Plugin Name: ePaperFlip Publisher Security & Risk Analysis

wordpress.org/plugins/epaperflip-publisher

The epaperflip_embed plugin is used to embed flipb and epaperflip digital catalogs into your wordpress website.

10 active installs v1 PHP + WP 4.1+ Updated Jul 20, 2015
digital-magazineepaperflipflipbflipbookshortcode
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEJun 8, 2026
Download
Safety Verdict

Is Plugin Name: ePaperFlip Publisher Safe to Use in 2026?

Use With Caution

Score 63/100

Plugin Name: ePaperFlip Publisher has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jun 8, 2026Updated 10yr ago
Risk Assessment

The epaperflip-publisher v1 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, SQL queries (all prepared), external HTTP requests, and file operations is commendable. Furthermore, all identified output is properly escaped, and there are no critical or high-severity taint flows. The plugin's vulnerability history being completely clean, with no recorded CVEs, suggests a history of responsible development and maintenance, or a lack of public scrutiny that might be a double-edged sword.

However, a significant concern arises from the lack of any identified nonce or capability checks across all analyzed entry points, including the single shortcode. This is a critical oversight that leaves the plugin vulnerable to Cross-Site Request Forgery (CSRF) attacks if the shortcode performs any sensitive actions or modifies data. While the current attack surface is small and the code appears clean, this fundamental security mechanism is missing, presenting a clear and exploitable risk. The absence of these checks outweighs the positive aspects of the static analysis, making it a primary area of concern.

Key Concerns

  • Missing capability checks on all entry points
  • Missing nonce checks on all entry points
Vulnerabilities
1 published

Plugin Name: ePaperFlip Publisher Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-7662medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ePaperFlip Publisher <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'publicationid' Shortcode Attribute

Jun 8, 2026Unpatched
Version History

Plugin Name: ePaperFlip Publisher Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Plugin Name: ePaperFlip Publisher Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0
Attack Surface

Plugin Name: ePaperFlip Publisher Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[epaperflip_embed] ePaperFlip Publisher.php:58
Maintenance & Trust

Plugin Name: ePaperFlip Publisher Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42
Last updatedJul 20, 2015
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Plugin Name: ePaperFlip Publisher Developer Profile

joshin85

1 plugin · 10 total installs

68
trust score
Avg Security Score
63/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Plugin Name: ePaperFlip Publisher

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/epaperflip-publisher/scripts/dcviewer.js
Script Paths
https://api.epaperflip.com/scripts/dcviewer.js

HTML / DOM Fingerprints

Data Attributes
ID="dcviewer"
JS Globals
var view = new com.epaperflip.api.Viewer();
Shortcode Output
<div style="width:px;height:px;border:none; margin:; padding:0; overflow:hidden; z-index:999999;" ID="dcviewer"> </div><script type="text/javascript" src="https://api.epaperflip.com/scripts/dcviewer.js"></script> <script> var view = new com.epaperflip.api.Viewer(); view.setParentElementID("dcviewer");
FAQ

Frequently Asked Questions about Plugin Name: ePaperFlip Publisher