Cross-site Scripting Vulnerability in iframe to Embed Plugin by sw-galati.ro
CVE-2025-22545

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Iframe To Embed
Vendor: CVE Published:; 7 January 2025

Summary

The iframe to Embed Plugin by sw-galati.ro is vulnerable to Cross-site Scripting (XSS) due to improper neutralization of input during web page generation. This flaw allows attackers to embed malicious scripts in web pages, potentially causing harmful actions and compromising user data. This issue affects versions from n/a up to 1.2, making it essential for website administrators to take immediate steps to mitigate the risk by updating the plugin or applying recommended security patches.

Affected Version(s)

iframe to embed <= 1.2

References

https://patchstack.com/database/wordpress/plugin/iframe-t...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 7, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

SOPROBRO (Patchstack Alliance)