CVE-2022-0423
N/A
N/A
Summary
The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery | 1.12.1 < 1.12.1 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.