cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-34561,https://securityvulnerability.io/vulnerability/CVE-2024-34561,"Stored XSS Vulnerability in 3D FlipBook, PDF Viewer, and PDF Embedder - Real 3D FlipBook WordPress Plugin","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Stored XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.71.

",Wordpress,"3d Flipbook, PDF Viewer, PDF Embedder – Real 3d Flipbook WordPress Plugin",5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-08T11:09:42.288Z,0
CVE-2024-3883,https://securityvulnerability.io/vulnerability/CVE-2024-3883,Stored Cross-Site Scripting Vulnerability in FlipBook Plugin for WordPress,"The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Bookmark URL field in all versions up to, and including, 1.15.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,3d Flipbook – PDF Flipbook WordPress,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T08:32:10.652Z,0
CVE-2024-32694,https://securityvulnerability.io/vulnerability/CVE-2024-32694,3D FlipBook Vulnerable to Cross-site Scripting,"A reflected cross-site scripting (XSS) vulnerability exists in the Real 3D FlipBook, PDF Viewer, and PDF Embedder WordPress Plugin, allowing attackers to inject malicious scripts into web pages. This vulnerability can be exploited through improper handling of input during the web page generation process. As a result, users may inadvertently execute compromised scripts when interacting with affected versions of the plugin, leading to unauthorized actions or exposure of sensitive information.",Wordpress,"3d Flipbook, PDF Viewer, PDF Embedder – Real 3d Flipbook WordPress Plugin",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-22T07:48:43.070Z,0
CVE-2024-1081,https://securityvulnerability.io/vulnerability/CVE-2024-1081,Stored Cross-Site Scripting Vulnerability in 3D FlipBook PDF Flipbook WordPress Plugin,"The 3D FlipBook – PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,3D FlipBook – PDF Flipbook WordPress,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-02-21T06:47:56.976Z,0
CVE-2023-6776,https://securityvulnerability.io/vulnerability/CVE-2023-6776,Stored Cross-Site Scripting in 3D FlipBook Plugin for WordPress,"The 3D FlipBook plugin for WordPress has a vulnerability that allows stored cross-site scripting (XSS) through the 'Ready Function' field. This flaw arises from inadequate input sanitization and output escaping in all versions up to 1.15.2. Attackers with contributor-level access can exploit this vulnerability to inject arbitrary scripts into pages. These scripts execute whenever users access the affected pages, potentially compromising user data and leading to further exploits.",Wordpress,3D FlipBook – PDF Flipbook WordPress,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-01-11T08:32:34.765Z,0
CVE-2021-24732,https://securityvulnerability.io/vulnerability/CVE-2021-24732,Dflip Lite < 1.7.10 - Contributor+ Stored Cross-Site Scripting,"The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPress plugin before 1.7.10 does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks",Wordpress,"PDF Flipbook, 3d Flipbook WordPress – Dearflip",5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-10-18T13:46:01.000Z,0