CVE-2025-58226 Scanner
CVE-2025-58226 Scanner - Information Disclosure vulnerability in WordPress 3D FlipBook Plugin
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
25 days 17 hours
Scan only one
URL
Toolbox
The WordPress 3D FlipBook Plugin is widely used by website administrators to enhance their websites with interactive 3D flipbooks. This plugin is particularly popular among online publishers, educational institutions, and digital magazines to create engaging flipbook content. It helps to present documents in a manner that mimics the physical experience of flipping through a book. However, due to its integration with WordPress, it can pose a security risk if vulnerabilities like information disclosure are present. This scanner tests this particular vulnerability, helping prevent potentially unauthorized data access through this popular WordPress plugin.
The vulnerability identified in this scanner highlights a significant security concern with the WordPress 3D FlipBook Plugin. It specifically involves exposing sensitive information through an unauthenticated AJAX action known as 'fb3d_send_posts'. Such a vulnerability may allow attackers to access various sensitive data, including password-protected content and related metadata, without proper authorization. Understanding this vulnerability is crucial for administrators relying on this plugin to safeguard their content and user privacy.
The vulnerability revolves around the exposure of all flipbook posts, including sensitive data such as PDF URLs and plugin settings. The exploitable endpoint, '/wp-admin/admin-ajax.php?action=fb3d_send_posts', is accessible without authentication, allowing attackers to retrieve data via direct requests. Additionally, the plugin settings, often containing sensitive information, further compound the risk when disclosed to unauthorized users. Countermeasures should be implemented to mitigate this potential security breach, particularly for sites highly reliant on the WordPress platform.
When exploited, this vulnerability can lead to unauthorized access to sensitive information, undermining user privacy and potentially leading to data leakage. This exposure may result in severe repercussions, such as identity theft if the disclosed data includes personal user information. Organizations using this plugin may face legal challenges for failing to protect user data, impacting their reputation and user trust. It is imperative for affected parties to promptly address and rectify such vulnerabilities to mitigate potential damages.
REFERENCES
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/interactive-3d-flipbook-powered-physics-engine/
- https://patchstack.com/database/wordpress/plugin/interactive-3d-flipbook-powered-physics-engine/vulnerability/
- https://plugins.svn.wordpress.org/interactive-3d-flipbook-powered-physics-engine/
