CVE-2025-1440

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Advanced iFrame plugin for WordPress versions up to and including 2024.5

Description The issue allows unauthorized excessive creation of options on the aip map url callback() function due to insufficient restrictions. This enables unauthenticated attackers to update the advancediFrameParameterData option with an excessive amount of unvalidated data.

Recommendations For versions up to and including 2024.5, consider disabling the aip map url callback() function until a patch is available to prevent excessive creation of options. Restrict access to the advancediFrameParameterData option to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2025-1440

Affected Products

Advanced Iframe

CVE-2025-1440

Weakness Enumeration

Related Identifiers

Affected Products

References · 10