Simple Iframe < 1.2.0 - Contributor+ Stored XSS
CVE-2023-2964

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Simple Iframe
Vendor: CVE Published:; 10 July 2023

Summary

The Simple Iframe WordPress plugin before 1.2.0 does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks.

Affected Version(s)

Simple Iframe 0 < 1.2.0

References

https://wpscan.com/vulnerability/97aac334-5323-41bb-90f0-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 10, 2023
Vulnerability Reserved
May 29, 2023

Credit

Jihoon Lee

WPScan