Lucene search

PatchstackCVELIST:CVE-2024-34561

HistoryMay 08, 2024 - 11:09 a.m.

CVE-2024-34561 WordPress Real3D Flipbook PDF Viewer Lite plugin <= 3.71 - Cross Site Scripting (XSS) vulnerability

2024-05-0811:09:42

CWE-79

Patchstack

www.cve.org

cve-2024-34561

cross site scripting

wordpress plugin

pdf viewer

web page generation

stored xss

security vulnerability

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Stored XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.71.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "real3d-flipbook-lite",
    "product": "3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin",
    "vendor": "Creative interactive media",
    "versions": [
      {
        "changes": [
          {
            "at": "3.72",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.71",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/real3d-flipbook-lite/wordpress-real3d-flipbook-pdf-viewer-lite-plugin-3-71-cross-site-scripting-xss-vulnerability?_s_id=cve