WP-Safety

iPages – FlipBook Image & PDF Viewer Security & Risk Analysis

wordpress.org/plugins/ipages-flipbook

Create interactive HTML5 flipbooks from PDFs or images instantly - turn them into online magazines, catalogs, or brochures with ease.

2K active installs v1.5.5 PHP 7.4+ WP 4.6+ Updated Aug 8, 2025
flip-bookflipbookimage-flipbookpdf-flipbookpdf-viewer
96
A · Safe
CVEs total4
Unpatched0
Last CVEApr 29, 2024
Plugin page Download
Safety Verdict

Is iPages – FlipBook Image & PDF Viewer Safe to Use in 2026?

Generally Safe

Score 96/100

iPages – FlipBook Image & PDF Viewer has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Apr 29, 2024Updated 7mo ago
Risk Assessment

The "ipages-flipbook" v1.5.5 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices with a low attack surface, no known unpatched CVEs, and strong adherence to using prepared statements for SQL queries and proper output escaping. The presence of numerous nonce and capability checks also suggests an awareness of common WordPress security measures. However, the static analysis revealed significant concerns. The presence of the `unserialize` function is a known risk, particularly if the data being unserialized is not strictly controlled or sanitized, which can lead to Remote Code Execution vulnerabilities. While taint analysis didn't flag critical issues, the two flows with unsanitized paths warrant attention, even if they didn't reach a critical severity in this analysis.

The vulnerability history of this plugin is a significant red flag. With four known CVEs, including one high and three medium severity vulnerabilities, it indicates a pattern of past security weaknesses. The common types of past vulnerabilities like Missing Authorization, SQL Injection, and Cross-site Scripting suggest recurring issues with input validation and access control. While there are currently no unpatched vulnerabilities, the history suggests a need for continued vigilance and thorough security reviews of future updates. Overall, while the plugin has adopted some good security practices, the inherent risk from `unserialize` and the concerning vulnerability history necessitate careful consideration and monitoring.

Key Concerns

  • Dangerous function 'unserialize' used
  • Taint flows with unsanitized paths detected
  • Past High severity vulnerability history
  • Past Medium severity vulnerability history (3 instances)
Vulnerabilities
4

iPages – FlipBook Image & PDF Viewer Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2022
2022
1 CVE in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
3

4 total CVEs

CVE-2024-33909medium · 5.3Missing Authorization

iPages Flipbook <= 1.5.1 - Missing Authorization

Apr 29, 2024 Patched in 1.5.2 (17d)
CVE-2023-47236high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

iPages Flipbook < 1.5.0 - Authenticated (Administrator+) SQL Injection

Nov 3, 2023 Patched in 1.5.0 (81d)
CVE-2022-4394medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

iPages Flipbook <= 1.4.6 - Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode

Dec 19, 2022 Patched in 1.4.7 (400d)
WF-77fd0714-ae9d-4136-beed-7f37b1266dc9-ipages-flipbookmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

iPages Flipbook < 1.4.3 - Reflected Cross-Site Scripting

Oct 11, 2021 Patched in 1.4.3 (834d)
Code Analysis
Analyzed Mar 16, 2026

iPages – FlipBook Image & PDF Viewer Code Analysis

Dangerous Functions
11
Raw SQL Queries
7
68 prepared
Unescaped Output
6
70 escaped
Nonce Checks
14
Capability Checks
11
File Operations
7
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$itemData = unserialize($item->data);includes\list-table-items.php:352
unserialize$itemConfig = unserialize($item->config);includes\list-table-items.php:355
unserialize$config = unserialize($item->config);includes\plugin.php:115
unserialize$config = unserialize($item->config);includes\plugin.php:121
unserialize$settings = unserialize($settings_value);includes\plugin.php:201
unserialize$settings = unserialize($settings_value);includes\plugin.php:216
unserialize$itemData = unserialize($item->data);includes\plugin.php:391
unserialize$globals['settings'] = json_encode(unserialize($settings_value));includes\plugin.php:717
unserialize$globals['config'] = json_encode(unserialize($item->data));includes\plugin.php:728
unserialize$globals['config'] = json_encode(unserialize($settings_value));includes\plugin.php:781
unserialize$itemData = unserialize($item->data);includes\plugin.php:811

