Tinywebgallery Advanced Iframe — known CVE vulnerabilities
Every CVE whose affected-product data names Tinywebgallery Advanced Iframe, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2023-51690 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Advanced iFrame allows Stored…
CVE-2024-24870 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame…
CVE-2025-1439 — CVSS 6.4 (medium): The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all…
CVE-2023-7069 — CVSS 6.4 (medium): The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all…
CVE-2023-4775 — CVSS 6.4 (medium): The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advanced_iframe' shortcode in versions up…
CVE-2025-1437 — CVSS 6.4 (medium): The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all…
CVE-2021-24953 — CVSS 6.1 (medium): The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the ai_config_id parameter before outputting it back in an…
CVE-2025-1440 — CVSS 5.3 (medium): The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aip_map_url_callback() function…
CVE-2024-1341 — CVSS 4.9 (medium): The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advanced_iframe shortcode in all…