Primary

Context

Advanced iFrame WordPress Plugin Unauthenticated Options Update Vulnerability

Vulnerability

A vulnerability exists in the Advanced iFrame plugin for WordPress, affecting all versions through 2024.5. The issue arises from inadequate restrictions in the aip_map_url_callback() function, allowing unauthorized attackers to excessively update the advancediFrameParameterData option with unvalidated data.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of plugin options, potentially allowing for the injection of malicious data or disruption of plugin functionality.

Remediation

Users are advised to update the Advanced iFrame plugin to version 2025.0 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Advanced iFrame WordPress Plugin Unauthenticated Options Update Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating