Vulnerabilities > Flowpaper

DATE CVE VULNERABILITY TITLE RISK
2023-10-20 CVE-2023-5200 Cross-site Scripting vulnerability in Flowpaper
The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'flipbook' shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
flowpaper CWE-79
5.4
2023-09-04 CVE-2023-40197 Cross-site Scripting vulnerability in Flowpaper
Auth.
network
low complexity
flowpaper CWE-79
5.4
2021-11-10 CVE-2020-23878 Out-of-bounds Write vulnerability in Flowpaper Pdf2Json 0.71
pdf2json v0.71 was discovered to contain a stack buffer overflow in the component XRef::fetch.
network
low complexity
flowpaper CWE-787
critical
9.8
2021-11-10 CVE-2020-23879 NULL Pointer Dereference vulnerability in Flowpaper Pdf2Json 0.71
pdf2json v0.71 was discovered to contain a NULL pointer dereference in the component ObjectStream::getObject.
network
low complexity
flowpaper CWE-476
7.5
2021-07-21 CVE-2020-19463 Allocation of Resources Without Limits or Throttling vulnerability in Flowpaper Pdf2Json 0.70
An issue has been found in function vfprintf in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow.
local
low complexity
flowpaper CWE-770
5.5
2021-07-21 CVE-2020-19464 Allocation of Resources Without Limits or Throttling vulnerability in Flowpaper Pdf2Json 0.70
An issue has been found in function XRef::fetch in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow .
local
low complexity
flowpaper CWE-770
5.5
2021-07-21 CVE-2020-19465 Out-of-bounds Read vulnerability in Flowpaper Pdf2Json 0.70
An issue has been found in function ObjectStream::getObject in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 4 .
local
low complexity
flowpaper CWE-125
5.5
2021-07-21 CVE-2020-19466 Out-of-bounds Read vulnerability in Flowpaper Pdf2Json 0.70
An issue has been found in function DCTStream::transformDataUnit in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 1 .
local
low complexity
flowpaper CWE-125
5.5
2021-07-21 CVE-2020-19467 Use After Free vulnerability in Flowpaper Pdf2Json 0.70
An issue has been found in function DCTStream::transformDataUnit in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an Illegal Use After Free .
local
low complexity
flowpaper CWE-416
5.5
2021-07-21 CVE-2020-19468 NULL Pointer Dereference vulnerability in Flowpaper Pdf2Json 0.70
An issue has been found in function EmbedStream::getChar in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a null pointer derefenrece (invalid read of size 8) .
local
low complexity
flowpaper CWE-476
5.5