{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1439", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-18T15:21:12.917Z", "datePublished": "2025-03-26T09:21:41.438Z", "dateUpdated": "2026-04-08T16:55:13.699Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:55:13.699Z"}, "affected": [{"vendor": "mdempfle", "product": "Advanced iFrame", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2024.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied attributes through the 'src' attribute when the src supplied returns a header with an injected value . This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Advanced iFrame <= 2024.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Host Header", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5ac1145b-5ab1-47a9-9117-4870c52a70fc?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3255604%40advanced-iframe&new=3255604%40advanced-iframe&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Emil"}], "timeline": [{"time": "2025-03-25T21:14:57.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-26T13:41:09.708468Z", "id": "CVE-2025-1439", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-26T13:41:21.043Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1439", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-26T13:41:09.708468Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-26T13:41:16.069Z"}}], "cna": {"title": "Advanced iFrame <= 2024.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Host Header", "credits": [{"lang": "en", "type": "finder", "value": "Emil"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "mdempfle", "product": "Advanced iFrame", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2024.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-25T21:14:57.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5ac1145b-5ab1-47a9-9117-4870c52a70fc?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3255604%40advanced-iframe&new=3255604%40advanced-iframe&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied attributes through the 'src' attribute when the src supplied returns a header with an injected value . This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:55:13.699Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1439", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:55:13.699Z", "dateReserved": "2025-02-18T15:21:12.917Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-26T09:21:41.438Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tinywebgallery:advanced_iframe:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "53C01C36-5E7E-46D1-81A8-93CC1CC076EE", "versionEndExcluding": "2025.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied attributes through the 'src' attribute when the src supplied returns a header with an injected value . This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento Advanced iFrame para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del shortcode 'advanced_iframe' en todas las versiones hasta la 2024.5 incluida, debido a una depuraci\u00f3n de entrada y al escape de salida insuficiente en los atributos proporcionados por el usuario mediante el atributo 'src' cuando este devuelve una cabecera con un valor inyectado. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."}], "id": "CVE-2025-1439", "lastModified": "2025-07-14T16:38:27.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-26T10:15:15.093", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3255604%40advanced-iframe&new=3255604%40advanced-iframe&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5ac1145b-5ab1-47a9-9117-4870c52a70fc?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T01:47:11.812161+00:00", "value": {"mitigation_remediation": ["Upgrade the Advanced iFrame plugin to a version newer than 2024.5, which contains the input sanitization fix.", "Limit contributor or lower role access to only trusted users, or remove contributor privileges if the shortcode is not required for that user group.", "Re\u2011validate existing posts that use the advanced_iframe shortcode to ensure no malicious src attributes remain and strip any suspicious content.", "Consider disabling the Advanced iFrame shortcode in the plugin settings if the functionality is not needed, or restrict its usage to administrators only."], "summary": {"action": "Apply Patch", "impact": "Stored Cross\u2011Site Scripting (XSS)"}, "threat_synthesis": {"affected_systems": "All installations of Advanced iFrame, a WordPress plugin developed by mdempfle, with versions up to and including 2024.5 are affected. The vulnerability is present whenever the plugin\u2019s shortcode is used in content posted by users who have contributor privileges or greater.", "description_and_impact": "The Advanced iFrame plugin for WordPress allows an authenticated contributor or higher user to inject arbitrary scripts into the \"src\" attribute of its shortcode. Because the plugin fails to properly sanitize or escape values returned from the host header, the malicious content is stored and rendered within page responses, causing the script to execute in the browsers of any user who views the affected page. This stored XSS can be used for session hijacking, phishing, or defacement, and results in a loss of confidentiality and integrity of user data.", "risk_and_exploitability": "The Common Vulnerability Scoring System score of 6.4 indicates a moderate severity. The EPSS score of less than 1\u202f% suggests a low probability of exploitation at this time, and the vulnerability is not currently listed in the CISA KEV catalog. The attack requires the attacker to be authenticated with contributor-level access or higher and to supply a malicious host header that is reflected in the src attribute. Because the flaw is stored, the malicious script persists in the stored post content and will be delivered automatically to any visitor of that page, making the attack practical when the plugin is actively in use."}}}}, "created": "2025-07-12T22:09:21.798003+00:00", "updated": "2026-04-22T02:00:05.034457+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}