WP-Safety

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer Security & Risk Analysis

wordpress.org/plugins/3d-flipbook-dflip-lite

Dear Flipbook creates PDF Flipbook, 3D Flipbook, PDF viewer, PDF embed for WordPress sites. Create impressive and realistic 3D flipbooks with PDFs.

100K active installs v2.4.27 PHP 5.3+ WP 4.6+ Updated Mar 3, 2026
3d-flipbookflip-bookflipbookpdf-flipbookpdf-viewer
95
A · Safe
CVEs total8
Unpatched0
Last CVEMar 10, 2026
Download
Safety Verdict

Is Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer Safe to Use in 2026?

Generally Safe

Score 95/100

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer has a strong security track record. Known vulnerabilities have been patched promptly.

8 known CVEsLast CVE: Mar 10, 2026Updated 1mo ago
Risk Assessment

The plugin "3d-flipbook-dflip-lite" v2.4.27 presents a mixed security posture. On the positive side, the code analysis reveals good practices such as 100% of SQL queries using prepared statements, a high rate of output escaping (94%), and the presence of nonce and capability checks. There are no identified dangerous functions, file operations, external HTTP requests, or bundled libraries that raise immediate concern. The taint analysis shows no critical or high severity flows, indicating that potentially malicious input is not directly leading to severe code execution or data compromise in the analyzed paths. However, a significant concern is the presence of one unprotected AJAX handler, which represents a direct entry point into the plugin that is not secured with authentication checks. This unprotected handler is a potential avenue for unauthenticated users to trigger plugin functionality, which could lead to unintended consequences or be chained with other vulnerabilities.

The plugin's vulnerability history is a substantial red flag. With a total of 8 known medium-severity CVEs, and a recent vulnerability recorded in March 2026, it suggests a pattern of security flaws. While there are currently no unpatched vulnerabilities, the sheer number of past medium-severity issues, primarily related to Cross-site Scripting (XSS), indicates that the development team has historically struggled with robust input sanitization and output encoding, despite the relatively good scores in the static analysis. This history, combined with the unprotected AJAX handler, elevates the overall risk. The conclusion is that while the current version exhibits some strong security practices, the historical pattern of vulnerabilities and the identified unprotected entry point warrant caution.

Key Concerns

  • Unprotected AJAX handler
  • History of 8 medium CVEs
  • High rate of output escaping needed (6% unescaped)
Vulnerabilities
8

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
4 CVEs in 2024
2024
2 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
8

8 total CVEs

CVE-2026-2569medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Dear Flipbook <= 2.4.20 - Authenticated (Auhtor+) Stored Cross-Site Scripting via PDF Page Labels

Mar 10, 2026 Patched in 2.4.27 (1d)
CVE-2025-5314medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.3.65 - DOM-Based Reflected Cross-Site Scripting via 'pdf-source'

Jun 30, 2025 Patched in 2.3.67 (1d)
CVE-2024-11830medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 7, 2025 Patched in 2.3.53 (1d)
CVE-2024-8717medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip <= 2.3.32 - Reflected Cross-Site Scripting

Oct 23, 2024 Patched in 2.3.42 (1d)
CVE-2024-4367medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PDF.js < 4.2.67 - Arbitrary JavaScript Execution

May 20, 2024 Patched in 1.15.6 (130d)
CVE-2024-29807medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DearFlip <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via force_fit

Mar 25, 2024 Patched in 2.2.27 (4d)
CVE-2024-0895medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PDF Flipbook, 3D Flipbook – DearFlip <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 2, 2024 Patched in 2.2.27 (1d)
CVE-2021-24732medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PDF Flipbook, 3D Flipbook WordPress – DearFlip Lite <= 1.7.12 - Contributor+ Stored Cross-Site Scripting

Sep 15, 2021 Patched in 1.7.13 (860d)
Code Analysis
Analyzed Mar 16, 2026

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
9
135 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

94% escaped144 total outputs
Attack Surface
1 unprotected

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_hidedflipRatinginc\post-type.php:91

