Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.4
Dear Flipbook Plugin for WordPress Allows Attackers to Inject Harmful Code
CVE-2026-2569
Summary
The Dear Flipbook plugin for WordPress has a security flaw that lets attackers inject malicious code into PDFs, which can harm users who view the infected PDFs. This affects all versions of the plugin, including the latest one. To stay safe, update the plugin to the latest version.
Original title
The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via PDF page labels in all versions up to, and including, 2.4....
Original description
The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via PDF page labels in all versions up to, and including, 2.4.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
nvd CVSS3.1
6.4
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026