CVE-2025-5314: 
WordPress vulnerability analysis and mitigation

The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via the 'pdf-source' parameter in versions up to and including 2.3.65. This vulnerability was discovered and disclosed on July 1, 2025 (NVD).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSS v3.1 Base Score of 6.1 MEDIUM (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). The issue stems from insufficient input sanitization and output escaping of the 'pdf-source' parameter in the plugin's functionality (Wordfence).

The vulnerability allows unauthenticated attackers to inject arbitrary web scripts that execute when users perform specific actions, such as clicking on a malicious link. This could lead to potential client-side attacks and compromise of user sessions (NVD).

The vulnerability has been patched in version 2.3.67 of the Dear Flipbook plugin. Users are advised to update to this version or later to address the security issue. The fix involves improving the ShareBox functionality and implementing proper input validation (WordPress Plugin).