ThreatPress

WordPress Vulnerabilities Database

Back

WordPress iFrame Plugin <= 3.0 - Cross Site Scripting

Product
iFrame
Description
This plugin is prone to a cross site scripting attack when the “get_params_from_url” option is used in the iFrame shortcode. It allows attackers to do anything that admin can.
Solution
Upgrade this plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Packet Storm Security
CVE
Name CVE-N/A
Versions
Affected In <= 3.0
Fixed In 4.0
Disclosure date
2015-08-11
Submitter
ThreatPress