Does Flipbox – Awesome Flip Boxes & Image Overlay for WordPress have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Flipbox – Awesome Flip Boxes & Image Overlay for WordPress compatible with WordPress 6.9.4?

According to WordPress.org data, Flipbox – Awesome Flip Boxes & Image Overlay for WordPress 3.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Flipbox – Awesome Flip Boxes & Image Overlay for WordPress compatible with PHP 7.4+?

Flipbox – Awesome Flip Boxes & Image Overlay for WordPress requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Flipbox – Awesome Flip Boxes & Image Overlay for WordPress Security & Risk Analysis

wordpress.org/plugins/image-hover-effects-ultimate-visual-composer

Create stunning CSS3 flip boxes in WordPress. 29 styles, 50+ animations, no coding. Works with any page builder (Elementor, WPBakery, Gutenberg, etc).

10K active installs v3.0.0 PHP 7.4+ WP 6.2+ Updated Apr 15, 2026

flip-boxflip-cardflipboxhover-effectsimage-overlay

A · Safe

CVEs total1

Unpatched0

Last CVEJul 25, 2022

Plugin page Download

Safety Verdict

Is Flipbox – Awesome Flip Boxes & Image Overlay for WordPress Safe to Use in 2026?

Generally Safe

Score 99/100

Flipbox – Awesome Flip Boxes & Image Overlay for WordPress has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jul 25, 2022Updated 1mo ago

Risk Assessment

The plugin "image-hover-effects-ultimate-visual-composer" v2.10.6 exhibits a mixed security posture. While it demonstrates good practices in several areas, such as a high percentage of prepared SQL statements and properly escaped outputs, there are notable concerns. The static analysis reveals a single unprotected AJAX handler, which represents a significant entry point without proper authentication or authorization checks. This is a critical weakness that could be exploited by an attacker. Furthermore, the taint analysis identified two high-severity flows with unsanitized paths, indicating potential for malicious input to lead to unintended consequences, possibly including arbitrary file access or manipulation.

The vulnerability history, though currently showing no unpatched CVEs, indicates a past high-severity vulnerability related to Authorization Bypass Through User-Controlled Key. This suggests a recurring pattern of authorization weaknesses. The presence of a single unprotected AJAX handler, coupled with past authorization bypass issues and high-severity taint flows, points to potential vulnerabilities in how user input is handled and authorized. While the plugin has strengths in its output escaping and SQL usage, these specific identified weaknesses warrant attention and mitigation.

Key Concerns

Unprotected AJAX handler
High severity unsanitized path taint flow (x2)
Past high severity vulnerability (Authorization Bypass)

Vulnerabilities

1 published

Flipbox – Awesome Flip Boxes & Image Overlay for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2022-33969high · 7.2Authorization Bypass Through User-Controlled Key

Flipbox – Awesomes Flip Boxes Image Overlay <= 2.6.0 - Authenticated (Admin+) Arbitrary Options Update

Jul 25, 2022 Patched in 2.6.1 (547d)

Version History

Flipbox – Awesome Flip Boxes & Image Overlay for WordPress Release Timeline

v3.0.0Current

v2.10.7

v2.10.6

v2.10.5

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.5

v2.8.4

Code Analysis

Analyzed Mar 16, 2026

Flipbox – Awesome Flip Boxes & Image Overlay for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

70 prepared

Unescaped Output

3209 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTablesFreemius1.0

SQL Query Safety

97% prepared72 total queries

Output Escaping

98% escaped3285 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

10 flows2 with unsanitized paths

notice_dissmiss (Classes\Support_Reviews.php:32)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Flipbox – Awesome Flip Boxes & Image Overlay for WordPress Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 3

