Vulnerabilities and security researches forinteractive-3d-flipbook-powered-physics-engine interactive-3d-flipbook-powered-physics-engine

Direction: ascending

Jun 07, 2024

3D FlipBook – PDF Flipbook WordPress # CVE-2022-4453

CVE, Research URL: CVE-2022-4453
Home page URL: Security reports for 3D FlipBook – PDF Flipbook WordPress
Application: 3D FlipBook – PDF Flipbook WordPress
Date: Jan 16, 2023
Research Description: The 3D FlipBook WordPress plugin through 1.13.2 does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators.
Affected versions: max 1.13.3.
Status: vulnerable

3D FlipBook – PDF Flipbook WordPress # CVE-2023-6776

CVE, Research URL: CVE-2023-6776
Home page URL: Security reports for 3D FlipBook – PDF Flipbook WordPress
Application: 3D FlipBook – PDF Flipbook WordPress
Date: Jan 11, 2024
Research Description: The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Ready Function’ field in all versions up to, and including, 1.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.15.3.
Status: vulnerable

3D FlipBook – PDF Flipbook WordPress # CVE-2022-0423

CVE, Research URL: CVE-2022-0423
Home page URL: Security reports for 3D FlipBook – PDF Flipbook WordPress
Application: 3D FlipBook – PDF Flipbook WordPress
Date: Mar 22, 2022
Research Description: The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook.
Affected versions: max 1.12.1.
Status: vulnerable

3D FlipBook – PDF Flipbook WordPress # CVE-2024-3883

CVE, Research URL: CVE-2024-3883
Home page URL: Security reports for 3D FlipBook – PDF Flipbook WordPress
Application: 3D FlipBook – PDF Flipbook WordPress
Date: May 02, 2024
Research Description: The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Bookmark URL field in all versions up to, and including, 1.15.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.15.5.
Status: vulnerable

3D FlipBook – PDF Flipbook WordPress # CVE-2024-1081

CVE, Research URL: CVE-2024-1081
Home page URL: Security reports for 3D FlipBook – PDF Flipbook WordPress
Application: 3D FlipBook – PDF Flipbook WordPress
Date: Feb 21, 2024
Research Description: The 3D FlipBook – PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.15.4.
Status: vulnerable

Jul 22, 2024

3D FlipBook – PDF Flipbook WordPress # CVE-2024-4367

CVE, Research URL: CVE-2024-4367
Home page URL: Security reports for 3D FlipBook – PDF Flipbook WordPress
Application: 3D FlipBook – PDF Flipbook WordPress
Date: May 14, 2024
Research Description: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Affected versions: max 1.15.6.
Status: vulnerable

Aug 12, 2024

3D FlipBook – PDF Flipbook WordPress # CVE-2024-43152

CVE, Research URL: CVE-2024-43152
Home page URL: Security reports for 3D FlipBook – PDF Flipbook WordPress
Application: 3D FlipBook – PDF Flipbook WordPress
Date: Aug 13, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery allows Stored XSS.This issue affects 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.15.6.
Affected versions: max 1.15.7.
Status: vulnerable

Jul 02, 2025

3D FlipBook – PDF Flipbook WordPress # CVE-2025-5289

CVE, Research URL: CVE-2025-5289
Home page URL: Security reports for 3D FlipBook – PDF Flipbook WordPress
Application: 3D FlipBook – PDF Flipbook WordPress
Date: Jun 21, 2025
Research Description: The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ and 'mode' parameters in all versions up to, and including, 1.16.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This issue affects only block-based themes.
Affected versions: max 1.16.16.
Status: vulnerable

Sep 27, 2025

3D FlipBook – PDF Flipbook WordPress # CVE-2025-58226

CVE, Research URL: CVE-2025-58226
Home page URL: Security reports for 3D FlipBook – PDF Flipbook WordPress
Application: 3D FlipBook – PDF Flipbook WordPress
Date: Sep 23, 2025
Research Description: Insertion of Sensitive Information Into Sent Data vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery interactive-3d-flipbook-powered-physics-engine allows Retrieve Embedded Sensitive Data.This issue affects 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through <= 1.16.16.
Affected versions: max 1.16.16.
Status: vulnerable

Apr 15, 2026

3D FlipBook – PDF Flipbook WordPress # CVE-2026-1314

CVE, Research URL: CVE-2026-1314
Home page URL: Security reports for 3D FlipBook – PDF Flipbook WordPress
Application: 3D FlipBook – PDF Flipbook WordPress
Date: -
Research Description: 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery [interactive-3d-flipbook-powered-physics-engine] < 1.16.18 CVE-2026-1314
Affected versions: max 1.16.18.
Status: vulnerable

Vulnerabilities and security researches forinteractive-3d-flipbook-powered-physics-engine interactive-3d-flipbook-powered-physics-engine

3D FlipBook &#8211; PDF Flipbook WordPress # CVE-2022-4453

3D FlipBook &#8211; PDF Flipbook WordPress # CVE-2023-6776

3D FlipBook &#8211; PDF Flipbook WordPress # CVE-2022-0423

3D FlipBook &#8211; PDF Flipbook WordPress # CVE-2024-3883

3D FlipBook &#8211; PDF Flipbook WordPress # CVE-2024-1081

3D FlipBook &#8211; PDF Flipbook WordPress # CVE-2024-4367

3D FlipBook &#8211; PDF Flipbook WordPress # CVE-2024-43152

3D FlipBook &#8211; PDF Flipbook WordPress # CVE-2025-5289

3D FlipBook &#8211; PDF Flipbook WordPress # CVE-2025-58226

3D FlipBook &#8211; PDF Flipbook WordPress # CVE-2026-1314

3D FlipBook – PDF Flipbook WordPress # CVE-2022-4453

3D FlipBook – PDF Flipbook WordPress # CVE-2023-6776

3D FlipBook – PDF Flipbook WordPress # CVE-2022-0423

3D FlipBook – PDF Flipbook WordPress # CVE-2024-3883

3D FlipBook – PDF Flipbook WordPress # CVE-2024-1081

3D FlipBook – PDF Flipbook WordPress # CVE-2024-4367

3D FlipBook – PDF Flipbook WordPress # CVE-2024-43152

3D FlipBook – PDF Flipbook WordPress # CVE-2025-5289

3D FlipBook – PDF Flipbook WordPress # CVE-2025-58226

3D FlipBook – PDF Flipbook WordPress # CVE-2026-1314