CVE-2024-11830 – DearFlip for WordPress Stored Cross-Site Scripting Vulnerability

1月 8, 2025
12:16 pm

CVE ID : CVE-2024-11830

Published : Jan. 8, 2025, 11:15 a.m. | 1 hour, 1 minute ago

Description : The PDF Flipbook, 3D Flipbook—DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to 2.3.52 due to insufficient input sanitization and output escaping on user-supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-11830 – DearFlip for WordPress Stored Cross-Site Scripting Vulnerability

Elvescore.io

Recent Posts

CVE-2025-22801 – HasThemes Free WooCommerce Theme 99fy Extension Stored XSS

CVE-2025-22802 – YeeMail Email Templates Customizer Cross-site Scripting (XSS) Vulnerability

CVE-2025-22803 – VillaTheme WooCommerce Advanced Product Information Stored Cross-site Scripting (XSS)

CVE-2025-22804 – WordPress Author Avatars XSS

CVE-2025-22805 – ThemePoints Skill Bar Cross-site Scripting (Stored XSS)

CVE-2025-22806 – Modernaweb Studio Black Widgets For Elementor Cross-site Scripting

CVE-2024-11830 – DearFlip for WordPress Stored Cross-Site Scripting Vulnerability

CVE-2024-11830 – DearFlip for WordPress Stored Cross-Site Scripting Vulnerability