Description
Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3D FlipBook: from n/a through <= 4.19.1.
Published: 2026-02-19
Score: 3.8 Low
EPSS: < 1% Very Low
KEV: No
Impact: Broken Access Control
Action: Apply Update
AI Analysis

Impact

An unauthenticated or improperly authenticated attacker can exploit a missing authorization check within the Real 3D FlipBook plugin. The flaw permits bypassing the plugin’s intended role‑based limits, allowing the attacker to modify, create, or delete flip‑book content and settings. This undermines confidentiality and integrity of the content managed by the plugin and could increase the scope of compromise to the entire WordPress site if the attacker gains further privileges.

Affected Systems

The vulnerability affects the Real 3D FlipBook Lite plugin made by creativeinteractivemedia. All releases up to and including version 4.19.1 are impacted. Sites running WordPress with this plugin installed are potentially exposed.

Risk and Exploitability

The CVSS score is 3.8, classifying the risk as low. The EPSS score of less than 1 % indicates a very low probability of real‑world exploitation at this time, and the vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog. The attack requires the plugin to be active on a WordPress installation and an attacker to find a way to trigger the unauthenticated access path, which is not explicitly documented; the likely vector is through the web interface of the plugin. While the flaw does not allow remote code execution, an attacker who succeeds could gain significant control over the plugin’s content management features.

Generated by OpenCVE AI on April 16, 2026 at 00:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Real 3D FlipBook Lite plugin to a version newer than 4.19.1 (or remove the plugin if an update is unavailable).
  • Restrict plugin functionality by ensuring only administrators have access to the flip‑book administration pages.
  • Verify that all WordPress user roles have permissions aligned with your security policy and remove unused administrative accounts.

Generated by OpenCVE AI on April 16, 2026 at 00:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3D FlipBook: from n/a through <= 4.16.4. Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3D FlipBook: from n/a through <= 4.19.1.
Title WordPress Real 3D FlipBook plugin <= 4.16.4 - Broken Access Control vulnerability WordPress Real 3D FlipBook plugin <= 4.19.1 - Broken Access Control vulnerability

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Creativeinteractivemedia
Creativeinteractivemedia real3d Flipbook
Wordpress
Wordpress wordpress
Vendors & Products Creativeinteractivemedia
Creativeinteractivemedia real3d Flipbook
Wordpress
Wordpress wordpress

Fri, 20 Feb 2026 01:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Feb 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 3.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L'}

Thu, 19 Feb 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3D FlipBook: from n/a through <= 4.16.4.
Title WordPress Real 3D FlipBook plugin <= 4.16.4 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Creativeinteractivemedia Real3d Flipbook
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:14:57.804Z

Reserved: 2026-02-02T12:53:26.262Z

Link: CVE-2026-25423

cve-icon Vulnrichment

Updated: 2026-02-19T18:28:54.224Z

cve-icon NVD

Status : Deferred

Published: 2026-02-19T09:16:24.020

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-25423

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T00:15:18Z

Weaknesses