CVE-2022-0423

CVE-2022-0423: 3D FlipBook < 1.12.1 - Subscriber+ Stored Cross-Site Scripting

Vendor Unknown

Product 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery

Weakness CWE-79 · XSS

Published March 21, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook.

Key dates

02Disclosure timeline

March 21, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0423

Related vulnerabilities

04Related CVE

CVE-2025-43791 CVE-2021-29107 There is a stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below. CVE-2025-11814 Ultimate Addons for WPBakery Page Builder < 3.21.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-51705 WordPress WP MMenu Lite plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-7218 SourceCodester/Campcodes School Log Management System ajax.php cross site scripting