PT-2026-32993 · WordPress · 3D Flipbook
Kai Aizen
·
Published
2026-04-14
·
Updated
2026-04-21
·
CVE-2026-1314
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery versions prior to 1.16.18
Description
This plugin for WordPress allows unauthenticated attackers to retrieve flipbook page metadata for draft, private, and password-protected flipbooks. This occurs due to a missing capability check in the
send post pages json() function.Recommendations
Update to a version later than 1.16.17.
As a temporary workaround, consider disabling the
send post pages json() function until the update is applied.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
3D Flipbook