CVE-2021-24953: Advanced iFrame < 2022 - Reflected Cross-Site Scripting
First published: Mon Mar 07 2022(Updated: )
The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the ai_config_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Michael Dempfle Advanced iFrame | <2022 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Advanced iFrame WordPress plugin vulnerability?
The vulnerability ID for this Advanced iFrame WordPress plugin vulnerability is CVE-2021-24953.
What is the severity level of CVE-2021-24953?
The severity level of CVE-2021-24953 is medium.
How does CVE-2021-24953 affect the Advanced iFrame WordPress plugin?
CVE-2021-24953 allows for a Reflected Cross-Site Scripting issue in the Advanced iFrame WordPress plugin.
What is the affected software in CVE-2021-24953?
The affected software in CVE-2021-24953 is the Tinywebgallery Advanced iFrame WordPress plugin version up to exclusive 2022.
How can I fix CVE-2021-24953 in the Advanced iFrame WordPress plugin?
To fix CVE-2021-24953 in the Advanced iFrame WordPress plugin, update to the latest version of the plugin.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/tinywebgallery
- canonical/michael dempfle advanced iframe