3 matches found
CVE-2024-1341
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advancediframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additionaljs attribute. This makes it...
CVE-2024-1341
CVE-2024-1341 describes a Stored XSS in Advanced iFrame for WordPress (all versions up to 2024.1) via the advanced_iframe shortcode. The vulnerability arises because the plugin allows JS files from external sources through the additional_js attribute, enabling authenticated attackers with contrib...
WordPress Advanced iFrame Plugin <= 2024.1 is vulnerable to Cross Site Scripting (XSS)
Software Advanced iFrame Type Plugin Vulnerable versions = 2024.1 Fixed in 2024.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1341 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f4f416259347 Credits Fariq Fadillah Gusti...