cleantalk
Vulnerabilities and Security Researches

Advanced iFrame, CVE-2025-1440

CVE, Research URL

CVE-2025-1440

Home page URL

Security reports for Advanced iFrame

Application

Advanced iFrame

Published on
Mar 26, 2025
Research Description
The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aip_map_url_callback() function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the advancediFrameParameterData option with an excessive amount of unvalidated data.
Affected versions
Min -, max 2025.0.
Status
vulnerable
Previous vulnerability researches
UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included (CVE-2024-11335) , Feb 21, 2025
Advanced iFrame (CVE-2025-1439) , Mar 27, 2025
Advanced iFrame (CVE-2025-1440) , Mar 27, 2025
Advanced iFrame (CVE-2025-1437) , Mar 27, 2025
Advanced iFrame (CVE-2023-4775) , Jun 07, 2024
New vulnerability
Thumbnail carousel slider (CVE-2015-10144) , Jul 29, 2025
Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions (CVE-2025-8104) , Jul 29, 2025
Ebook Store (CVE-2025-7437) , Jul 29, 2025
Geo Mashup (CVE-2025-48293) , Jul 29, 2025
WooCommerce Point Of Sale (POS) (CVE-2025-52820) , Jul 28, 2025