Iframe < 4.5 - Authenticated Stored Cross Site Scripting (XSS)



Description
The iframe plugin before 4.5 does not sanitize a URL.
Proof of Concept The PoC will be displayed on May 27, 2020, to give users the time to update.

Affects Plugin

fixed in version 4.5

References

CVE 2020-12696

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Guilherme Rubert
Submitter Guilherme Rubert
Submitter Website https://guilhermerubert.com
Views 466
Verified No
WPVDB ID 10221

Timeline

Publicly Published 2020-05-07 (19 days ago)
Added 2020-05-13 (12 days ago)
Last Updated 2020-05-14 (11 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin