Advanced Iframe Security Vulnerabilities and Issues — Advanced Iframe CVE List

TinywebgalleryAdvanced Iframe

9 matches found

CVE•added 2024/02/29 4:31 a.m.•94 views

CVE-2024-1341

CVE-2024-1341 describes a Stored XSS in Advanced iFrame for WordPress (all versions up to 2024.1) via the advanced_iframe shortcode. The vulnerability arises because the plugin allows JS files from external sources through the additional_js attribute, enabling authenticated attackers with contrib...

5.4CVSS5.3AI score0.00291EPSS

CVE•added 2022/03/07 8:16 a.m.•79 views

CVE-2021-24953

Summary: CVE-2021-24953 affects the WordPress plugin “Advanced iFrame” (versions before 2022). The vulnerability stems from insufficient sanitisation/escaping of the ai_config_id parameter when it is echoed back on an admin page, enabling a Reflected Cross-Site Scripting (XSS) attack. The issue i...

6.1CVSS6AI score0.0021EPSS

Web

CVE•added 2025/03/26 9:21 a.m.•78 views

CVE-2025-1440

CVE-2025-1440 concerns the WordPress plugin Advanced iFrame. The Red Hat entry confirms the issue: in all versions up to 2024.5, the aip_map_url_callback() function has insufficient restrictions, enabling unauthorized creation of options. This allows unauthenticated attackers to update the advanc...

5.3CVSS7.1AI score0.00215EPSS

CVE•added 2025/03/26 9:21 a.m.•71 views

CVE-2025-1437

CVE-2025-1437 affects the WordPress plugin Advanced iFrame . The vulnerability is a Stored Cross-Site Scripting (XSS) via the plugin’s advanced_iframe shortcode in all versions up to 2025.2, caused by insufficient input sanitization and output escaping on user-supplied attributes. Impact: authent...

6.4CVSS7.4AI score0.00116EPSS

CVE•added 2025/03/26 9:21 a.m.•64 views

CVE-2025-1439

CVE-2025-1439 — The WordPress plugin Advanced iFrame is vulnerable to a Stored Cross-Site Scripting (XSS) condition through the host header and the plugin’s advanced_iframe/src attributes in versions up to and including 2024.5. Exploitation requires authentication at contributor level or higher, ...

6.4CVSS5.9AI score0.00099EPSS

CVE•added 2024/02/05 5:45 a.m.•54 views

CVE-2024-24870

The CVE-2024-24870 entry describes a Stored XSS in the WordPress Advanced iFrame plugin (≤ 2023.10) due to Improper Neutralization of Input During Web Page Generation. Affected component: Advanced iFrame plugin; root cause: insufficient input sanitization/escaping in the advanced_iframe context. ...

6.5CVSS5.6AI score0.0013EPSS

CVE•added 2024/02/01 3:31 a.m.•45 views

CVE-2023-7069

The CVE concerns the WordPress plugin Advanced iFrame (<= 2023.10). The vulnerability is a Stored Cross-Site Scripting (XSS) caused by improper input sanitization and output escaping in the plugin’s advanced_iframe shortcode, enabling authenticated contributors (or higher) to inject scripts on...

6.4CVSS5.2AI score0.0013EPSS

CVE•added 2023/11/13 7:31 a.m.•44 views

CVE-2023-4775

CVE-2023-4775 affects the WordPress plugin Advanced iFrame. The vulnerability is a stored XSS in the plugin’s shortcode [advanced_iframe], caused by insufficient input sanitization and output escaping of user-supplied attributes. It requires authenticated access (contributor level or higher) and ...

6.4CVSS6.6AI score0.00125EPSS

CVE•added 2024/02/01 10:55 a.m.•35 views

CVE-2023-51690

CVE-2023-51690 affects the WordPress WordPress Advanced iFrame plugin. The vulnerability is an Improper Neutralization of Input During Web Page Generation, i.e., a Stored Cross-Site Scripting (XSS) issue in the plugin’s input handling. Affected versions are

6.5CVSS5.6AI score0.0005EPSS