DearFlip – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.4.28 - Missing Authorization

Description The DearFlip – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.4.28. This makes it possible for authenticated attackers, with contributor-leve...

CVE-2026-49047

Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DearFlip: from n/a through 2.4.27...

CVE-2026-49047 WordPress DearFlip plugin <= 2.4.27 - Broken Access Control vulnerability

Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DearFlip: from n/a through 2.4.27...

CVE-2026-49047

The CVE describes a Missing Authorization / Broken Access Control issue in the WordPress DearFlip (DearFlip) plugin, affected versions are WordPress DearFlip up to 2.4.27. The root cause is incorrectly configured access control security levels in DearFlip, enabling a lack of proper authorization ...

EUVD-2026-32540

Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DearFlip: from n/a through 2.4.27...

CVE-2026-49047 WordPress DearFlip plugin <= 2.4.27 - Broken Access Control vulnerability

Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DearFlip: from n/a through 2.4.27...

WordPress DearFlip plugin <= 2.4.29 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by timomangcut in WordPress Plugin DearFlip versions = 2.4.29...

PT-2026-44025

Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DearFlip: from n/a through 2.4.27...

WordPress plugin DearFlip 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Dear Flipbook plugin <= 2.4.20 - Authenticated (Author+) Stored Cross-Site Scripting via PDF Page Labels vulnerability

Authenticated Author+ Stored Cross-Site Scripting via PDF Page Labels vulnerability discovered by Drew Webber mcdruid in WordPress Plugin DearFlip versions = 2.4.20...

WordPress PDF Flipbook, 3D Flipbook - DearFlip plugin <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress PDF Flipbook, 3D Flipbook - DearFlip plugin = 2.2.26 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Daffa in WordPress Plugin DearFlip versions = 2.2.26...

EUVD-2024-26801

Malicious code in bioql PyPI...

EUVD-2024-34341

Malicious code in bioql PyPI...

EUVD-2024-49369

Malicious code in bioql PyPI...

EUVD-2024-16677

Malicious code in bioql PyPI...

WordPress DearFlip plugin <= 2.3.65 - DOM-Based Reflected Cross-Site Scripting via 'pdf-source' vulnerability

DOM-Based Reflected Cross-Site Scripting via 'pdf-source' vulnerability discovered by Martin Herancourt in WordPress Plugin DearFlip versions = 2.3.65...

CVE-2024-29807

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DearHive DearFlip allows Stored XSS.This issue affects DearFlip: from n/a through 2.2.26...

CVE-2024-11830

The PDF Flipbook, 3D Flipbook—DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to 2.3.52 due to insufficient input sanitization and output escaping on user-supplied data. This makes it possible for authenticated attackers with...

CVE-2021-24732

The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPress plugin before 1.7.10 does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

WordPress Dear Flipbook plugin <= 2.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Nguyen Vuong Quoc in WordPress Plugin DearFlip versions = 2.3.52...