WordPress iFrame Plugin <= 3.0 - Cross Site Scripting
- This plugin is prone to a cross site scripting attack when the “get_params_from_url” option is used in the iFrame shortcode. It allows attackers to do anything that admin can.
- Upgrade this plugin.
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
Packet Storm Security
- Name CVE-N/A
Fixed In 4.0
- Disclosure date