Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for PDF Flipbook, 3D Flipbook WordPress – DearFlip by Unknown
CVE-2021-24732 (GCVE-0-2021-24732)
Vulnerability from nvd – Published: 2021-10-18 13:46 – Updated: 2024-08-03 19:42
VLAI?
Title
Dflip Lite < 1.7.10 - Contributor+ Stored Cross-Site Scripting
Summary
The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPress plugin before 1.7.10 does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PDF Flipbook, 3D Flipbook WordPress – DearFlip |
Affected:
1.7.10 , < 1.7.10
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9425a9b2-e9b8-41f5-a3ca-623b6da0297c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PDF Flipbook, 3D Flipbook WordPress \u2013 DearFlip",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.7.10",
"status": "affected",
"version": "1.7.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PDF Flipbook, 3D Flipbook WordPress \u2013 DearFlip WordPress plugin before 1.7.10 does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-18T13:46:01.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/9425a9b2-e9b8-41f5-a3ca-623b6da0297c"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Dflip Lite \u003c 1.7.10 - Contributor+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24732",
"STATE": "PUBLIC",
"TITLE": "Dflip Lite \u003c 1.7.10 - Contributor+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PDF Flipbook, 3D Flipbook WordPress \u2013 DearFlip",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.7.10",
"version_value": "1.7.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PDF Flipbook, 3D Flipbook WordPress \u2013 DearFlip WordPress plugin before 1.7.10 does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/9425a9b2-e9b8-41f5-a3ca-623b6da0297c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/9425a9b2-e9b8-41f5-a3ca-623b6da0297c"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24732",
"datePublished": "2021-10-18T13:46:01.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:16.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24732 (GCVE-0-2021-24732)
Vulnerability from cvelistv5 – Published: 2021-10-18 13:46 – Updated: 2024-08-03 19:42
VLAI?
Title
Dflip Lite < 1.7.10 - Contributor+ Stored Cross-Site Scripting
Summary
The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPress plugin before 1.7.10 does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PDF Flipbook, 3D Flipbook WordPress – DearFlip |
Affected:
1.7.10 , < 1.7.10
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9425a9b2-e9b8-41f5-a3ca-623b6da0297c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PDF Flipbook, 3D Flipbook WordPress \u2013 DearFlip",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.7.10",
"status": "affected",
"version": "1.7.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PDF Flipbook, 3D Flipbook WordPress \u2013 DearFlip WordPress plugin before 1.7.10 does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-18T13:46:01.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/9425a9b2-e9b8-41f5-a3ca-623b6da0297c"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Dflip Lite \u003c 1.7.10 - Contributor+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24732",
"STATE": "PUBLIC",
"TITLE": "Dflip Lite \u003c 1.7.10 - Contributor+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PDF Flipbook, 3D Flipbook WordPress \u2013 DearFlip",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.7.10",
"version_value": "1.7.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PDF Flipbook, 3D Flipbook WordPress \u2013 DearFlip WordPress plugin before 1.7.10 does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/9425a9b2-e9b8-41f5-a3ca-623b6da0297c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/9425a9b2-e9b8-41f5-a3ca-623b6da0297c"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24732",
"datePublished": "2021-10-18T13:46:01.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:16.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}