cleantalk
Vulnerabilities and Security Researches

Advanced iFrame, CVE-2023-7069

CVE, Research URL

CVE-2023-7069

Home page URL

Security reports for Advanced iFrame

Application

Advanced iFrame

Published on
Feb 01, 2024
Research Description
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-24870 is likely a duplicate of this issue.
Affected versions
Min -, max 2024.0.
Status
vulnerable
Previous vulnerability researches
UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included (CVE-2024-11335) , Feb 21, 2025
Advanced iFrame (CVE-2025-1439) , Mar 27, 2025
Advanced iFrame (CVE-2025-1440) , Mar 27, 2025
Advanced iFrame (CVE-2025-1437) , Mar 27, 2025
Advanced iFrame (CVE-2023-4775) , Jun 07, 2024
New vulnerability
Thumbnail carousel slider (CVE-2015-10144) , Jul 29, 2025
Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions (CVE-2025-8104) , Jul 29, 2025
Ebook Store (CVE-2025-7437) , Jul 29, 2025
Geo Mashup (CVE-2025-48293) , Jul 29, 2025
WooCommerce Point Of Sale (POS) (CVE-2025-52820) , Jul 28, 2025