{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1314", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-01-21T22:07:21.915Z", "datePublished": "2026-04-14T23:26:07.668Z", "dateUpdated": "2026-04-15T16:22:29.670Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-14T23:26:07.668Z"}, "affected": [{"vendor": "iberezansky", "product": "3D FlipBook \u2013 PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.16.17", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The 3D FlipBook \u2013 PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the send_post_pages_json() function in all versions up to, and including, 1.16.17. This makes it possible for unauthenticated attackers to retrieve flipbook page metadata for draft, private and password-protected flipbooks."}], "title": "3D FlipBook \u2013 PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.17 - Missing Authorization to Unauthenticated Private/Draft Flipbook Data Exposure", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d7e41753-2dbf-4afa-b61e-e617be2c4dc2?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3467608/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Kai Aizen"}], "timeline": [{"time": "2026-01-09T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2026-04-14T10:49:26.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T16:22:15.209174Z", "id": "CVE-2026-1314", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T16:22:29.670Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The 3D FlipBook \u2013 PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the send_post_pages_json() function in all versions up to, and including, 1.16.17. This makes it possible for unauthenticated attackers to retrieve flipbook page metadata for draft, private and password-protected flipbooks."}], "id": "CVE-2026-1314", "lastModified": "2026-04-15T04:17:32.963", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2026-04-15T04:17:32.963", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3467608/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d7e41753-2dbf-4afa-b61e-e617be2c4dc2?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.16.17]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "3D FlipBook \u2013 PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery", "source": "cna", "vendor": "iberezansky"}, "product": "3d_flipbook_\u2013_pdf_embedder,_pdf_flipbook_viewer,_flipbook_image_gallery", "vendor": "iberezansky"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-15T01:22:02.319398+00:00", "value": {"mitigation_remediation": ["Update the 3D FlipBook plugin to a revision newer than 1.16.17 that implements the missing capability check.", "If an update is unavailable, modify the send_post_pages_json() function in the plugin\u2019s code to verify the caller\u2019s capability before returning any data.", "Configure role\u2011based permissions or employ a security plugin to block unauthenticated requests to the flipbook JSON endpoint, or otherwise restrict access to private and draft flipbooks."], "summary": {"action": "Update Plugin", "impact": "Unauthorized access to private or draft flipbook metadata"}, "threat_synthesis": {"affected_systems": "WordPress sites that have installed the \"3D FlipBook \u2013 PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery\" plugin from vendor iberezansky. Versions up to and including 1.16.17 are affected; any installation using these or earlier releases is vulnerable.", "description_and_impact": "The 3D FlipBook plugin for WordPress contains a missing capability check on the send_post_pages_json() function. As a result, unauthenticated users can call this endpoint and retrieve metadata about flipbook pages that are draft, private, or password\u2011protected. This flaw exposes confidential content without requiring any authentication or privilege escalation, leading to potential information disclosure and privacy violations.", "risk_and_exploitability": "The vulnerability is scored 5.3 on CVSS, indicating moderate severity. Exploitability is likely high because the flaw relies solely on a missing authorization check and does not require any additional conditions. With limited publicly reported exploitation, the risk remains plausible for targeted attacks that can easily enumerate private flipbooks over the network."}}}}, "created": "2026-04-15T14:28:41.083985+00:00", "updated": "2026-04-15T14:53:36.935277+00:00", "vendors": ["iberezansky", "iberezansky$PRODUCT$3d_flipbook_\u2013_pdf_embedder,_pdf_flipbook_viewer,_flipbook_image_gallery", "wordpress", "wordpress$PRODUCT$wordpress"]}