Lucene search
K

119 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:13 a.m.7 views

CVE-2024-32079

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2024.2...

6.5CVSS5.2AI score0.00339EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:40 a.m.8 views

CVE-2024-1341

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advancediframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additionaljs attribute. This makes it...

5.4CVSS5.8AI score0.00282EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.6 views

CVE-2024-24870

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10...

6.5CVSS5.6AI score0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:23 a.m.4 views

CVE-2023-7069

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6.1AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.7 views

CVE-2023-51690

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.8...

6.5CVSS5.6AI score0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:3 p.m.7 views

CVE-2021-24953

The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the aiconfigid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.2AI score0.00788EPSS
Exploits2References1
OSV
OSV
added 2025/03/26 10:15 a.m.4 views

CVE-2025-1439

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied attributes through the 'src' attribute when th...

5.4CVSS7.4AI score0.00193EPSS
Exploits0References2
NVD
NVD
added 2025/03/26 10:15 a.m.23 views

CVE-2025-1440

The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aipmapurlcallback function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the...

5.3CVSS0.00276EPSS
Exploits0References2
OSV
OSV
added 2025/03/26 10:15 a.m.5 views

CVE-2025-1440

The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aipmapurlcallback function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the...

5.3CVSS7.3AI score0.00276EPSS
Exploits0References2
OSV
OSV
added 2025/03/26 10:15 a.m.6 views

CVE-2025-1437

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS7.4AI score0.0024EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/26 9:21 a.m.30 views

CVE-2025-1440 Advanced iFrame <= 2024.5 - Unauthenticated Settings Update

The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aipmapurlcallback function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the...

5.3CVSS0.00276EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/26 9:21 a.m.9 views

CVE-2025-1440 Advanced iFrame <= 2024.5 - Unauthenticated Settings Update

The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aipmapurlcallback function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the...

5.3CVSS7.1AI score0.00276EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/26 9:21 a.m.8 views

CVE-2025-1439 Advanced iFrame <= 2024.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Host Header

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied attributes through the 'src' attribute when th...

6.4CVSS5.9AI score0.00193EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/26 9:21 a.m.7 views

CVE-2025-1437 Advanced iFrame <= 2025.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2025.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS7.5AI score0.0024EPSS
Exploits0References3
CVE
CVE
added 2025/03/26 9:21 a.m.75 views

CVE-2025-1437

CVE-2025-1437 affects the WordPress plugin Advanced iFrame . The vulnerability is a Stored Cross-Site Scripting (XSS) via the plugin’s advanced_iframe shortcode in all versions up to 2025.2, caused by insufficient input sanitization and output escaping on user-supplied attributes. Impact: authent...

6.4CVSS7.4AI score0.0024EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.4 views

WordPress plugin Advanced iFrame 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

5.3CVSS8.5AI score0.00276EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.3 views

WordPress plugin Advanced iFrame 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS7.9AI score0.00193EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/03/26 12:0 a.m.5 views

PT-2025-12871 · WordPress · Advanced Iframe

Name of the Vulnerable Software and Affected Versions: Advanced iFrame plugin for WordPress versions up to and including 2024.5 Description: The issue allows unauthorized excessive creation of options on the aip map url callback function due to insufficient restrictions. This enables...

5.3CVSS9.4AI score0.00276EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/03/26 12:0 a.m.10 views

PT-2025-12869 · WordPress · Advanced Iframe

Name of the Vulnerable Software and Affected Versions: Advanced iFrame plugin for WordPress versions up to and including 2024.5 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the advanced iframe shortcode. This allows...

6.4CVSS9AI score0.0024EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/03/26 12:0 a.m.10 views

PT-2025-12870 · WordPress · Advanced Iframe

Name of the Vulnerable Software and Affected Versions: Advanced iFrame plugin for WordPress versions up to, and including, 2024.5 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes through the src attribute in the advanced iframe...

6.4CVSS9.2AI score0.00193EPSS
Exploits0References9
Rows per page
Query Builder