DOM-Based Reflected Cross-Site Scripting Vulnerability in Dear Flipbook Plugin for WordPress
CVE-2025-5314

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Dear Flipbook – PDF Flipbook, 3d Flipbook, PDF Embed, PDF Viewer
Vendor: CVE Published:; 1 July 2025

What is CVE-2025-5314?

The Dear Flipbook plugin for WordPress is susceptible to a DOM-based reflected cross-site scripting vulnerability stemming from inadequate input sanitization and output escaping. This flaw is exploited via the 'pdf-source' parameter, allowing unauthenticated attackers to inject arbitrary scripts. Once a user is baited into clicking a malicious link, these scripts can execute, leading to potential data theft or other malicious activities.

Affected Version(s)

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer * <= 2.3.65

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/3d-flipbook-df...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 1, 2025
Vulnerability Reserved
May 29, 2025

Credit

Martin Herancourt