cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1341,https://securityvulnerability.io/vulnerability/CVE-2024-1341,Stored Cross-Site Scripting Vulnerability in Advanced iFrame Plugin for WordPress,"The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advanced_iframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additional_js attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Advanced Iframe,4.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-02-29T04:31:18.797Z,0
CVE-2023-7069,https://securityvulnerability.io/vulnerability/CVE-2023-7069,Stored Cross-Site Scripting in Advanced iFrame Plugin for WordPress,"The Advanced iFrame plugin for WordPress has a vulnerability that allows for Stored Cross-Site Scripting. Due to inadequate input sanitization and output escaping on attributes supplied in the plugin's 'advanced_iframe' shortcode, authenticated users with contributor-level or higher permissions can execute arbitrary web scripts on pages. This resulting exploit can trigger whenever a user accesses the compromised page, making it a significant risk for WordPress-based sites.",Wordpress,Advanced Iframe,6.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-02-01T03:31:37.809Z,0
CVE-2023-4775,https://securityvulnerability.io/vulnerability/CVE-2023-4775,Stored Cross-Site Scripting Vulnerability in Advanced iFrame Plugin for WordPress,"The Advanced iFrame plugin for WordPress suffers from a vulnerability that allows authenticated users with contributor-level permissions and above to inject malicious scripts. This occurs via the 'advanced_iframe' shortcode, where inadequate input sanitization and output escaping of user-supplied attributes lead to potential exploitation. As a result, arbitrary web scripts can be executed on pages upon access, posing significant security risks to users.",Wordpress,Advanced iFrame,5.4,MEDIUM,0.0006699999794363976,false,,false,false,false,,false,false,2023-11-13T08:15:00.000Z,0
CVE-2021-24953,https://securityvulnerability.io/vulnerability/CVE-2021-24953,Advanced iFrame < 2022 - Reflected Cross-Site Scripting,"The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the ai_config_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue",Wordpress,Advanced Iframe,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,false,false,2022-03-07T08:16:09.000Z,0