Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iframe project iframe vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-24394
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions.
Iframe Project Iframe
4.3
CVSSv2
CVE-2020-12696
The iframe plugin prior to 4.5 for WordPress does not sanitize a URL.
Iframe Project Iframe
3 Github repositories
NA
CVE-2023-4919
The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `iframe` shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level per...
Iframe Project Iframe
NA
CVE-2023-52125
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly iframe allows Stored XSS.This issue affects iframe: from n/a up to and including 4.8.
Iframe Project Iframe
NA
CVE-2023-29436
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Flyn San IFrame Shortcode plugin <= 1.0.5 versions.
Iframe Shortcode Project Iframe Shortcode
NA
CVE-2023-2964
The Simple Iframe WordPress plugin prior to 1.2.0 does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks.
Simple Iframe Project Simple Iframe
4.3
CVSSv2
CVE-2018-3755
XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name.
Sexstatic Project Sexstatic 0.6.0
Sexstatic Project Sexstatic 0.6.2
4.3
CVSSv2
CVE-2014-6444
Multiple cross-site scripting (XSS) vulnerabilities in the Titan Framework plugin prior to 1.6 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) t parameter to iframe-googlefont-preview.php or the (2) text parameter to iframe-font-previ...
Titan Framework Project Titan Framework
5.8
CVSSv2
CVE-2020-11611
An issue exists in xdLocalStorage up to and including 2.0.5. The buildMessage() function in xdLocalStorage.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the iframe object. Therefore any domain that is currently loaded within the ifra...
Cross Domain Local Storage Project Cross Domain Local Storage
6.8
CVSSv2
CVE-2020-11610
An issue exists in xdLocalStorage up to and including 2.0.5. The postData() function in xdLocalStoragePostMessageApi.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the parent object. Therefore any domain can load the application hosti...
Cross Domain Local Storage Project Cross Domain Local Storage
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »