CVE-2023-6684 is a Stored Cross-Site Scripting (XSS) vulnerability identified in the Ibtana – WordPress Website Builder plugin developed by vowelweb. This plugin is used to build WordPress websites and is vulnerable in all versions up to and including 1.2.2. The vulnerability arises due to improper input sanitization and output escaping of user-supplied attributes 'width' and 'height' within the 'ive' shortcode functionality. Authenticated users with contributor-level permissions or higher can exploit this flaw by injecting arbitrary malicious JavaScript code into pages. When other users access these compromised pages, the injected scripts execute in their browsers, potentially leading to session hijacking, privilege escalation, or unauthorized actions performed on behalf of the victim. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), which is a common web application security issue. The CVSS v3.1 base score is 6.4, indicating a medium severity level, with an attack vector of network (remote exploitation), low attack complexity, and requiring privileges (contributor or above). No user interaction is needed for the exploit to succeed once the malicious content is injected. No public exploits are currently known in the wild, and no patches have been officially released as of the publication date (January 11, 2024).

For European organizations using WordPress websites built with the Ibtana plugin, this vulnerability poses a significant risk to website integrity and user trust. Exploitation could lead to unauthorized script execution affecting site visitors and administrators, potentially resulting in credential theft, defacement, or unauthorized actions performed under the victim’s identity. This can damage brand reputation, lead to data breaches involving personal or sensitive information, and cause compliance issues under regulations such as GDPR. The requirement for contributor-level access limits the attack surface to some extent, but insider threats or compromised contributor accounts could facilitate exploitation. Additionally, the scope of impact extends to any web applications relying on this plugin, including corporate websites, e-commerce platforms, and public-facing portals. The cross-site scripting vulnerability could also be leveraged as a stepping stone for more complex attacks, such as delivering malware or phishing campaigns targeting European users. Given the widespread use of WordPress in Europe and the popularity of website builder plugins, the threat is relevant to a broad range of sectors including government, finance, education, and retail.

European organizations should immediately audit their WordPress installations to identify the presence of the Ibtana – WordPress Website Builder plugin and verify the version in use. Until an official patch is released, organizations should consider the following specific mitigations: 1) Restrict contributor-level permissions strictly to trusted users and review user roles regularly to minimize the risk of insider exploitation. 2) Implement Web Application Firewall (WAF) rules that detect and block suspicious input patterns targeting the 'ive' shortcode attributes, particularly filtering out script tags or event handlers in 'width' and 'height' parameters. 3) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected websites. 4) Conduct thorough input validation and output encoding on custom implementations or overrides related to the plugin to prevent injection. 5) Monitor website logs and user activity for unusual behavior indicative of exploitation attempts. 6) Engage with the plugin vendor or community to track patch releases and apply updates promptly once available. 7) Consider temporarily disabling or removing the plugin if feasible, especially on high-risk or critical sites, until the vulnerability is resolved.