WordPress DearFlip Reflected XSS Vulnerability (CVE-2024-8717) Advisory

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability Name**: PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer - DearFlip <= 2.3.32 - Reflected Cross-Site Scripting 2. **Vulnerability Description**: - Describes a reflected cross-site scripting (XSS) vulnerability in the PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress. - The vulnerability arises from improper neutralization of input when handling the `pdf_source` parameter, allowing attackers to execute malicious scripts by tricking users into clicking on crafted links. 3. **Vulnerability Rating**: - CVSS Score: 3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - CVSS Score: 6.1 (Medium) 4. **Disclosure Date**: October 23, 2024 5. **Update Date**: October 24, 2024 6. **Fix Status**: Fixed. Users are advised to update to version 2.3.42 or higher. 7. **Affected Versions**: <= 2.3.32 8. **Fixed Version**: 2.3.42 9. **Reference Links**: - plugins.trac.wordpress.org - plugins.trac.wordpress.org 10. **Vulnerability Type**: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11. **Vulnerability ID**: CVE-2024-8717 12. **Severity Level**: Medium 13. **Disclosure Date**: October 23, 2024 14. **Update Date**: October 24, 2024 15. **Vulnerability Description**: The plugin fails to properly neutralize input when processing the `pdf_source` parameter, enabling attackers to execute malicious scripts by tricking users into clicking on malicious links. 16. **Fix**: Already fixed. Users should upgrade to version 2.3.42 or later. 17. **Affected Versions**: <= 2.3.32 18. **Fixed Version**: 2.3.42 19. **Reference Links**: - plugins.trac.wordpress.org - plugins.trac.wordpress.org 20. **Vulnerability Type**: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 21. **Vulnerability ID**: CVE-2024-8717 22. **Severity Level**: Medium 23. **Disclosure Date**: October 23, 2024 24. **Update Date**: October 24, 2024 25. **Vulnerability Description**: The plugin fails to properly neutralize input when processing the `pdf_source` parameter, enabling attackers to execute malicious scripts by tricking users into clicking on malicious links. 26. **Fix**: Already fixed. Users should upgrade to version 2.3.42 or later. 27. **Affected Versions**: <= 2.3.32 28. **Fixed Version**: 2.3.42 29. **Reference Links**: - plugins.trac.wordpress.org - plugins.trac.wordpress.org 30. **Vulnerability Type**: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 31. **Vulnerability ID**: CVE-2024-8717 32. **Severity Level**: Medium 33. **Disclosure Date**: October 23, 2024 34. **Update Date**: October 24, 2024 35. **Vulnerability Description**: The plugin fails to properly neutralize input when processing the `pdf_source` parameter, enabling attackers to execute malicious scripts by tricking users into clicking on malicious links. 36. **Fix**: Already fixed. Users should upgrade to version 2.3.42 or later. 37. **Affected Versions**: <= 2.3.32 38. **Fixed Version**: 2.3.42 39. **Reference Links**: - plugins.trac.wordpress.org - plugins.trac.wordpress.org 40. **Vulnerability Type**: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 41. **Vulnerability ID**: CVE-2024-8717 42. **Severity Level**: Medium 43. **Disclosure Date**: October 23, 2024 44. **Update Date**: October 24, 2024 45. **Vulnerability Description**: The plugin fails to properly neutralize input when processing the `pdf_source` parameter, enabling attackers to execute malicious scripts by tricking users into clicking on malicious links. 46. **Fix**: Already fixed. Users should upgrade to version 2.3.42 or later. 47. **Affected Versions**: <= 2.3.32 48. **Fixed Version**: 2.3.42 49. **Reference Links**: - plugins.trac.wordpress.org - plugins.trac.wordpress.org 50. **Vulnerability Type**: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 51. **Vulnerability ID**: CVE-2024-8717 52. **Severity Level**: Medium 53. **Disclosure Date**: October 23, 2024 54. **Update Date**: October 24, 2024 55. **Vulnerability Description**: The plugin fails to properly neutralize input when processing the `pdf_source` parameter, enabling attackers to execute malicious scripts by tricking users into clicking on malicious links. 56. **Fix**: Already fixed. Users should upgrade to version 2.3.42 or later. 57. **Affected Versions**: <= 2.3.32 58. **Fixed Version**: 2.3.42 59. **Reference Links**: - plugins.trac.wordpress.org - plugins.trac.wordpress.org 60. **Vulnerability Type**: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 61. **Vulnerability ID**: CVE-2024-8717 62. **Severity Level**: Medium 63. **Disclosure Date**: October 23, 2024 64. **Update Date**: October 24, 2024 65. **Vulnerability Description**: The plugin fails to properly neutralize input when processing the `pdf_source` parameter, enabling a

Goal Reached Thanks to every supporter — we hit 100%!

WordPress DearFlip Reflected XSS Vulnerability (CVE-2024-8717) Advisory

More from this source