CVE-2023-52125 WordPress iFrame Plugin <= 4.8 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly iframe allows Stored XSS.This issue affects iframe: from n/a through 4.8...

iFrame < 4.9 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape the srcdoc parameter, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, however given that the malicious JS is limited to the scope of the iframe, there is no practical way to make users su...

WordPress Advanced iFrame Plugin <= 2023.8 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2023.8 Fixed in 2023.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4775 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 533ab95811dc Credits István Márton Required...

iframe < 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'iframe' Shortcode

Description The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission...

CVE-2023-4919

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, ...

CVE-2023-4919 iframe <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'iframe' Shortcode

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, ...

CVE-2023-4919 iframe <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'iframe' Shortcode

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, ...

CVE-2023-4919

The provided sources confirm CVE-2023-4919: the WordPress iframe plugin is vulnerable to Stored XSS via the iframe shortcode in versions up to and including 4.6 due to insufficient input sanitization and output escaping. Attack requires contributor-level privileges or higher and affects pages ren...

WordPress Advanced iFrame plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress Advanced iFrame plugin versions prior to 2022 contain a cross-site scripting vulnerability that stems from the plugin's failure to...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress Advanced iFrame plugin versions prior to 2022 contain a cross-site scripting vulnerability that stems from the plugin's failure to...

Design/Logic Flaw

The iframe plugin before 4.5 for WordPress does not sanitize a URL...

CVE-2020-12696

CVE-2020-12696 affects the WordPress iframe plugin (versions before 4.5). The issue is that the plugin does not sanitize user-supplied URLs in the iframe, enabling a potential cross-site scripting (XSS) vector. Multiple sources cite this as an authenticated stored XSS vulnerability, with remediat...

WordPress iframe plugin <= 4.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Guilherme Rubert in WordPress iframe plugin versions = 4.4. Solution Update the WordPress iframe plugin to the latest available version at least 4.5...

Cross-site Scripting (XSS)

ckeditor-dev is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript via the src attribute in the iframe element. This can only occur when the Iframe plugin is used and advanced content filter is turned off in a browser...

Wordpress plugin iframe HTML injection vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. iframe plugin is a pop-up layer allowing external URLs to be loaded into the iframe page plugin . Wordpress...