CVE-2025-5314

Name of the Vulnerable Software and Affected Versions: The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress versions up to, and including, 2.3.65

Description: The issue is related to DOM-Based Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages via the pdf-source parameter. Attackers can exploit this by tricking a user into performing an action such as clicking on a link.

Recommendations: For versions up to, and including, 2.3.65, avoid using the pdf-source parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.