Does Flipbox – Awesomes Flip Boxes Image Overlay have any unpatched vulnerabilities?

No. All known vulnerabilities in Flipbox – Awesomes Flip Boxes Image Overlay have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Flipbox – Awesomes Flip Boxes Image Overlay compatible with WordPress 6.9.4?

According to WordPress.org data, Flipbox – Awesomes Flip Boxes Image Overlay 2.10.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Flipbox – Awesomes Flip Boxes Image Overlay compatible with PHP 7.4+?

Flipbox – Awesomes Flip Boxes Image Overlay requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Flipbox – Awesomes Flip Boxes Image Overlay updated?

Flipbox – Awesomes Flip Boxes Image Overlay was last updated on Dec 12, 2025. Frequent updates are generally a positive security signal.

What is Flipbox – Awesomes Flip Boxes Image Overlay's security score?

Flipbox – Awesomes Flip Boxes Image Overlay has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Flipbox – Awesomes Flip Boxes Image Overlay Security & Risk Analysis

wordpress.org/plugins/image-hover-effects-ultimate-visual-composer

Showcase team members or any list with Flipbox - Awesome Flip Boxes Image Overlay. A clean, responsive, and professional way to display your team.

10K active installs v2.10.6 PHP 7.4+ WP 6.2+ Updated Dec 12, 2025

flip-boxflip-imageflipboxflipboxeswordpress-flipbox-plugins

A · Safe

CVEs total1

Unpatched0

Last CVEJul 25, 2022

Plugin page Download

Safety Verdict

Is Flipbox – Awesomes Flip Boxes Image Overlay Safe to Use in 2026?

Generally Safe

Score 99/100

Flipbox – Awesomes Flip Boxes Image Overlay has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 25, 2022Updated 3mo ago

Risk Assessment

The plugin "image-hover-effects-ultimate-visual-composer" v2.10.6 exhibits a mixed security posture. While it demonstrates good practices in several areas, such as a high percentage of prepared SQL statements and properly escaped outputs, there are notable concerns. The static analysis reveals a single unprotected AJAX handler, which represents a significant entry point without proper authentication or authorization checks. This is a critical weakness that could be exploited by an attacker. Furthermore, the taint analysis identified two high-severity flows with unsanitized paths, indicating potential for malicious input to lead to unintended consequences, possibly including arbitrary file access or manipulation.

The vulnerability history, though currently showing no unpatched CVEs, indicates a past high-severity vulnerability related to Authorization Bypass Through User-Controlled Key. This suggests a recurring pattern of authorization weaknesses. The presence of a single unprotected AJAX handler, coupled with past authorization bypass issues and high-severity taint flows, points to potential vulnerabilities in how user input is handled and authorized. While the plugin has strengths in its output escaping and SQL usage, these specific identified weaknesses warrant attention and mitigation.

Key Concerns

Unprotected AJAX handler
High severity unsanitized path taint flow (x2)
Past high severity vulnerability (Authorization Bypass)

Vulnerabilities

Flipbox – Awesomes Flip Boxes Image Overlay Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2022-33969high · 7.2Authorization Bypass Through User-Controlled Key

Flipbox – Awesomes Flip Boxes Image Overlay <= 2.6.0 - Authenticated (Admin+) Arbitrary Options Update

Jul 25, 2022 Patched in 2.6.1 (547d)

Code Analysis

Analyzed Mar 16, 2026

Flipbox – Awesomes Flip Boxes Image Overlay Code Analysis

Dangerous Functions

Raw SQL Queries

70 prepared

Unescaped Output

3209 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTablesFreemius1.0

SQL Query Safety

97% prepared72 total queries

Output Escaping

98% escaped3285 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

10 flows2 with unsanitized paths

notice_dissmiss (Classes\Support_Reviews.php:32)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Flipbox – Awesomes Flip Boxes Image Overlay Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 3

authwp_ajax_oxi_flip_admin_recommendedClasses\Support_Recommended.php:71

authwp_ajax_oxilab_flip_notice_dissmissClasses\Support_Reviews.php:102

authwp_ajax_oxi_flip_box_dataindex.php:255

Shortcodes 2

[oxilab_flip_box] index.php:226

[oxilab_flip_box_VC] Modules\Visual_Composer.php:16

WordPress Hooks 24

actionadmin_noticesClasses\Support_Recommended.php:68

actionadmin_enqueue_scriptsClasses\Support_Recommended.php:69

actionadmin_noticesClasses\Support_Recommended.php:70

actionadmin_noticesClasses\Support_Reviews.php:100

actionadmin_enqueue_scriptsClasses\Support_Reviews.php:101

actionadmin_noticesClasses\Support_Reviews.php:103

actionadmin_menuIncludes\Admin\Menu.php:38

actionadmin_enqueue_scriptsIncludes\Assets.php:19

actionwp_enqueue_scriptsIncludes\Assets.php:20

actionelementor/editor/after_enqueue_stylesIncludes\Assets.php:22

actionelementor/editor/after_enqueue_scriptsIncludes\Assets.php:23

actionelementor/frontend/after_enqueue_stylesIncludes\Assets.php:24

actionelementor/frontend/after_enqueue_scriptsIncludes\Assets.php:25

actionelementor/preview/enqueue_stylesIncludes\Assets.php:26

actionelementor/preview/enqueue_scriptsIncludes\Assets.php:27

actionupgrader_process_completeindex.php:102

actioninitindex.php:105

actionplugins_loadedindex.php:106

filterwidget_textindex.php:230

actionwidgets_initindex.php:231

actionadmin_headindex.php:254

actionadmin_headindex.php:256

actionelementor/widgets/registerModules\Elementor.php:9

actionvc_before_initModules\Visual_Composer.php:15

Maintenance & Trust

Flipbox – Awesomes Flip Boxes Image Overlay Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 12, 2025

PHP min version7.4

Downloads289K

Community Trust

Rating92/100

Number of ratings147

Active installs10K

Alternatives

Flipbox – Awesomes Flip Boxes Image Overlay Alternatives

Cool Flipbox – Shortcode & Gutenberg Block

flip-boxes

Show off your team members, staff, and employees in a visually appealing way. Make sure your team's profiles not only grab attention but also sti …

6K 1 CVE

Flip Cards Module For Divi

flip-cards-module-divi

A simple plugin that adds a flip cards module in the Divi builder.

4K No CVEs

Flipbox

flipbox

Deliver your content beautifully to grab attention with an animated Flipbox block.

2K No CVEs

Flipbox Addon for Elementor

ultimate-flipbox-addon-for-elementor

Flip Boxes for Elementor – animated, 3D, responsive flip box widgets for posts, custom post types, portfolios, and product showcases.

300 1 CVE

Flip Block – Create Flipbox Overlays and Hovers

flip-block

A simple block to create a flip card in WordPress.

100 No CVEs

Developer Profile

Flipbox – Awesomes Flip Boxes Image Overlay Developer Profile

WPKIN

5 plugins · 30K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

613 days

View full developer profile

Detection Fingerprints

How We Detect Flipbox – Awesomes Flip Boxes Image Overlay

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/image-hover-effects-ultimate-visual-composer/asset/backend/js/admin-recommended.js/wp-content/plugins/image-hover-effects-ultimate-visual-composer/asset/backend/css/admin-style.css/wp-content/plugins/image-hover-effects-ultimate-visual-composer/asset/public/css/frontend.css/wp-content/plugins/image-hover-effects-ultimate-visual-composer/asset/public/js/frontend.js

Script Paths

/wp-content/plugins/image-hover-effects-ultimate-visual-composer/asset/backend/js/admin-recommended.js/wp-content/plugins/image-hover-effects-ultimate-visual-composer/asset/backend/js/admin-style.js/wp-content/plugins/image-hover-effects-ultimate-visual-composer/asset/public/js/frontend.js

Version Parameters

image-hover-effects-ultimate-visual-composer/asset/backend/js/admin-recommended.js?ver=image-hover-effects-ultimate-visual-composer/asset/backend/css/admin-style.css?ver=image-hover-effects-ultimate-visual-composer/asset/public/css/frontend.css?ver=image-hover-effects-ultimate-visual-composer/asset/public/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

oxi-flip-box-wrapperoxi-flip-boxes-main-wrapperoxi-flip-box-bodyoxi-flip-boxes-main-contentoxi-flip-box-frontend-data

Data Attributes

data-oxi-flip-box-id

JS Globals

oxi_flip_admin_recommended

Shortcode Output

[oxilab_flip_box id=

FAQ