Home

Description

The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aip_map_url_callback() function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the advancediFrameParameterData option with an excessive amount of unvalidated data.

PUBLISHED Reserved 2025-02-18 | Published 2025-03-26 | Updated 2025-03-26 | Assigner Wordfence




MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unaffected

* (semver)
affected

Timeline

2025-03-25:Disclosed

Credits

Peter Thaleikis finder

References

www.wordfence.com/...-aa1e-40a0-9a48-d730b2102217?source=cve

plugins.trac.wordpress.org/...d-iframe&sfp_email=&sfph_mail=

cve.org (CVE-2025-1440)

nvd.nist.gov (CVE-2025-1440)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.