Description
Insertion of Sensitive Information Into Sent Data vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery interactive-3d-flipbook-powered-physics-engine allows Retrieve Embedded Sensitive Data.This issue affects 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through <= 1.16.16.
Published: 2025-09-22
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic insertion of sensitive information into sent data that allows an attacker to retrieve embedded sensitive content. Because the flaw resides in the plugin code, a compromised site could leak confidentiality of data stored or configured within the plugin, such as document identifiers, internal URLs, or custom data stored in the flipbook views. The weakness is classified as CWE-201, a data exposure issue due to unsanitized output.

Affected Systems

The affected product is iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery for WordPress. All installations running any version from the earliest available release up to and including version 1.16.16 are affected. No other versions or vendors are indicated.

Risk and Exploitability

The CVSS score of 5.3 places this vulnerability in the medium severity range, but the EPSS score of less than 1% indicates that large‑scale exploitation is unlikely at present. It is not listed in the CISA KEV catalog. The likely attack vector is via a publicly accessible WordPress site that has the plugin activated, allowing an unauthenticated attacker to request a flipbook resource and receive the embedded sensitive data.

Generated by OpenCVE AI on April 30, 2026 at 01:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the plugin to a patched version (1.16.17 or later) once released.
  • If an update is unavailable, remove or disable any configuration options that embed sensitive data in the flipbook output.
  • Perform a review of public URLs served by the plugin to ensure no confidential information is exposed and adjust file permissions accordingly.

Generated by OpenCVE AI on April 30, 2026 at 01:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-30612 Insertion of Sensitive Information Into Sent Data vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery allows Retrieve Embedded Sensitive Data. This issue affects 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.16.16.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery allows Retrieve Embedded Sensitive Data. This issue affects 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.16.16. Insertion of Sensitive Information Into Sent Data vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery interactive-3d-flipbook-powered-physics-engine allows Retrieve Embedded Sensitive Data.This issue affects 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through <= 1.16.16.
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Tue, 23 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Iberezansky
Iberezansky 3d Flipbook
Wordpress
Wordpress wordpress
Vendors & Products Iberezansky
Iberezansky 3d Flipbook
Wordpress
Wordpress wordpress

Tue, 23 Sep 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 22 Sep 2025 18:30:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery allows Retrieve Embedded Sensitive Data. This issue affects 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.16.16.
Title WordPress 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Plugin <= 1.16.16 - Sensitive Data Exposure Vulnerability
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Iberezansky 3d Flipbook
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:42.380Z

Reserved: 2025-08-27T16:19:27.209Z

Link: CVE-2025-58226

cve-icon Vulnrichment

Updated: 2025-09-23T14:47:23.549Z

cve-icon NVD

Status : Deferred

Published: 2025-09-22T19:16:07.423

Modified: 2026-04-23T15:33:20.300

Link: CVE-2025-58226

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T01:30:24Z

Weaknesses
  • CWE-201

    Insertion of Sensitive Information Into Sent Data