Stored Cross-Site Scripting Vulnerability in WordPress Iframe Plugin
CVE-2023-4919

6.4MEDIUM

Key Information:

Vendor: WordPress
Status: Iframe
Vendor: CVE Published:; 20 October 2023

What is CVE-2023-4919?

The Iframe Plugin for WordPress has a vulnerability that allows authenticated attackers with contributor-level permissions and higher to exploit insufficient input sanitization and output escaping. This results in the potential for arbitrary web scripts to be injected into pages, which then execute when users access those pages. The issue affects versions up to 4.6, was partially addressed in that version, and fully resolved in version 4.7.

Affected Version(s)

iframe * <= 4.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/iframe/tags/4....

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2023
Vulnerability Reserved
Sep 12, 2023

Credit

Lana Codes

Alex Thomas