Impact
Missing Authorization in Avirtum iPages Flipbook allows unauthorized users to access or modify content that should be protected by role‑based access controls. The vulnerability enables bypassing the plugin’s security levels, exposing sensitive documents or configuration data through the WordPress instance. Attackers could retrieve or alter proprietary material by interacting with the plugin’s protected endpoints without authenticating.
Affected Systems
Avirtum iPages Flipbook versions from the original release through 1.5.1 are affected. This includes WordPress plugins installed on any site running those versions. All earlier releases are also vulnerable until upgraded to at least 1.5.2, which removes the faulty access‑control handling.
Risk and Exploitability
The CVSS score of 5.3 indicates moderate severity, and the EPSS score is not available, so the current exploitation likelihood is unknown. The vulnerability is not listed in the CISA KEV catalog. Exploitation is likely achievable remotely via crafted HTTP requests to the plugin’s endpoints, taking advantage of incorrectly configured security levels. The attack does not require privileged credentials, making it a potential threat to sites that do not enforce proper role restrictions.
OpenCVE Enrichment