Vulnerabilities and security researches forinteractive-3d-flipbook-powered-physics-engine interactive-3d-flipbook-powered-physics-engine
Direction: descendingApr 15, 2026
3D FlipBook – PDF Flipbook WordPress # CVE-2026-1314
- CVE, Research URL
- Application
- Date
- -
- Research Description
- 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery [interactive-3d-flipbook-powered-physics-engine] < 1.16.18 CVE-2026-1314
- Affected versions
-
max 1.16.18.
- Status
-
vulnerable
Sep 27, 2025
3D FlipBook – PDF Flipbook WordPress # CVE-2025-58226
- CVE, Research URL
- Application
- Date
- Sep 23, 2025
- Research Description
- Insertion of Sensitive Information Into Sent Data vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery interactive-3d-flipbook-powered-physics-engine allows Retrieve Embedded Sensitive Data.This issue affects 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through <= 1.16.16.
- Affected versions
-
max 1.16.16.
- Status
-
vulnerable
Jul 02, 2025
3D FlipBook – PDF Flipbook WordPress # CVE-2025-5289
- CVE, Research URL
- Application
- Date
- Jun 21, 2025
- Research Description
- The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ and 'mode' parameters in all versions up to, and including, 1.16.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This issue affects only block-based themes.
- Affected versions
-
max 1.16.16.
- Status
-
vulnerable
Aug 12, 2024
3D FlipBook – PDF Flipbook WordPress # CVE-2024-43152
- CVE, Research URL
- Application
- Date
- Aug 13, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery allows Stored XSS.This issue affects 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.15.6.
- Affected versions
-
max 1.15.7.
- Status
-
vulnerable
Jul 22, 2024
3D FlipBook – PDF Flipbook WordPress # CVE-2024-4367
- CVE, Research URL
- Application
- Date
- May 14, 2024
- Research Description
- A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
- Affected versions
-
max 1.15.6.
- Status
-
vulnerable
Jun 07, 2024
3D FlipBook – PDF Flipbook WordPress # CVE-2022-4453
- CVE, Research URL
- Application
- Date
- Jan 16, 2023
- Research Description
- The 3D FlipBook WordPress plugin through 1.13.2 does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators.
- Affected versions
-
max 1.13.3.
- Status
-
vulnerable
3D FlipBook – PDF Flipbook WordPress # CVE-2023-6776
- CVE, Research URL
- Application
- Date
- Jan 11, 2024
- Research Description
- The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Ready Function’ field in all versions up to, and including, 1.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 1.15.3.
- Status
-
vulnerable
3D FlipBook – PDF Flipbook WordPress # CVE-2022-0423
- CVE, Research URL
- Application
- Date
- Mar 22, 2022
- Research Description
- The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook.
- Affected versions
-
max 1.12.1.
- Status
-
vulnerable
3D FlipBook – PDF Flipbook WordPress # CVE-2024-3883
- CVE, Research URL
- Application
- Date
- May 02, 2024
- Research Description
- The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Bookmark URL field in all versions up to, and including, 1.15.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 1.15.5.
- Status
-
vulnerable
3D FlipBook – PDF Flipbook WordPress # CVE-2024-1081
- CVE, Research URL
- Application
- Date
- Feb 21, 2024
- Research Description
- The 3D FlipBook – PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 1.15.4.
- Status
-
vulnerable