119 matches found
CVE-2024-32079
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2024.2...
CVE-2024-1341
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advancediframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additionaljs attribute. This makes it...
CVE-2024-24870
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10...
CVE-2023-7069
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-51690
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.8...
CVE-2021-24953
The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the aiconfigid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...
CVE-2025-1439
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied attributes through the 'src' attribute when th...
CVE-2025-1440
The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aipmapurlcallback function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the...
CVE-2025-1440
The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aipmapurlcallback function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the...
CVE-2025-1437
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-1440 Advanced iFrame <= 2024.5 - Unauthenticated Settings Update
The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aipmapurlcallback function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the...
CVE-2025-1440 Advanced iFrame <= 2024.5 - Unauthenticated Settings Update
The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aipmapurlcallback function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the...
CVE-2025-1439 Advanced iFrame <= 2024.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Host Header
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied attributes through the 'src' attribute when th...
CVE-2025-1437 Advanced iFrame <= 2025.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2025.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-1437
CVE-2025-1437 affects the WordPress plugin Advanced iFrame . The vulnerability is a Stored Cross-Site Scripting (XSS) via the plugin’s advanced_iframe shortcode in all versions up to 2025.2, caused by insufficient input sanitization and output escaping on user-supplied attributes. Impact: authent...
WordPress plugin Advanced iFrame 输入验证错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...
WordPress plugin Advanced iFrame 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-12871 · WordPress · Advanced Iframe
Name of the Vulnerable Software and Affected Versions: Advanced iFrame plugin for WordPress versions up to and including 2024.5 Description: The issue allows unauthorized excessive creation of options on the aip map url callback function due to insufficient restrictions. This enables...
PT-2025-12869 · WordPress · Advanced Iframe
Name of the Vulnerable Software and Affected Versions: Advanced iFrame plugin for WordPress versions up to and including 2024.5 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the advanced iframe shortcode. This allows...
PT-2025-12870 · WordPress · Advanced Iframe
Name of the Vulnerable Software and Affected Versions: Advanced iFrame plugin for WordPress versions up to, and including, 2024.5 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes through the src attribute in the advanced iframe...