authwp_ajax_oxi_flip_admin_recommendedClasses\Support_Recommended.php:71

authwp_ajax_oxilab_flip_notice_dissmissClasses\Support_Reviews.php:102

authwp_ajax_oxi_flip_box_dataindex.php:255

Shortcodes 2

[oxilab_flip_box] index.php:226

[oxilab_flip_box_VC] Modules\Visual_Composer.php:16

WordPress Hooks 24

actionadmin_noticesClasses\Support_Recommended.php:68

actionadmin_enqueue_scriptsClasses\Support_Recommended.php:69

actionadmin_noticesClasses\Support_Recommended.php:70

actionadmin_noticesClasses\Support_Reviews.php:100

actionadmin_enqueue_scriptsClasses\Support_Reviews.php:101

actionadmin_noticesClasses\Support_Reviews.php:103

actionadmin_menuIncludes\Admin\Menu.php:38

actionadmin_enqueue_scriptsIncludes\Assets.php:19

actionwp_enqueue_scriptsIncludes\Assets.php:20

actionelementor/editor/after_enqueue_stylesIncludes\Assets.php:22

actionelementor/editor/after_enqueue_scriptsIncludes\Assets.php:23

actionelementor/frontend/after_enqueue_stylesIncludes\Assets.php:24

actionelementor/frontend/after_enqueue_scriptsIncludes\Assets.php:25

actionelementor/preview/enqueue_stylesIncludes\Assets.php:26

actionelementor/preview/enqueue_scriptsIncludes\Assets.php:27

actionupgrader_process_completeindex.php:102

actioninitindex.php:105

actionplugins_loadedindex.php:106

filterwidget_textindex.php:230

actionwidgets_initindex.php:231

actionadmin_headindex.php:254

actionadmin_headindex.php:256

actionelementor/widgets/registerModules\Elementor.php:9

actionvc_before_initModules\Visual_Composer.php:15

Maintenance & Trust

Flipbox – Awesome Flip Boxes & Image Overlay for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 15, 2026

PHP min version7.4

Downloads299K

Community Trust

Rating92/100

Number of ratings147

Active installs10K

Alternatives

Flipbox – Awesome Flip Boxes & Image Overlay for WordPress Alternatives

Flip Cards Module For Divi

flip-cards-module-divi

A simple plugin that adds a flip cards module in the Divi builder.

4K No CVEs

Flip Block – Create Flipbox Overlays and Hovers

flip-block

A simple block to create a flip card in WordPress.

100 No CVEs

Fancy Elementor Flipbox

fancy-elementor-flipbox

Create flip box and 6 more effects with front and back side options

5K 1 CVE

Image Hover Effects – WordPress Plugin

image-hover-effects

Create stunning image hover effects with animated captions and overlays. Fully responsive, lightweight, and easy to use.

3K 2 CVEs

Flipbox

flipbox

Deliver your content beautifully to grab attention with an animated Flipbox block.

2K No CVEs

Developer Profile

Flipbox – Awesome Flip Boxes & Image Overlay for WordPress Developer Profile

Oxilab

6 plugins · 31K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

613 days

View full developer profile

Detection Fingerprints

How We Detect Flipbox – Awesome Flip Boxes & Image Overlay for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/image-hover-effects-ultimate-visual-composer/asset/backend/js/admin-recommended.js/wp-content/plugins/image-hover-effects-ultimate-visual-composer/asset/backend/css/admin-style.css/wp-content/plugins/image-hover-effects-ultimate-visual-composer/asset/public/css/frontend.css/wp-content/plugins/image-hover-effects-ultimate-visual-composer/asset/public/js/frontend.js

Script Paths

/wp-content/plugins/image-hover-effects-ultimate-visual-composer/asset/backend/js/admin-recommended.js/wp-content/plugins/image-hover-effects-ultimate-visual-composer/asset/backend/js/admin-style.js/wp-content/plugins/image-hover-effects-ultimate-visual-composer/asset/public/js/frontend.js

Version Parameters

image-hover-effects-ultimate-visual-composer/asset/backend/js/admin-recommended.js?ver=image-hover-effects-ultimate-visual-composer/asset/backend/css/admin-style.css?ver=image-hover-effects-ultimate-visual-composer/asset/public/css/frontend.css?ver=image-hover-effects-ultimate-visual-composer/asset/public/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

oxi-flip-box-wrapperoxi-flip-boxes-main-wrapperoxi-flip-box-bodyoxi-flip-boxes-main-contentoxi-flip-box-frontend-data

Data Attributes

data-oxi-flip-box-id

JS Globals

oxi_flip_admin_recommended

Shortcode Output

[oxilab_flip_box id=

FAQ