WordPress Website Builder, CVE-2024-5541

CVE, Research URL

CVE-2024-5541

Home page URL

Security reports for Ibtana – WordPress Website Builder

Application

Ibtana – WordPress Website Builder

Published on
Jun 18, 2024
Research Description
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for unauthenticated attackers to update option values for reCAPTCHA keys on the WordPress site. This can be leveraged to bypass reCAPTCHA on the site.
Affected versions
max 1.2.3.4.
Status
vulnerable
Previous vulnerability researches
Ibtana – WordPress Website Builder (CVE-2024-37123) , Jun 24, 2024
Ibtana – WordPress Website Builder (CVE-2025-26891) , Feb 27, 2025
Ibtana – WordPress Website Builder (CVE-2022-4674) , Jun 06, 2024
Ibtana – WordPress Website Builder (CVE-2023-6684) , Jun 06, 2024
Ibtana – WordPress Website Builder (CVE-2021-25014) , Jun 06, 2024
New vulnerability
Emailchef (CVE-2026-1930) , Apr 24, 2026
All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier (CVE-2025-6833) , Apr 24, 2026
WP Responsive Popup + Optin (CVE-2026-4131) , Apr 24, 2026
Portfolio Gallery, Product Catalog – Grid KIT Portfolio (CVE-2025-5092) , Apr 24, 2026
Media Library Assistant (CVE-2025-59590) , Apr 24, 2026