Stored Cross-Site Scripting Vulnerability in WordPress Iframe Plugin
CVE-2023-4919

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: iframe
Vendor: CVE Published:; 20 October 2023

Summary

The Iframe Plugin for WordPress has a vulnerability that allows authenticated attackers with contributor-level permissions and higher to exploit insufficient input sanitization and output escaping. This results in the potential for arbitrary web scripts to be injected into pages, which then execute when users access those pages. The issue affects versions up to 4.6, was partially addressed in that version, and fully resolved in version 4.7.

Affected Version(s)

iframe * <= 4.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/iframe/tags/4....

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 20, 2023
Vulnerability Reserved
Sep 12, 2023

Credit

Lana Codes

Alex Thomas