PT-2025-1946 · WordPress · Responsive Iframe Wordpress Plugin
Sakotas
·
Published
2025-02-01
·
Updated
2025-05-12
·
CVE-2024-12768
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The Responsive iframe WordPress plugin versions 1.2.0 and earlier
Description
The issue concerns the failure to validate and escape certain block options before they are outputted back in a page or post where the block is embedded. This could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Recommendations
For The Responsive iframe WordPress plugin versions 1.2.0 and earlier, consider disabling the embedding of blocks that use unvalidated options until a patch is available. Restrict access to block options to minimize the risk of exploitation. Avoid using the block embedding feature in the affected plugin until the issue is resolved.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Responsive Iframe Wordpress Plugin