Shortcodes 1

[dflip] inc\shortcode.php:40
WordPress Hooks 17
actioninit3d-flipbook-dflip-lite.php:100
actionwp_enqueue_scripts3d-flipbook-dflip-lite.php:492
actionwp_print_footer_scripts3d-flipbook-dflip-lite.php:495
actionadmin_notices3d-flipbook-dflip-lite.php:834
actionadmin_enqueue_scriptsinc\metaboxes.php:55
actionadd_meta_boxesinc\metaboxes.php:58
actionsave_post_dflipinc\metaboxes.php:61
filterpost_row_actionsinc\post-type.php:109
filtermanage_dflip_posts_columnsinc\post-type.php:112
actionmanage_dflip_posts_custom_columninc\post-type.php:113
filtermanage_edit-dflip_category_columnsinc\post-type.php:115
filtermanage_dflip_category_custom_columninc\post-type.php:116
actionrestrict_manage_postsinc\post-type.php:118
actionadmin_noticesinc\post-type.php:120
filterthe_contentinc\post-type.php:126
actionadmin_menuinc\settings.php:53
actionadmin_noticesinc\settings.php:333
Maintenance & Trust

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 3, 2026
PHP min version5.3
Downloads2.8M

Community Trust

Rating98/100
Number of ratings180
Active installs100K
Alternatives

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer Alternatives

3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery

3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery

interactive-3d-flipbook-powered-physics-engine

A
96

3D FlipBook is PDF Viewer, allowing to browse images, PDFs or HTMLs as flipbook. Flipbook attracts user attention and makes more impression on him.

80K 8 CVEs
iPages – FlipBook Image & PDF Viewer

iPages – FlipBook Image & PDF Viewer

ipages-flipbook

A
96

Create interactive HTML5 flipbooks from PDFs or images instantly - turn them into online magazines, catalogs, or brochures with ease.

2K 4 CVEs
PDF Flipbook Heyzine

PDF Flipbook Heyzine

pdf-flipbook-heyzine

A
92

Make a stunning PDF flipbook. Simply select or upload the PDF for a PDF viewer that is not boring like the rest. Stand out and engage your readers.

1K No CVEs
PDF Flipbook, WPBakery Addon – Unreal FlipBook

PDF Flipbook, WPBakery Addon – Unreal FlipBook

unreal-flipbook-addon-for-visual-composer

A
100

Unreal FlipBook is PDF Viewer, allowing to browse images, PDFs, HTMLs as a flipping book. It attracts user attention and makes more impression on him.

1K No CVEs
Free PDF to Flipbook

Free PDF to Flipbook

free-pdf-to-flipbook

A
100

Convert PDFs into interactive 3D flipbooks inside WordPress. Perfect for catalogs, brochures, magazines and documents.

300 No CVEs
Developer Profile

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer Developer Profile

DearHive

1 plugin · 100K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
125 days
View full developer profile
Detection Fingerprints

How We Detect Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/3d-flipbook-dflip-lite/css/flipbook.min.css/wp-content/plugins/3d-flipbook-dflip-lite/css/dflip.css/wp-content/plugins/3d-flipbook-dflip-lite/css/font-awesome.min.css/wp-content/plugins/3d-flipbook-dflip-lite/js/dflip.min.js/wp-content/plugins/3d-flipbook-dflip-lite/js/pdf.min.js/wp-content/plugins/3d-flipbook-dflip-lite/js/three.min.js/wp-content/plugins/3d-flipbook-dflip-lite/js/html2canvas.min.js/wp-content/plugins/3d-flipbook-dflip-lite/js/pdf.worker.min.js+2 more
Script Paths
https://dearflip.com/go/wp-lite-full-versionhttps://dearflip.com/go/wp-lite-author
Version Parameters
3d-flipbook-dflip-lite/css/flipbook.min.css?ver=3d-flipbook-dflip-lite/css/dflip.css?ver=3d-flipbook-dflip-lite/css/font-awesome.min.css?ver=3d-flipbook-dflip-lite/js/dflip.min.js?ver=3d-flipbook-dflip-lite/js/pdf.min.js?ver=3d-flipbook-dflip-lite/js/three.min.js?ver=3d-flipbook-dflip-lite/js/html2canvas.min.js?ver=3d-flipbook-dflip-lite/js/pdf.worker.min.js?ver=3d-flipbook-dflip-lite/js/wow.min.js?ver=3d-flipbook-dflip-lite/js/dflip.js?ver=

HTML / DOM Fingerprints

CSS Classes
df-containerdf-container-normaldf-controlsdf-buttondf-shadow-wrapdf-pagedf-shadow-pagedf-loading-bg+28 more
HTML Comments
<!-- DearFlip : DearHive ---<!-- DearFlip Plugin ---
Data Attributes
data-dflipdata-titledata-iddata-imagedata-typedata-pdf+147 more
JS Globals
dFlipdFlipBookdFlipGallerydFlipSliderdFlipEmbed
Shortcode Output
[dflip
FAQ

Frequently Asked Questions about Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer