Advanced iFrame custom folder warning / keeps returning

Resolved myokonagano
(@myokonagano)

8 months ago
I used to use pro but now just use basic version.

I’m getting a security warning:

advanced-iframe-custom version 1.0 that is located at /home/ehoj/public_html/***.com has vulnerability(s):
- CVE-2021-24953
As far as I can see the Advanced iFrame custom folder is not required for basic version. Yet, no matter how many times I delete it, or reinstall AIF, it just keeps returning like a zombie. I have checked yes for “Remove data when plugin is deleted” but it doesn’t make any difference.

Spent waaay too much time on what should be a basic fix.

Viewing 8 replies - 1 through 8 (of 8 total)

Plugin Author mdempfle
(@mdempfle)

8 months ago

CVE-2021-24953 (https://wpscan.com/vulnerability/0529261d-65e1-4c64-b8ed-ecb7356d9067/) was a issue before 2022 and is already fixed 3 years. Please update to 2025.8 to get a version where all known vulnerabilities and bugs are fixed.

Can you also please share how you get this message as it seems to be a false/positive anyway as the custom folder cannot have any security issues. It only contains data files like e.g. custom css files.

The custom folder is required for the free and the pro version as both versions can have custom files that should not be removed during an update. You will not be able to delete it when the plugin is active as it is recreated when you save the administration.

“Remove data when plugin is deleted” removes all data from the database.

Best regards, Michael

Thread Starter myokonagano
(@myokonagano)

8 months ago

Thanks Micheal.

It’s a Wordfence warning

Plugin Author mdempfle
(@mdempfle)

8 months ago

Thanks for the feedback.

Did upgrading to the latest version solve the issue?

I will also contact Wordfence about your warning as it does not make any sense.

Thread Starter myokonagano
(@myokonagano)

8 months ago

I’ll have to wait to see if I get more warnings. Hopefully it will be solved.
Thread Starter myokonagano
(@myokonagano)

7 months, 4 weeks ago
Correction. Warning is coming from “Imunify360 Security Team”

advanced-iframe-custom version 1.0 that is located at /home/ehoj/public_html/*** has vulnerability(s):
- CVE-2021-24953
advanced-iframe-custom version 1.0 that is located at /home/ehoj/public_html/*** has vulnerability(s):
- CVE-2021-24953
advanced-iframe-custom version 1.0 that is located at /home/ehoj/public_html/*** has vulnerability(s):
- CVE-2021-24953
advanced-iframe-custom version 1.0 that is located at /home/ehoj/public_html/*** has vulnerability(s):
- CVE-2021-24953
Plugin Author mdempfle
(@mdempfle)

7 months, 3 weeks ago

Are you using this plugin: https://docs.imunify360.com/wordpress_plugin/ ?
then I can write to this team The should fix the detection on their side.

And is the error message still coming even you have the lastest version installed?

Best regards, Michael

Thread Starter myokonagano
(@myokonagano)

7 months, 3 weeks ago

Yes and yes

Plugin Author mdempfle
(@mdempfle)

7 months, 3 weeks ago

I got this from this team:

—

The following notification/message is possibly not from the Imunify WordPress plugin, but instead from ImunifyAV Free. To replicate this, I installed your WordPress plugin in a test environment:

After scanning, Imunify did not detect any malware in these directories.

We recommend updating ImunifyAV to the latest version using this guide: Imunify Update Guide. This warning can also be safely ignored, as it appears to be a false positive rather than an active infection or possibly an outdated signatures. If the notification still appears after updating, please update this ticket so we can check further.

—

So please update the scanner plugin and check again.
Best regards, Michael

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘Advanced iFrame custom folder warning / keeps returning’ is closed to new replies.