Notifications
Clear all

WordFence Identifies this Plugin as Vulnerable to Cross-Site Scripting

2 Posts
2 Users
0 Likes
130 Views
Posts: 1
Topic starter
(@agencynetwork)
New Member
Joined: 2 months ago

WordFence is saying this plugin needs to be patched for cross-site scripting vulnerability. Does anyone have a solution?

Plugin Name: Advanced iFrame Pro
Current Plugin Version: 2022.5
Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “Advanced iFrame Pro” until a patched version is available. Get more information.(opens in new tab)
Repository URL: https://wordpress.org/plugins/advanced-iframe(opens in new tab)
Vulnerability Information: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24953(opens in new tab)

1 Reply
TinyWebGallery
Posts: 742
Admin
(@admin)
Prominent Member
Joined: 14 years ago

Hi, 

Please see the description. This is valid for versions before 2022! Right now this we are at 2022.5.

See: https://www.tinywebgallery.com/blog/advanced-iframe/advanced-iframe-history

There this is also listed.

So if you have an older version then 2022 please simply update.

Best regards,

Michael

 

Reply