Tinywebgallery

Advanced Iframe

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-1440

  • EPSS 0.35%
  • Veröffentlicht 26.03.2025 09:21:51
  • Zuletzt bearbeitet 14.07.2025 16:40:37

The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aip_map_url_callback() function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unau...

5.4

CVE-2025-1437

  • EPSS 0.07%
  • Veröffentlicht 26.03.2025 09:21:41
  • Zuletzt bearbeitet 14.07.2025 16:39:32

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplie...

5.4

CVE-2025-1439

  • EPSS 0.07%
  • Veröffentlicht 26.03.2025 09:21:41
  • Zuletzt bearbeitet 14.07.2025 16:38:27

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplie...

5.4

CVE-2024-1341

  • EPSS 0.22%
  • Veröffentlicht 29.02.2024 05:15:09
  • Zuletzt bearbeitet 26.02.2025 15:14:42

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advanced_iframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources t...

5.4

CVE-2024-24870

  • EPSS 0.13%
  • Veröffentlicht 05.02.2024 06:15:47
  • Zuletzt bearbeitet 21.11.2024 08:59:53

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10.

5.4

CVE-2023-51690

  • EPSS 0.05%
  • Veröffentlicht 01.02.2024 11:15:11
  • Zuletzt bearbeitet 21.11.2024 08:38:36

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.8.

5.4

CVE-2023-7069

  • EPSS 0.08%
  • Veröffentlicht 01.02.2024 04:15:49
  • Zuletzt bearbeitet 21.11.2024 08:45:10

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user suppli...

5.4

CVE-2023-4775

  • EPSS 0.1%
  • Veröffentlicht 13.11.2023 08:15:25
  • Zuletzt bearbeitet 21.11.2024 08:35:57

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advanced_iframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes....

6.1

CVE-2021-24953

Exploit
  • EPSS 0.21%
  • Veröffentlicht 07.03.2022 09:15:08
  • Zuletzt bearbeitet 21.11.2024 05:54:04

The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the ai_config_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue