CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-11830: Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4 CVSS

Description

The PDF Flipbook, 3D Flipbook—DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to 2.3.52 due to insufficient input sanitization and output escaping on user-supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Classification

CVE ID: CVE-2024-11830

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.4

Affected Products

Vendor: dearhive

Product: Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 24.02% (scored less or equal to compared to others)

EPSS Date: 2025-02-06 (when was this score calculated)

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/88391d02-66d9-4c00-a519-17f92f64a17a?source=cve
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3218103%403d-flipbook-dflip-lite&new=3218103%403d-flipbook-dflip-lite&sfp_email=&sfph_mail=
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3215546%403d-flipbook-dflip-lite&new=3215546%403d-flipbook-dflip-lite&sfp_email=&sfph_mail=

Timeline

2025-01-09 00:30:12 UTC
CVE

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting