Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Advanced Iframe Security Vulnerabilities

cve
cve

CVE-2021-24953

The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the ai_config_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue

6.1CVSS

6AI Score

0.001EPSS

2022-03-07 09:15 AM
57
cve
cve

CVE-2023-4775

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advanced_iframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacke...

6.4CVSS

5.3AI Score

0.001EPSS

2023-11-13 08:15 AM
18
cve
cve

CVE-2023-51690

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.8.

6.5CVSS

5.5AI Score

0.0004EPSS

2024-02-01 11:15 AM
10
cve
cve

CVE-2023-7069

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authent...

6.4CVSS

5.2AI Score

0.0004EPSS

2024-02-01 04:15 AM
16
cve
cve

CVE-2024-24870

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10.

6.5CVSS

5.4AI Score

0.0004EPSS

2024-02-05 06:15 AM
11