Description
Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects iPages Flipbook: from n/a through 1.5.1.
Published: 2026-06-17
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Missing Authorization in Avirtum iPages Flipbook allows unauthorized users to access or modify content that should be protected by role‑based access controls. The vulnerability enables bypassing the plugin’s security levels, exposing sensitive documents or configuration data through the WordPress instance. Attackers could retrieve or alter proprietary material by interacting with the plugin’s protected endpoints without authenticating.

Affected Systems

Avirtum iPages Flipbook versions from the original release through 1.5.1 are affected. This includes WordPress plugins installed on any site running those versions. All earlier releases are also vulnerable until upgraded to at least 1.5.2, which removes the faulty access‑control handling.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the EPSS score is not available, so the current exploitation likelihood is unknown. The vulnerability is not listed in the CISA KEV catalog. Exploitation is likely achievable remotely via crafted HTTP requests to the plugin’s endpoints, taking advantage of incorrectly configured security levels. The attack does not require privileged credentials, making it a potential threat to sites that do not enforce proper role restrictions.

Generated by OpenCVE AI on June 18, 2026 at 11:56 UTC.

Remediation

Vendor Solution

Update the WordPress iPages Flipbook plugin to the latest available version (at least 1.5.2).


OpenCVE Recommended Actions

  • Update the iPages Flipbook plugin to version 1.5.2 or newer
  • If the plugin is not needed, deactivate or uninstall it from all WordPress installations
  • Ensure WordPress user roles and permissions restrict access to the plugin’s backend pages only to appropriate administrators

Generated by OpenCVE AI on June 18, 2026 at 11:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 17 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Avirtum
Avirtum ipages Flipbook
Wordpress
Wordpress wordpress
Vendors & Products Avirtum
Avirtum ipages Flipbook
Wordpress
Wordpress wordpress

Wed, 17 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1.
Title WordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


Subscriptions

Avirtum Ipages Flipbook
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T13:36:36.602Z

Reserved: 2024-04-29T08:09:49.974Z

Link: CVE-2024-33909

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T12:00:16Z

Weaknesses