CVE-2020-12696

The iframe plugin before 4.5 for WordPress does not sanitize a URL...

CVE-2023-4775

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advancediframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-1439

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied attributes through the 'src' attribute when th...

WordPress iframe plugin cross-site scripting vulnerability

The WordPress iframe plugin is a tool for embedding iFrame content in WordPress websites, allowing users to embed external web pages, videos, forms, etc. into their pages. WordPress iframe plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

CVE-2025-12645

The Inline frame – Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-12645

The Inline frame – Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-12645

The CVE-2025-12645 entry concerns the WordPress Inline frame – Iframe plugin (versions

PT-2025-48002

The Inline frame – Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Inline frame – Iframe plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Inline frame – Iframe versions = 0.1...

EUVD-2023-59048

Malicious code in bioql PyPI...

PT-2025-30963 · WordPress · Advanced Iframe

Name of the Vulnerable Software and Affected Versions: Advanced iFrame plugin for WordPress versions prior to 2025.5 Description: The Advanced iFrame plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin's advanced iframe shortcode. Insufficient input sanitization...

CVE-2024-1341

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advancediframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additionaljs attribute. This makes it...

CVE-2024-10151

The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2025-1437

CVE-2025-1437 affects the WordPress plugin Advanced iFrame . The vulnerability is a Stored Cross-Site Scripting (XSS) via the plugin’s advanced_iframe shortcode in all versions up to 2025.2, caused by insufficient input sanitization and output escaping on user-supplied attributes. Impact: authent...

WordPress Advanced iFrame plugin <= 2024.5 - Unauthenticated Settings Update vulnerability

Unauthenticated Settings Update vulnerability discovered by Peter Thaleikis in WordPress Plugin Advanced iFrame versions = 2024.5...

WordPress Advanced iFrame plugin <= 2024.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Luciano Hanna in WordPress Plugin Advanced iFrame versions = 2024.5...

PT-2025-1946 · WordPress · Responsive Iframe Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Responsive iframe WordPress plugin versions 1.2.0 and earlier Description: The issue concerns the failure to validate and escape certain block options before they are outputted back in a page or post where the block is embedded. This coul...

WordPress Auto iFrame plugin < 2.0 - Contributor+ XSS via Shortcode vulnerability

Contributor+ XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Auto iFrame versions 2.0...

CVE-2024-10151

The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-10151 Auto iFrame < 2.0 - Contributor+ XSS via Shortcode

The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...