[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXab6slAww6T8A_o9EOVOghwivLh6XM0SiKyC3sUCysg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":14,"unpatched_count":14,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":41,"crawl_stats":32,"alternatives":49,"analysis":72,"fingerprints":100},"iframe-block","iFrame Block","0.1.1","Vikas Sharma","https:\u002F\u002Fprofiles.wordpress.org\u002Fvikas4travel\u002F","\u003Cp>iFrame Block lets you insert iframes in the block editor.\u003Cbr \u002F>\n* Easily place iframes into your posts and pages.\u003Cbr \u002F>\n* Option to choose between responsive and fixed width\u002Fheight.\u003Cbr \u002F>\n* Lightweight plugin.\u003C\u002Fp>\n","iFrame Block lets you insert iframes in the block editor.",800,8743,100,1,"2025-09-01T14:05:00.000Z","6.8.5","5.2","5.6",[4,20],"insert-iframe","https:\u002F\u002Fwww.vikas4travel.com\u002Fiframe-block\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fiframe-block.0.1.2.zip",78,"2025-08-19 00:00:00","2026-03-15T15:16:48.613Z",[27],{"id":28,"url_slug":29,"title":30,"description":31,"plugin_slug":4,"theme_slug":32,"affected_versions":33,"patched_in_version":32,"severity":34,"cvss_score":35,"cvss_vector":36,"vuln_type":37,"published_date":24,"updated_date":38,"references":39,"days_to_patch":32},"CVE-2025-49411","iframe-block-authenticated-contributor-stored-cross-site-scripting","iFrame Block \u003C= 0.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The iFrame Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=0.1.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-08-25 18:05:51",[40],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4cf4e22b-423c-49e6-ac00-99adf997aebe?source=api-prod",{"slug":42,"display_name":7,"profile_url":8,"plugin_count":43,"total_installs":44,"avg_security_score":45,"avg_patch_time_days":46,"trust_score":47,"computed_at":48},"vikas4travel",4,1090,95,30,91,"2026-04-04T14:08:33.481Z",[50],{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":13,"num_ratings":14,"last_updated":60,"tested_up_to":16,"requires_at_least":61,"requires_php":62,"tags":63,"homepage":69,"download_link":70,"security_score":13,"vuln_count":71,"unpatched_count":71,"last_vuln_date":32,"fetched_at":25},"automatic-break-iframes","SpamShieldX","1.2","Alireza Nejati","https:\u002F\u002Fprofiles.wordpress.org\u002Falireza-nejati\u002F","\u003Cp>SpamShieldX is the ultimate solution for protecting your WordPress website from spam and iframe abuse. Our plugin blocks malicious iframes and prevents unwanted spam sources, keeping your site secure and optimized.\u003C\u002Fp>\n\u003Cp>Whether you’re a blogger, website owner, or developer, SpamShieldX is the perfect tool to enhance your site’s security and performance. Our plugin is lightweight, easy to configure, and seamlessly integrates into your WordPress site.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Block iframe abuse\u003C\u002Fli>\n\u003Cli>Prevent spam from harmful sources\u003C\u002Fli>\n\u003Cli>Protect your content and improve security\u003C\u002Fli>\n\u003Cli>Easy to use and setup\u003C\u002Fli>\n\u003Cli>Regular updates for maximum security\u003C\u002Fli>\n\u003C\u002Ful>\n","SpamShieldX is the ultimate solution for protecting your WordPress website from spam and iframe abuse. Our plugin blocks malicious iframes and prevent …",10,2276,"2025-04-28T07:01:00.000Z","5.0","",[64,65,66,67,68],"anti-spam","iframe-blocker","spam-protection","website-security","wordpress-firewall","http:\u002F\u002Fazarsys.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-break-iframes.1.2.zip",0,{"attackSurface":73,"codeSignals":85,"taintFlows":92,"riskAssessment":93,"analyzedAt":99},{"hooks":74,"ajaxHandlers":81,"restRoutes":82,"shortcodes":83,"cronEvents":84,"entryPointCount":71,"unprotectedCount":71},[75],{"type":76,"name":77,"callback":78,"file":79,"line":80},"action","init","wsi_iframe_block_block_init","iframe-block.php",28,[],[],[],[],{"dangerousFunctions":86,"sqlUsage":87,"outputEscaping":89,"fileOperations":71,"externalRequests":71,"nonceChecks":71,"capabilityChecks":71,"bundledLibraries":91},[],{"prepared":71,"raw":71,"locations":88},[],{"escaped":71,"rawEcho":71,"locations":90},[],[],[],{"summary":94,"deductions":95},"The \"iframe-block\" plugin version 0.1.1 presents a mixed security posture.  On the positive side, the static code analysis reveals no immediately apparent vulnerabilities within the analyzed code itself. There are no dangerous functions, all SQL queries are prepared, and all outputs are properly escaped. Furthermore, the plugin exhibits a limited attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication or permission checks.\n\nHowever, a significant concern arises from the plugin's vulnerability history. The existence of one known unpatched CVE, categorized as medium severity and identified as Cross-site Scripting (XSS), overshadows the positive static analysis. This indicates that while the current code might not exhibit immediate flaws, a past vulnerability that remains unresolved poses a direct and present risk to users. The fact that the last vulnerability was in the future (2025-08-19) is likely a data anomaly or error in the provided information, but the existence of an unpatched CVE remains a critical point of attention.\n\nIn conclusion, while the \"iframe-block\" plugin version 0.1.1 demonstrates good practices in its code structure, the presence of an unpatched medium-severity XSS vulnerability necessitates caution. Users should be aware that even if the current code appears clean, the unresolved historical vulnerability could be exploited. The plugin's strengths lie in its minimal attack surface and internal code hygiene, but its primary weakness is the unpatched historical vulnerability.",[96],{"reason":97,"points":98},"Unpatched CVE (Medium Severity)",15,"2026-03-16T19:17:19.880Z",{"wat":101,"direct":110},{"assetPaths":102,"generatorPatterns":105,"scriptPaths":106,"versionParams":107},[103,104],"\u002Fwp-content\u002Fplugins\u002Fiframe-block\u002Fbuild\u002Findex.css","\u002Fwp-content\u002Fplugins\u002Fiframe-block\u002Fbuild\u002Findex.js",[],[104],[108,109],"iframe-block\u002Fbuild\u002Findex.css?ver=","iframe-block\u002Fbuild\u002Findex.js?ver=",{"cssClasses":111,"htmlComments":112,"htmlAttributes":113,"restEndpoints":114,"jsGlobals":115,"shortcodeOutput":116},[],[],[],[],[],[]]