3 matches found
CVE-2025-1440
The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aipmapurlcallback function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the...
CVE-2025-1440 Advanced iFrame <= 2024.5 - Unauthenticated Settings Update
The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aipmapurlcallback function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the...
CVE-2025-1440
CVE-2025-1440 concerns the WordPress plugin Advanced iFrame. The Red Hat entry confirms the issue: in all versions up to 2024.5, the aip_map_url_callback() function has insufficient restrictions, enabling unauthorized creation of options. This allows unauthenticated attackers to update the advanc...