DearFlip – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer < 2.4.30 - Missing Authorization

Description The DearFlip – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.4.29. This makes it possible for authenticated attackers, with contributor-leve...

EUVD-2024-49369

Malicious code in bioql PyPI...

CVE-2024-11830

The PDF Flipbook, 3D Flipbook—DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to 2.3.52 due to insufficient input sanitization and output escaping on user-supplied data. This makes it possible for authenticated attackers with...

CVE-2024-11830

The PDF Flipbook, 3D Flipbook—DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to 2.3.52 due to insufficient input sanitization and output escaping on user-supplied data. This makes it possible for authenticated attackers with...

PT-2024-39197 · WordPress · Dearflip

Name of the Vulnerable Software and Affected Versions: DearFlip plugin for WordPress versions up to, and including, 2.3.32 Description: The issue is related to Reflected Cross-Site Scripting via the pdf source parameter due to insufficient input sanitization and output escaping. This allows...

PT-2024-23052 · Dearflip · Dearflip

Name of the Vulnerable Software and Affected Versions: DearFlip versions through 2.2.26 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This enables attackers to inject malicious scripts int...