Lucene search
K

119 matches found

NVD
NVD
added last week10 views

CVE-2026-6742

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in all versions up to, and including, 2026.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS0.00156EPSS
Exploits0References2
EUVD
EUVD
added last week6 views

EUVD-2026-42219

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in all versions up to, and including, 2026.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS6.1AI score0.00156EPSS
Exploits0References2
CVE
CVE
added last week12 views

CVE-2026-6742

The data shows CVE-2026-6742 affects the WordPress Advanced iFrame plugin: all versions up to 2026.1 are vulnerable to Stored Cross-Site Scripting via the Gutenberg Block 'additional' attribute due to insufficient input sanitization and output escaping. This allows authenticated users with contri...

6.4CVSS6.1AI score0.00156EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/20 1:27 p.m.6 views

CVE-2026-25453

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through = 2025.10...

6.5CVSS5.5AI score0.00161EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 1:26 p.m.4 views

CVE-2026-25412

Missing Authorization vulnerability in mdempfle Advanced iFrame advanced-iframe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced iFrame: from n/a through = 2025.10...

5.5AI score0.00028EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 9:16 a.m.6 views

CVE-2026-25453

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through = 2025.10...

6.5CVSS0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 9:16 a.m.4 views

CVE-2026-25412

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

0.00028EPSS
Exploits0
CVE
CVE
added 2026/02/19 8:27 a.m.20 views

CVE-2026-25453

CVE-2026-25453 : DOM-based XSS in WordPress plugin Advanced iFrame (advanced-iframe) due to improper input neutralization during web page generation. Affected: Advanced iFrame versions up to 2025.10. The CVSS v3.1 base score is 6.5 (Medium). Exploitation details are not provided in the documents;...

6.5CVSS5.4AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 8:27 a.m.30 views

CVE-2026-25453 WordPress Advanced iFrame plugin <= 2025.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through = 2025.10...

6.5CVSS0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 8:27 a.m.3 views

CVE-2026-25453 WordPress Advanced iFrame plugin <= 2025.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through = 2025.10...

6.5CVSS5.5AI score0.00161EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:27 a.m.4 views

CVE-2026-25453

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through = 2025.10...

5.5AI score0.00161EPSS
Exploits0References2
CVE
CVE
added 2026/02/19 8:27 a.m.10 views

CVE-2026-25412

The CVE-2026-25412 entry concerns the WordPress Advanced iFrame plugin (

5.4AI score0.00028EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/02/19 8:27 a.m.2 views

CVE-2026-25412

...

5.2AI score0.00028EPSS
Exploits0
Cvelist
Cvelist
added 2026/02/19 8:27 a.m.28 views

CVE-2026-25412

...

0.00028EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:27 a.m.2 views

CVE-2026-25412

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.1AI score0.00028EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

WordPress plugin Advanced iFrame 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.11 views

PT-2026-20749

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through = 2025.10...

5.5AI score0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.5 views

PT-2026-20737

Missing Authorization vulnerability in mdempfle Advanced iFrame advanced-iframe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced iFrame: from n/a through = 2025.10...

5.5AI score0.00028EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/28 12:41 p.m.4 views

WordPress Advanced iFrame plugin <= 2025.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Advanced iFrame versions = 2025.10...

5.3CVSS5.4AI score0.00028EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/19 8:6 a.m.7 views

WordPress Advanced iFrame plugin <= 2025.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin Advanced iFrame versions = 2025.10...

6.5CVSS5.4AI score0.00161EPSS
Exploits0Affected Software1
Rows per page
Query Builder