Primary

Context

Ibtana WordPress Website Builder Missing Capability Check Vulnerability Allowing Unauthorized reCAPTCHA Bypass

Vulnerability

Patched

A vulnerability exists in the Ibtana - WordPress Website Builder plugin, affecting all versions up to and including 1.2.3.3. The issue arises from a missing capability check in the 'ibtana_visual_editor_register_ajax_json_endpont' function, which allows unauthenticated attackers to modify data. Specifically, attackers can update reCAPTCHA keys stored in WordPress options, potentially bypassing reCAPTCHA protections on the site.

Impact

Exploitation of this vulnerability allows for unauthorized modification of reCAPTCHA settings, enabling attackers to bypass reCAPTCHA protections on the affected WordPress site.

Remediation

Users are advised to update the Ibtana - WordPress Website Builder plugin to version 1.2.3.4 or a newer patched version.

Added: May 15, 2026, 9:44 AM

Updated: May 15, 2026, 9:44 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

9.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

9.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ibtana WordPress Website Builder Missing Capability Check Vulnerability Allowing Unauthorized reCAPTCHA Bypass

Vulnerability

Impact

Remediation

Affected Products

Ibtana

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating