Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iframe project iframe vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-4919
The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `iframe` shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level per...
Iframe Project Iframe
4.8
CVSSv3
CVE-2023-24394
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions.
Iframe Project Iframe
6.1
CVSSv3
CVE-2020-12696
The iframe plugin prior to 4.5 for WordPress does not sanitize a URL.
Iframe Project Iframe
3 Github repositories
5.4
CVSSv3
CVE-2023-52125
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly iframe allows Stored XSS.This issue affects iframe: from n/a up to and including 4.8.
Iframe Project Iframe
5.4
CVSSv3
CVE-2023-29436
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Flyn San IFrame Shortcode plugin <= 1.0.5 versions.
Iframe Shortcode Project Iframe Shortcode
5.4
CVSSv3
CVE-2023-2964
The Simple Iframe WordPress plugin prior to 1.2.0 does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks.
Simple Iframe Project Simple Iframe
6.1
CVSSv3
CVE-2018-3755
XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name.
Sexstatic Project Sexstatic 0.6.0
Sexstatic Project Sexstatic 0.6.2
6.1
CVSSv3
CVE-2014-6444
Multiple cross-site scripting (XSS) vulnerabilities in the Titan Framework plugin prior to 1.6 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) t parameter to iframe-googlefont-preview.php or the (2) text parameter to iframe-font-previ...
Titan Framework Project Titan Framework
6.1
CVSSv3
CVE-2020-11611
An issue exists in xdLocalStorage up to and including 2.0.5. The buildMessage() function in xdLocalStorage.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the iframe object. Therefore any domain that is currently loaded within the ifra...
Cross Domain Local Storage Project Cross Domain Local Storage
8.8
CVSSv3
CVE-2020-11610
An issue exists in xdLocalStorage up to and including 2.0.5. The postData() function in xdLocalStoragePostMessageApi.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the parent object. Therefore any domain can load the application hosti...
Cross Domain Local Storage Project Cross Domain Local Storage
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »