WP-Safety

3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery Security & Risk Analysis

wordpress.org/plugins/interactive-3d-flipbook-powered-physics-engine

3D FlipBook is PDF Viewer, allowing to browse images, PDFs or HTMLs as flipbook. Flipbook attracts user attention and makes more impression on him.

80K active installs v1.16.19 PHP 5.3+ WP 4.3+ Updated Mar 11, 2026
flip-bookflipbookpdf-flipbookpdf-to-flip-bookpdf-viewer
96
A · Safe
CVEs total8
Unpatched0
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery Safe to Use in 2026?

Generally Safe

Score 96/100

3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery has a strong security track record. Known vulnerabilities have been patched promptly.

8 known CVEsLast CVE: Sep 22, 2025Updated 23d ago
Risk Assessment

The plugin 'interactive-3d-flipbook-powered-physics-engine' v1.16.19 exhibits significant security concerns primarily due to a large, unprotected attack surface and a history of medium-severity vulnerabilities. All 21 identified AJAX handlers lack authentication checks, presenting a critical risk of unauthorized actions. While most output is properly escaped and SQL queries largely use prepared statements, the presence of the dangerous `unserialize` function, combined with the absence of capability checks, opens avenues for potential exploits. The plugin's vulnerability history, with 8 known medium-severity CVEs, predominantly related to information exposure and cross-site scripting, indicates a recurring pattern of insecure handling of user-provided data. The fact that all past vulnerabilities are currently patched is a positive sign, but the sheer number of historical issues and the current lack of robust access control on AJAX endpoints suggest a need for significant improvement in secure coding practices. The plugin has a good escape rate for output and uses prepared statements for most SQL queries, which are positive. However, the unprotected AJAX endpoints and the use of `unserialize` are major red flags that overshadow these strengths.

Key Concerns

  • 21 AJAX handlers without auth checks
  • Dangerous function 'unserialize' found
  • 0 capability checks on entry points
  • 8 known medium severity CVEs
  • Bundled Select2 library
Vulnerabilities
8

3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery Security Vulnerabilities

CVEs by Year

2 CVEs in 2022
2022
4 CVEs in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
8

8 total CVEs

CVE-2025-58226medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.16 - Unauthenticated Sensitive Information Exposure

Sep 22, 2025 Patched in 1.16.17 (23d)
CVE-2025-5289medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3D FlipBook - Lite Edition <= 1.16.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via style and mode Parameters

Jun 20, 2025 Patched in 1.16.16 (1d)
CVE-2024-43152medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery <= 1.15.6 - Authenticated (Editor+) Stored Cross-Site Scripting

Aug 7, 2024 Patched in 1.15.7 (8d)
CVE-2024-3883medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3D FlipBook <= 1.15.4 - Authenticated (Author+) Stored Cross-Site Scritping via Bookmark URL

May 1, 2024 Patched in 1.15.5 (1d)
CVE-2024-1081medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3D FlipBook – PDF Flipbook WordPress <= 1.15.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks

Feb 20, 2024 Patched in 1.15.4 (1d)
CVE-2023-6776medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3D Flipbook <= 1.15.2 - Authenticated (Contributor+) Cross-Site Scripting via Ready Function

Jan 2, 2024 Patched in 1.15.3 (210d)
CVE-2022-4453medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3D FlipBook <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 22, 2022 Patched in 1.13.3 (397d)
CVE-2022-0423medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3D FlipBook <= 1.12.0 - Subscriber+ Stored Cross-Site Scripting

Feb 28, 2022 Patched in 1.12.1 (694d)
Code Analysis
Analyzed Mar 16, 2026

3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery Code Analysis

Dangerous Functions
7
Raw SQL Queries
2
5 prepared
Unescaped Output
4
38 escaped
Nonce Checks
2
Capability Checks
0
File Operations
9
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize'outline'=> isset($meta[META_PREFIX.'outline'][0])? unserialize($meta[META_PREFIX.'outline'][0]): []inc\ajax-get.php:49
unserialize'data'=> unserialize(isset($meta[META_PREFIX.'data'][0])? $meta[META_PREFIX.'data'][0]: serialize($dinc\ajax-get.php:50
unserialize'thumbnail'=> unserialize(isset($meta[META_PREFIX.'thumbnail'][0])? $meta[META_PREFIX.'thumbnail'][0inc\ajax-get.php:51
unserialize'props'=> unserialize(isset($meta[META_PREFIX.'props'][0])? $meta[META_PREFIX.'props'][0]: serializeinc\ajax-get.php:52
unserialize'controlProps'=> unserialize(isset($meta[META_PREFIX.'controlProps'][0])? $meta[META_PREFIX.'controlinc\ajax-get.php:53
unserialize$op = gettype($op)==='string'? unserialize($op): $op;inc\ajax-get.php:251
unserialize$un = unserialize($records[$name]);inc\post-pages.php:79

Bundled Libraries

Select2

SQL Query Safety

71% prepared7 total queries

Output Escaping

90% escaped42 total outputs
Attack Surface
21 unprotected

3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery Attack Surface

Entry Points21
Unprotected21

AJAX Handlers 21

authwp_ajax_fb3d_send_taxonomy_termsinc\ajax-get.php:64
authwp_ajax_fb3d_send_postsinc\ajax-get.php:80
noprivwp_ajax_fb3d_send_postsinc\ajax-get.php:81
authwp_ajax_fb3d_send_postinc\ajax-get.php:141
noprivwp_ajax_fb3d_send_postinc\ajax-get.php:142
authwp_ajax_fb3d_send_posts_ininc\ajax-get.php:167
noprivwp_ajax_fb3d_send_posts_ininc\ajax-get.php:168
authwp_ajax_fb3d_send_post_pagesinc\ajax-get.php:185
noprivwp_ajax_fb3d_send_post_pagesinc\ajax-get.php:186
authwp_ajax_fb3d_send_posts_in_pagesinc\ajax-get.php:197
noprivwp_ajax_fb3d_send_posts_in_pagesinc\ajax-get.php:198
authwp_ajax_fb3d_send_posts_in_first_pageinc\ajax-get.php:209
noprivwp_ajax_fb3d_send_posts_in_first_pageinc\ajax-get.php:210
authwp_ajax_fb3d_send_post_first_pageinc\ajax-get.php:227
noprivwp_ajax_fb3d_send_post_first_pageinc\ajax-get.php:228
authwp_ajax_fb3d_send_media_imageinc\ajax-get.php:246
noprivwp_ajax_fb3d_send_media_imageinc\ajax-get.php:247
authwp_ajax_fb3d_send_book_control_propsinc\ajax-get.php:276
noprivwp_ajax_fb3d_send_book_control_propsinc\ajax-get.php:277
authwp_ajax_fb3d_receive_book_templateinc\ajax-post.php:56
authwp_ajax_fb3d_receive_question_answerinc\ajax-post.php:77
WordPress Hooks 21
actioninitinc\dictionary.php:23
actionsave_postinc\edit-save.php:290
actioncurrent_screeninc\edit.php:22
actionadmin_noticesinc\edit.php:27
actionadd_meta_boxesinc\edit.php:31
actionadd_meta_boxesinc\edit.php:44
actionadd_meta_boxesinc\edit.php:60
actionadmin_enqueue_scriptsinc\edit.php:75
filtermce_external_pluginsinc\insert.php:18
filtermce_buttonsinc\insert.php:19
actioninitinc\insert.php:22
actionadmin_footerinc\insert.php:36
actioninitinc\post.php:49
filtersingle_templateinc\post.php:62
actionadmin_noticesinc\question.php:75
actioncurrent_screeninc\question.php:81
actionadmin_menuinc\shortcode-generator.php:16
actionwp_enqueue_scriptsinc\shortcode.php:129
actioninitinc\taxonomy.php:13
actioninitinc\templates.php:80
actionplugins_loadedindex.php:119
Maintenance & Trust

3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 11, 2026
PHP min version5.3
Downloads2.3M

Community Trust

Rating96/100
Number of ratings178
Active installs80K
Alternatives

3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery Alternatives

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer

3d-flipbook-dflip-lite

A
95

Dear Flipbook creates PDF Flipbook, 3D Flipbook, PDF viewer, PDF embed for WordPress sites. Create impressive and realistic 3D flipbooks with PDFs.

100K 8 CVEs
iPages – FlipBook Image & PDF Viewer

iPages – FlipBook Image & PDF Viewer

ipages-flipbook

A
96

Create interactive HTML5 flipbooks from PDFs or images instantly - turn them into online magazines, catalogs, or brochures with ease.

2K 4 CVEs
PDF Flipbook Heyzine

PDF Flipbook Heyzine

pdf-flipbook-heyzine

A
92

Make a stunning PDF flipbook. Simply select or upload the PDF for a PDF viewer that is not boring like the rest. Stand out and engage your readers.

1K No CVEs
PDF Flipbook, WPBakery Addon – Unreal FlipBook

PDF Flipbook, WPBakery Addon – Unreal FlipBook

unreal-flipbook-addon-for-visual-composer

A
100

Unreal FlipBook is PDF Viewer, allowing to browse images, PDFs, HTMLs as a flipping book. It attracts user attention and makes more impression on him.

1K No CVEs
flowpaper

flowpaper

flowpaper-lite-pdf-flipbook

A
91

Flipbook PDF viewer - all you need is a PDF : [flipbook pdf="https://flowpaper.com/example.pdf"]

10K 2 CVEs
Developer Profile

3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery Developer Profile

iberezansky

2 plugins · 81K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
167 days
View full developer profile
Detection Fingerprints

How We Detect 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/assets/css/main.css/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/assets/css/skins.css/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/assets/js/3d-flip-book.min.js/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/assets/js/edit.min.js/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/assets/js/libs/jquery.mousewheel.min.js/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/assets/js/libs/turn.min.js
Script Paths
/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/assets/js/3d-flip-book.min.js/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/assets/js/edit.min.js/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/assets/js/libs/jquery.mousewheel.min.js/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/assets/js/libs/turn.min.js
Version Parameters
interactive-3d-flipbook-powered-physics-engine/assets/css/main.css?ver=interactive-3d-flipbook-powered-physics-engine/assets/css/skins.css?ver=interactive-3d-flipbook-powered-physics-engine/assets/js/3d-flip-book.min.js?ver=interactive-3d-flipbook-powered-physics-engine/assets/js/edit.min.js?ver=interactive-3d-flipbook-powered-physics-engine/assets/js/libs/jquery.mousewheel.min.js?ver=interactive-3d-flipbook-powered-physics-engine/assets/js/libs/turn.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
fb3dfb3d-carousel-containerfb3d-containerfb3d-flipbook-containerfb3d-pdf-containerfb3d-wrapper
HTML Comments
<!-- THIS IS PRO VERSION --><!-- THIS IS LITE VERSION -->
Data Attributes
data-fb3ddata-fb3d-iddata-flipbook-iddata-page-id
JS Globals
fb3d_admin
Shortcode Output
[3d-flip-book[/3d-flip-book]
FAQ

Frequently Asked Questions about 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery