Search criteria
6 vulnerabilities by iberezansky
CVE-2025-58226 (GCVE-0-2025-58226)
Vulnerability from cvelistv5 – Published: 2025-09-22 18:23 – Updated: 2025-09-23 14:47
VLAI?
Title
WordPress 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Plugin <= 1.16.16 - Sensitive Data Exposure Vulnerability
Summary
Insertion of Sensitive Information Into Sent Data vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery allows Retrieve Embedded Sensitive Data. This issue affects 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.16.16.
Severity ?
5.3 (Medium)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| iberezansky | 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery |
Affected:
n/a , ≤ 1.16.16
(custom)
|
Credits
Que Thanh Tuan - Blue Rock (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58226",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T14:47:06.116519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T14:47:30.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "interactive-3d-flipbook-powered-physics-engine",
"product": "3D FlipBook \u2013 PDF Flipbook Viewer, Flipbook Image Gallery",
"vendor": "iberezansky",
"versions": [
{
"lessThanOrEqual": "1.16.16",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Que Thanh Tuan - Blue Rock (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInsertion of Sensitive Information Into Sent Data vulnerability in iberezansky 3D FlipBook \u2013 PDF Flipbook Viewer, Flipbook Image Gallery allows Retrieve Embedded Sensitive Data.\u003c/p\u003e\u003cp\u003eThis issue affects 3D FlipBook \u2013 PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.16.16.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in iberezansky 3D FlipBook \u2013 PDF Flipbook Viewer, Flipbook Image Gallery allows Retrieve Embedded Sensitive Data. This issue affects 3D FlipBook \u2013 PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.16.16."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T18:23:45.494Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/interactive-3d-flipbook-powered-physics-engine/vulnerability/wordpress-3d-flipbook-pdf-flipbook-viewer-flipbook-image-gallery-plugin-1-16-16-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress 3D FlipBook \u2013 PDF Flipbook Viewer, Flipbook Image Gallery Plugin \u003c= 1.16.16 - Sensitive Data Exposure Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-58226",
"datePublished": "2025-09-22T18:23:45.494Z",
"dateReserved": "2025-08-27T16:19:27.209Z",
"dateUpdated": "2025-09-23T14:47:30.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5289 (GCVE-0-2025-5289)
Vulnerability from cvelistv5 – Published: 2025-06-21 11:09 – Updated: 2025-06-23 15:03
VLAI?
Title
3D FlipBook - Lite Edition <= 1.16.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via style and mode Parameters
Summary
The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ and 'mode' parameters in all versions up to, and including, 1.16.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This issue affects only block-based themes.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| iberezansky | 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery |
Affected:
* , ≤ 1.16.15
(semver)
|
Credits
muhammad yudha
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5289",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T15:03:44.845170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T15:03:51.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "3D FlipBook \u2013 PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery",
"vendor": "iberezansky",
"versions": [
{
"lessThanOrEqual": "1.16.15",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "muhammad yudha"
}
],
"descriptions": [
{
"lang": "en",
"value": "The 3D FlipBook \u2013 PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018style\u2019 and \u0027mode\u0027 parameters in all versions up to, and including, 1.16.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This issue affects only block-based themes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-21T11:09:40.461Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72b76475-5215-47fd-badf-e2c542b25d4b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/interactive-3d-flipbook-powered-physics-engine/trunk/inc/shortcode.php#L134"
},
{
"url": "https://plugins.trac.wordpress.org/browser/interactive-3d-flipbook-powered-physics-engine/trunk/inc/shortcode.php#L130"
},
{
"url": "https://wordpress.org/plugins/interactive-3d-flipbook-powered-physics-engine/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3315198/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-20T22:29:56.000+00:00",
"value": "Disclosed"
}
],
"title": "3D FlipBook - Lite Edition \u003c= 1.16.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via style and mode Parameters"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-5289",
"datePublished": "2025-06-21T11:09:40.461Z",
"dateReserved": "2025-05-27T20:50:24.544Z",
"dateUpdated": "2025-06-23T15:03:51.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43152 (GCVE-0-2024-43152)
Vulnerability from cvelistv5 – Published: 2024-08-12 22:09 – Updated: 2024-08-13 14:05
VLAI?
Title
WordPress 3D FlipBook plugin <= 1.15.6 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery allows Stored XSS.This issue affects 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.15.6.
Severity ?
5.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| iberezansky | 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery |
Affected:
n/a , ≤ 1.15.6
(custom)
|
Credits
Savphill (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43152",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T13:51:15.304959Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T14:05:50.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "interactive-3d-flipbook-powered-physics-engine",
"product": "3D FlipBook \u2013 PDF Flipbook Viewer, Flipbook Image Gallery",
"vendor": "iberezansky",
"versions": [
{
"changes": [
{
"at": "1.15.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.15.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Savphill (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in iberezansky 3D FlipBook \u2013 PDF Flipbook Viewer, Flipbook Image Gallery allows Stored XSS.\u003cp\u003eThis issue affects 3D FlipBook \u2013 PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.15.6.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in iberezansky 3D FlipBook \u2013 PDF Flipbook Viewer, Flipbook Image Gallery allows Stored XSS.This issue affects 3D FlipBook \u2013 PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.15.6."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T22:09:40.991Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/interactive-3d-flipbook-powered-physics-engine/wordpress-3d-flipbook-plugin-1-15-6-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.15.7 or a higher version."
