cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10151,https://securityvulnerability.io/vulnerability/CVE-2024-10151,Stored Cross-Site Scripting in Auto iFrame WordPress Plugin,"The Auto iFrame WordPress plugin prior to version 2.0 exhibits a vulnerability where it fails to properly validate and escape certain shortcode attributes. This flaw enables users with contributor roles or higher permissions to execute Stored Cross-Site Scripting (XSS) attacks, potentially compromising website integrity and user data security. Utilizing this vulnerability, attackers can inject malicious scripts into posts or pages, affecting unsuspecting visitors.",Wordpress,Auto Iframe,,,0.0004299999854993075,false,,false,false,true,true,false,false,2025-01-08T06:00:12.427Z,0
CVE-2024-9449,https://securityvulnerability.io/vulnerability/CVE-2024-9449,Stored Cross-Site Scripting vulnerability in Auto iFrame plugin,"The Auto iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Auto Iframe,6.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2024-10-09T06:44:38.096Z,0
CVE-2023-6844,https://securityvulnerability.io/vulnerability/CVE-2023-6844,WordPress iframe plugin vulnerable to Stored Cross-Site Scripting,The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to and including 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.,Wordpress,Iframe,5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-23T01:56:19.259Z,0
CVE-2024-1341,https://securityvulnerability.io/vulnerability/CVE-2024-1341,Stored Cross-Site Scripting Vulnerability in Advanced iFrame Plugin for WordPress,"The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advanced_iframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additional_js attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Advanced Iframe,4.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-02-29T04:31:18.797Z,0
CVE-2023-7069,https://securityvulnerability.io/vulnerability/CVE-2023-7069,Stored Cross-Site Scripting in Advanced iFrame Plugin for WordPress,"The Advanced iFrame plugin for WordPress has a vulnerability that allows for Stored Cross-Site Scripting. Due to inadequate input sanitization and output escaping on attributes supplied in the plugin's 'advanced_iframe' shortcode, authenticated users with contributor-level or higher permissions can execute arbitrary web scripts on pages. This resulting exploit can trigger whenever a user accesses the compromised page, making it a significant risk for WordPress-based sites.",Wordpress,Advanced Iframe,6.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-02-01T03:31:37.809Z,0
CVE-2023-4775,https://securityvulnerability.io/vulnerability/CVE-2023-4775,Stored Cross-Site Scripting Vulnerability in Advanced iFrame Plugin for WordPress,"The Advanced iFrame plugin for WordPress suffers from a vulnerability that allows authenticated users with contributor-level permissions and above to inject malicious scripts. This occurs via the 'advanced_iframe' shortcode, where inadequate input sanitization and output escaping of user-supplied attributes lead to potential exploitation. As a result, arbitrary web scripts can be executed on pages upon access, posing significant security risks to users.",Wordpress,Advanced iFrame,5.4,MEDIUM,0.0006699999794363976,false,,false,false,false,,false,false,2023-11-13T08:15:00.000Z,0
CVE-2023-5073,https://securityvulnerability.io/vulnerability/CVE-2023-5073,Stored Cross-Site Scripting Vulnerability in Iframe Forms for WordPress,"The Iframe Forms plugin for WordPress is susceptible to stored cross-site scripting vulnerabilities due to insufficient input sanitization and output escaping implemented in its 'iframe' shortcode. Attackers with contributor-level access can exploit this vulnerability, allowing them to inject malicious scripts into web pages. Once these scripts are embedded, they execute whenever a user visits the affected page, potentially compromising user data and site integrity.",Wordpress,iframe forms,5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2023-10-31T12:15:00.000Z,0
CVE-2023-4919,https://securityvulnerability.io/vulnerability/CVE-2023-4919,Stored Cross-Site Scripting Vulnerability in WordPress Iframe Plugin,"The Iframe Plugin for WordPress has a vulnerability that allows authenticated attackers with contributor-level permissions and higher to exploit insufficient input sanitization and output escaping. This results in the potential for arbitrary web scripts to be injected into pages, which then execute when users access those pages. The issue affects versions up to 4.6, was partially addressed in that version, and fully resolved in version 4.7.",Wordpress,iframe,5.4,MEDIUM,0.0013899999903514981,false,,false,false,false,,false,false,2023-10-20T07:15:00.000Z,0
CVE-2023-2964,https://securityvulnerability.io/vulnerability/CVE-2023-2964,Simple Iframe < 1.2.0 - Contributor+ Stored XSS,"The Simple Iframe WordPress plugin before 1.2.0 does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks.",Wordpress,Simple Iframe,5.4,MEDIUM,0.0005099999834783375,false,,false,false,false,,false,false,2023-07-10T16:15:00.000Z,0
CVE-2021-24953,https://securityvulnerability.io/vulnerability/CVE-2021-24953,Advanced iFrame < 2022 - Reflected Cross-Site Scripting,"The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the ai_config_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue",Wordpress,Advanced Iframe,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,false,false,2022-03-07T08:16:09.000Z,0
CVE-2020-12696,https://securityvulnerability.io/vulnerability/CVE-2020-12696,,The iframe plugin before 4.5 for WordPress does not sanitize a URL.,Wordpress,Iframe,6.1,MEDIUM,0.0006200000061653554,false,,false,false,true,true,false,false,2020-05-07T04:39:15.000Z,0