Unauthorized Data Manipulation Vulnerability in Advanced iFrame Plugin for WordPress
CVE-2025-1440

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Advanced Iframe
Vendor: CVE Published:; 26 March 2025

What is CVE-2025-1440?

The Advanced iFrame plugin for WordPress allows unauthorized users to exploit the aip_map_url_callback() function due to insufficient input validation. This vulnerability leads to the excessive creation of options, enabling attackers to inject large amounts of unchecked data into the advancediFrameParameterData option. Such weaknesses can compromise site integrity and security, making it essential for users to be aware and take preventative measures.

Affected Version(s)

Advanced iFrame * <= 2024.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2025
Vulnerability Reserved
Feb 18, 2025

Credit

Peter Thaleikis