Vulnerabilities > CVE-2022-0423 - Unspecified vulnerability in 3Dflipbook 3D Flipbook

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
3dflipbook

Summary

The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook.

Vulnerable Configurations

Part Description Count
Application
3Dflipbook
65