SQL Query Safety

91% prepared75 total queries

Output Escaping

92% escaped76 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
page_redirects (includes\plugin.php:575)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

iPages – FlipBook Image & PDF Viewer Attack Surface

Entry Points1
Unprotected0

REST API Routes 1

GET/wp-json/ipagesflipbook/v1/items/includes\plugin.php:616
WordPress Hooks 15
filterfilesystem_methodincludes\list-table-items.php:53
filterrequest_filesystem_credentialsincludes\list-table-items.php:54
actionrest_api_initincludes\plugin.php:24
actioninitincludes\plugin.php:25
actionadmin_menuincludes\plugin.php:49
actionadmin_noticesincludes\plugin.php:50
actionin_admin_headerincludes\plugin.php:51
actionwp_loadedincludes\plugin.php:52
actionenqueue_block_editor_assetsincludes\plugin.php:53
filterdo_parse_requestincludes\plugin.php:64
actionrest_api_initincludes\plugin.php:65
filterfilesystem_methodincludes\plugin.php:178
filterrequest_filesystem_credentialsincludes\plugin.php:179
actionadmin_noticesincludes\plugin.php:558
actionplugins_loadedipages.php:53
Maintenance & Trust

iPages – FlipBook Image & PDF Viewer Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedAug 8, 2025
PHP min version7.4
Downloads79K

Community Trust

Rating70/100
Number of ratings6
Active installs2K
Alternatives

iPages – FlipBook Image & PDF Viewer Alternatives

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer

3d-flipbook-dflip-lite

A
95

Dear Flipbook creates PDF Flipbook, 3D Flipbook, PDF viewer, PDF embed for WordPress sites. Create impressive and realistic 3D flipbooks with PDFs.

100K 8 CVEs
3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery

3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery

interactive-3d-flipbook-powered-physics-engine

A
96

3D FlipBook is PDF Viewer, allowing to browse images, PDFs or HTMLs as flipbook. Flipbook attracts user attention and makes more impression on him.

80K 8 CVEs
PDF Flipbook Heyzine

PDF Flipbook Heyzine

pdf-flipbook-heyzine

A
92

Make a stunning PDF flipbook. Simply select or upload the PDF for a PDF viewer that is not boring like the rest. Stand out and engage your readers.

1K No CVEs
PDF Flipbook, WPBakery Addon – Unreal FlipBook

PDF Flipbook, WPBakery Addon – Unreal FlipBook

unreal-flipbook-addon-for-visual-composer

A
100

Unreal FlipBook is PDF Viewer, allowing to browse images, PDFs, HTMLs as a flipping book. It attracts user attention and makes more impression on him.

1K No CVEs
flowpaper

flowpaper

flowpaper-lite-pdf-flipbook

A
91

Flipbook PDF viewer - all you need is a PDF : [flipbook pdf="https://flowpaper.com/example.pdf"]

10K 2 CVEs
Developer Profile

iPages – FlipBook Image & PDF Viewer Developer Profile

Avirtum

6 plugins · 11K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
324 days
View full developer profile
Detection Fingerprints

How We Detect iPages – FlipBook Image & PDF Viewer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ipages-flipbook/assets/css/preview.min.css/wp-content/plugins/ipages-flipbook/assets/js/loader.min.js
Script Paths
/wp-content/plugins/ipages-flipbook/assets/js/loader.min.js
Version Parameters
ipages-flipbook/assets/css/preview.min.css?ver=ipages-flipbook/assets/js/loader.min.js?ver=

HTML / DOM Fingerprints

Data Attributes
id="ipages-flipbook-container"
JS Globals
ipages_flipbook_globals
REST Endpoints
/wp-json/ipages/v1/item//wp-json/ipages/public/v1/item/
Shortcode Output
[ipagesipages-flipbook-container
FAQ

Frequently Asked Questions about iPages – FlipBook Image & PDF Viewer