Description
Missing Authorization vulnerability in codelobster Responsive Flipbooks responsive-flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Flipbooks: from n/a through <= 1.0.
Published: 2025-06-06
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the Codelobster Responsive Flipbooks WordPress plugin. It allows an attacker who can reach the plugin’s control panels or content pages to bypass the intended access controls and view, edit, or delete flipbook material without permission. The resulting data exposure or manipulation can undermine confidentiality, integrity, and potentially availability of the published flipbooks.

Affected Systems

Codelobster Responsive Flipbooks plugin versions up to and including 1.0 are affected. Any WordPress site that installs this plugin while running a version 1.0 or earlier is at risk.

Risk and Exploitability

The CVSS base score of 5.4 indicates a moderate severity, and the EPSS value below 1% suggests that exploitation is presently unlikely but possible. Because the flaw was identified as a broken access control in a web‑based plugin, the attack vector is most likely through web requests to the plugin’s administrative routes, potentially from an unauthenticated or low‑privileged user. The vulnerability is not listed in the CISA KEV catalog at this time.

Generated by OpenCVE AI on May 1, 2026 at 07:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Responsive Flipbooks plugin to the latest version (any release newer than 1.0).
  • If an update is not yet available, remove or disable the plugin until a fix is released to prevent unauthorized access.
  • Audit WordPress administrative access controls, ensuring only properly privileged users can reach Flipbooks management pages and restrict directory permissions as best practice.

Generated by OpenCVE AI on May 1, 2026 at 07:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-17159 Missing Authorization vulnerability in codelobster Responsive Flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Flipbooks: from n/a through 1.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in codelobster Responsive Flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Flipbooks: from n/a through 1.0. Missing Authorization vulnerability in codelobster Responsive Flipbooks responsive-flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Flipbooks: from n/a through <= 1.0.
Title WordPress Responsive Flipbooks <= 1.0 - Broken Access Control Vulnerability WordPress Responsive Flipbooks plugin <= 1.0 - Broken Access Control Vulnerability
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Fri, 06 Jun 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Jun 2025 13:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in codelobster Responsive Flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Flipbooks: from n/a through 1.0.
Title WordPress Responsive Flipbooks <= 1.0 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:34.349Z

Reserved: 2025-01-23T14:53:25.027Z

Link: CVE-2025-24776

cve-icon Vulnrichment

Updated: 2025-06-06T15:20:26.398Z

cve-icon NVD

Status : Deferred

Published: 2025-06-06T13:15:26.667

Modified: 2026-06-17T08:59:35.357

Link: CVE-2025-24776

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T07:45:06Z

Weaknesses