Does iframe have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is iframe compatible with WordPress 6.9.4?

According to WordPress.org data, iframe 6.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is iframe updated?

iframe was last updated on Dec 18, 2025. Frequent updates are generally a positive security signal.

What is iframe's security score?

iframe has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

iframe Security & Risk Analysis

wordpress.org/plugins/iframe

[iframe src="http://www.youtube.com/embed/7_nAZQt9qu0" width="100%" height="500"] shortcode

70K active installs v6.0 PHP + WP 3.0+ Updated Dec 18, 2025

embedgoogle-mapsiframevimeoyoutube

A · Safe

CVEs total6

Unpatched0

Last CVEMay 22, 2024

Plugin page Download

Safety Verdict

Is iframe Safe to Use in 2026?

Generally Safe

Score 97/100

iframe has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

6 known CVEsLast CVE: May 22, 2024Updated 5mo ago

Risk Assessment

The "iframe" v6.0 plugin exhibits a generally good security posture in its current static analysis. The code demonstrates a strong commitment to secure coding practices, with all SQL queries utilizing prepared statements and all outputs being properly escaped. There are no identified dangerous functions, file operations, or external HTTP requests, and the plugin does not bundle any external libraries, which helps mitigate risks associated with outdated dependencies. The limited attack surface, consisting of a single shortcode with capability checks, further contributes to its perceived security.

Key Concerns

History of medium severity XSS vulnerabilities
No nonce checks on shortcode

Vulnerabilities

6 published

iframe Security Vulnerabilities

CVEs by Year

1 CVE in 2015

2015

1 CVE in 2020

2020

2 CVEs in 2023

2023

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

6 total CVEs

CVE-2023-6844medium · 5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

iframe <= 5.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

May 22, 2024 Patched in 5.1 (69d)

CVE-2024-34805medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

iframe <= 5.0 - Authenticated (Contributor+ Stored Cross-Site Scripting

May 14, 2024 Patched in 5.1 (9d)

CVE-2023-52125medium · 5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

iFrame <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via srcdoc

Dec 28, 2023 Patched in 4.9 (26d)

CVE-2023-4919medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

iframe <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'iframe' Shortcode

Sep 25, 2023 Patched in 4.7 (120d)

CVE-2020-12696medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

iframe <= 4.4 - Authenticated Stored Cross Site Scripting

May 7, 2020 Patched in 4.5 (1356d)

CVE-2015-6738medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

iFrame <= 4.0 - Stored Cross-Site Scripting

Aug 10, 2015 Patched in 4.1 (3088d)

Version History

iframe Release Timeline

v6.0Current

v5.2

v5.1

v5.02 CVEs

CVE-2023-6844 CVE-2024-34805

v4.92 CVEs

CVE-2023-6844 CVE-2024-34805

v4.83 CVEs

CVE-2023-52125 CVE-2023-6844 CVE-2024-34805

v4.73 CVEs

CVE-2023-52125 CVE-2023-6844 CVE-2024-34805

v4.64 CVEs

CVE-2023-4919 CVE-2023-52125 CVE-2023-6844 +1 more

v4.54 CVEs

CVE-2023-4919 CVE-2023-52125 CVE-2023-6844 +1 more

v4.45 CVEs

CVE-2023-4919 CVE-2023-52125 CVE-2020-12696 +2 more

v4.35 CVEs

CVE-2023-4919 CVE-2023-52125 CVE-2020-12696 +2 more

v4.25 CVEs

CVE-2023-4919 CVE-2023-52125 CVE-2020-12696 +2 more

v4.15 CVEs

CVE-2023-4919 CVE-2023-52125 CVE-2020-12696 +2 more

v4.06 CVEs

CVE-2023-4919 CVE-2023-52125 CVE-2020-12696 +3 more

v3.06 CVEs

CVE-2023-4919 CVE-2023-52125 CVE-2020-12696 +3 more

v2.96 CVEs

CVE-2023-4919 CVE-2023-52125 CVE-2020-12696 +3 more

v2.86 CVEs

CVE-2023-4919 CVE-2023-52125 CVE-2020-12696 +3 more

v2.76 CVEs

CVE-2023-4919 CVE-2023-52125 CVE-2020-12696 +3 more

v2.66 CVEs

CVE-2023-4919 CVE-2023-52125 CVE-2020-12696 +3 more

v2.56 CVEs

CVE-2023-4919 CVE-2023-52125 CVE-2020-12696 +3 more

Code Analysis

Analyzed Mar 16, 2026

iframe Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped8 total outputs

Attack Surface

iframe Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[iframe] iframe.php:91

WordPress Hooks 3

actionadmin_initiframe-settings.php:38

actionadmin_menuiframe-settings.php:65

filterplugin_row_metaiframe.php:104

Maintenance & Trust

iframe Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 18, 2025

PHP min version

Downloads1.9M

Community Trust

Rating88/100

Number of ratings56

Active installs70K

Alternatives

iframe Alternatives

Simple YouTube Embed

simple-youtube-embed

Embed YouTube videos in WordPress beautifully. Embed YouTube video with a URL or shortcode and customize the player using this YouTube embed plugin.

5K No CVEs

Custom iFrame – Embed PDFs, Videos, and External Content in WordPress (Elementor & Gutenberg)

custom-iframe

Easily embed secure, SEO-friendly, and responsive iFrames in WordPress using Elementor or Gutenberg with lazy loading, auto-height adjustment, and dyn …

3K 1 CVE

SmartVideo – Video Player and CDN

smartvideo

100

Lightweight HTML5 video player and video hosting with CDN built for WordPress

1K No CVEs

WP YouTube Player

wp-youtube-player

Insert Youtube Videos on WordPress blog.

1K No CVEs

Responsive video embed

responsive-video-embed

Enables you three simple ways to embed responsive video into your content.

900 1 CVE

Developer Profile

iframe Developer Profile

webvitaly

14 plugins · 128K total installs

trust score

Avg Security Score

81/100

Avg Patch Time

396 days

View full developer profile

Detection Fingerprints

How We Detect iframe

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/iframe/iframe-settings.php

HTML / DOM Fingerprints

CSS Classes

iframe-class

HTML Comments

Data Attributes

same_height_as

Shortcode Output

<iframe

FAQ

iframe Security & Risk Analysis

Is iframe Safe to Use in 2026?

Generally Safe

Key Concerns

iframe Security Vulnerabilities

CVEs by Year

Severity Breakdown

iframe Release Timeline

iframe Code Analysis

Output Escaping

iframe Attack Surface

Shortcodes 1

iframe Maintenance & Trust

Maintenance Signals

Community Trust

iframe Alternatives

Simple YouTube Embed

Custom iFrame – Embed PDFs, Videos, and External Content in WordPress (Elementor & Gutenberg)

SmartVideo – Video Player and CDN

WP YouTube Player

Responsive video embed

iframe Developer Profile

How We Detect iframe

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about iframe