Stored Cross-Site Scripting Vulnerability in Advanced iFrame Plugin for WordPress
CVE-2025-6987
6.4MEDIUM
What is CVE-2025-6987?
The Advanced iFrame plugin for WordPress has a vulnerability allowing for Stored Cross-Site Scripting through the 'advanced_iframe' shortcode. This issue arises from inadequate input sanitization and output escaping of user-supplied attributes. Authenticated users with contributor-level access and higher can exploit this vulnerability by injecting malicious web scripts into pages. These scripts can execute whenever a user accesses the impacted content, potentially compromising user data and site integrity.
Affected Version(s)
Advanced iFrame * <= 2025.5