CVE-2024-10151 Auto iFrame < 2.0 - Contributor+ XSS via Shortcode

The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress plugin Auto iFrame 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1578 · WordPress · Auto Iframe

Name of the Vulnerable Software and Affected Versions: Auto iFrame WordPress plugin versions prior to 2.0 Description: The issue concerns the Auto iFrame WordPress plugin, where versions prior to 2.0 do not validate and escape some of its shortcode attributes before outputting them back in a page...

The vulnerability of the iframe plugin in the JetBrains YouTrack software environment allows a hacker to execute arbitrary JavaScript code and unauthorized API calls.

The vulnerability of the iframe plugin in the JetBrains YouTrack software environment relates to insufficient verification of the connection source. Exploiting this vulnerability allows an attacker to execute arbitrary JavaScript code and make unauthorized API requests...

PT-2024-7356 · Jetbrains · Jetbrains Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.47197 Description: The issue is related to insufficient validation of the communication channel source in the iframe plugin of JetBrains YouTrack. This can allow an attacker to execute arbitrary...

WordPress plugin Auto iFrame 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-4365

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addiframeurlasparamdirect’ parameter in versions up to, and including, 2024.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-4365 Advanced iFrame <= 2024.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addiframeurlasparamdirect’ parameter in versions up to, and including, 2024.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-6844

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to and including 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-6844 iframe <= 5.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to and including 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-6844

CVE-2023-6844 affects the iframe WordPress plugin (all versions up to 5.0) and is a Stored Cross-Site Scripting vulnerability via shortcode attributes. The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers with contributor-level permissions to...

WordPress plugin iframe 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

iframe < 5.1 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...

WordPress iframe plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Byeongjun Jo Patchstack Alliance in WordPress Plugin iFrame versions = 5.0...

WordPress Plugin Advanced iFrame 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress Advanced iFrame Plugin <= 2024.1 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2024.1 Fixed in 2024.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1341 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f4f416259347 Credits Fariq Fadillah Gusti...

WordPress Advanced iFrame Plugin <= 2023.10 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2023.10 Fixed in 2024.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24870 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5ac08cfdc818 Credits LVT-tholv2k Required privilege...

CVE-2023-7069

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Advanced iFrame Plugin <= 2023.10 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2023.10 Fixed in 2024.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7069 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a79bcd48a9fe Credits Webbernaut Required...

CVE-2023-52125 WordPress iFrame Plugin <= 4.8 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly iframe allows Stored XSS.This issue affects iframe: from n/a through 4.8...