}
],
"value": "Update to 1.15.7 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress 3D FlipBook plugin \u003c= 1.15.6 - Cross Site Scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-43152",
"datePublished": "2024-08-12T22:09:40.991Z",
"dateReserved": "2024-08-07T09:19:26.673Z",
"dateUpdated": "2024-08-13T14:05:50.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3883 (GCVE-0-2024-3883)
Vulnerability from cvelistv5 – Published: 2024-05-02 08:32 – Updated: 2024-08-01 20:26
VLAI?
Summary
The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Bookmark URL field in all versions up to, and including, 1.15.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| iberezansky | 3D FlipBook – PDF Flipbook WordPress |
Affected:
* , ≤ 1.15.4
(semver)
|
Credits
Tim Coen
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T15:51:44.773185Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:30:59.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:56.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/016462cf-abe9-4c90-abd2-b5bb69348d7e?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3079536/interactive-3d-flipbook-powered-physics-engine"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "3D FlipBook \u2013 PDF Flipbook WordPress",
"vendor": "iberezansky",
"versions": [
{
"lessThanOrEqual": "1.15.4",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tim Coen"
}
],
"descriptions": [
{
"lang": "en",
"value": "The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Bookmark URL field in all versions up to, and including, 1.15.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-02T08:32:10.652Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/016462cf-abe9-4c90-abd2-b5bb69348d7e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3079536/interactive-3d-flipbook-powered-physics-engine"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-16T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-05-01T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-3883",
"datePublished": "2024-05-02T08:32:10.652Z",
"dateReserved": "2024-04-16T12:52:55.232Z",
"dateUpdated": "2024-08-01T20:26:56.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1081 (GCVE-0-2024-1081)
Vulnerability from cvelistv5 – Published: 2024-02-21 06:47 – Updated: 2024-08-01 18:26
VLAI?
Summary
The 3D FlipBook – PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| iberezansky | 3D FlipBook – PDF Flipbook WordPress |
Affected:
* , ≤ 1.15.3
(semver)
|
Credits
Muhammad Daffa
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T20:37:43.079272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:52.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:30.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/807eadff-b39e-4d7a-9b0a-06fc18a90626?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3038174%40interactive-3d-flipbook-powered-physics-engine\u0026new=3038174%40interactive-3d-flipbook-powered-physics-engine\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "3D FlipBook \u2013 PDF Flipbook WordPress",
"vendor": "iberezansky",
"versions": [
{
"lessThanOrEqual": "1.15.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammad Daffa"
}
],
"descriptions": [
{
"lang": "en",
"value": "The 3D FlipBook \u2013 PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-21T06:47:56.976Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/807eadff-b39e-4d7a-9b0a-06fc18a90626?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3038174%40interactive-3d-flipbook-powered-physics-engine\u0026new=3038174%40interactive-3d-flipbook-powered-physics-engine\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-20T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-1081",
"datePublished": "2024-02-21T06:47:56.976Z",
"dateReserved": "2024-01-30T18:41:53.193Z",
"dateUpdated": "2024-08-01T18:26:30.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6776 (GCVE-0-2023-6776)
Vulnerability from cvelistv5 – Published: 2024-01-11 08:32 – Updated: 2024-11-14 15:52
VLAI?
Summary
The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Ready Function’ field in all versions up to, and including, 1.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| iberezansky | 3D FlipBook – PDF Flipbook WordPress |
Affected:
* , ≤ 1.15.2
(semver)
|
Credits
Craig Smith
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/500fd8aa-9ad1-41ee-bbeb-cda9c80c4fcb?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3014013/interactive-3d-flipbook-powered-physics-engine"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-17T19:12:41.712437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T15:52:00.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "3D FlipBook \u2013 PDF Flipbook WordPress",
"vendor": "iberezansky",
"versions": [
{
"lessThanOrEqual": "1.15.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Craig Smith"
}
],
"descriptions": [
{
"lang": "en",
"value": "The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018Ready Function\u2019 field in all versions up to, and including, 1.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T08:32:34.765Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/500fd8aa-9ad1-41ee-bbeb-cda9c80c4fcb?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3014013/interactive-3d-flipbook-powered-physics-engine"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-13T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-01-02T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6776",
"datePublished": "2024-01-11T08:32:34.765Z",
"dateReserved": "2023-12-13T13:14:21.117Z",
"dateUpdated": "2024-11-14T15:52:00.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}