Does Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder have any unpatched vulnerabilities?

Yes — Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder compatible with WordPress 6.9.4?

According to WordPress.org data, Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder 4.19.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder Security & Risk Analysis

wordpress.org/plugins/real3d-flipbook-lite

Embed PDF files easily anywhere on your website. Display your PDFs and images as stunning, interactive 3D flipbooks directly within WordPress.

10K active installs v4.19.2 PHP + WP 5.0+ Updated Mar 3, 2026

flip-bookflipbookpdf-embedpdf-embedderpdf-viewer

C · Use Caution

CVEs total5

Unpatched1

Last CVEFeb 10, 2026

Plugin page Download

Safety Verdict

Is Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder Safe to Use in 2026?

Use With Caution

Score 67/100

Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

5 known CVEs 1 unpatched Last CVE: Feb 10, 2026Updated 1mo ago

Risk Assessment

The real3d-flipbook-lite plugin version 4.19.2 presents a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a very high percentage of properly escaped outputs, there are significant concerns regarding its attack surface. The presence of 3 unprotected AJAX handlers out of a total of 8 entry points is a notable weakness that could be exploited for unauthorized actions. The taint analysis shows no critical or high severity flows, which is positive, but this is contrasted by a concerning vulnerability history.

The plugin has a history of 5 known CVEs, with one still unpatched and classified as high severity. The common vulnerability types, including Missing Authorization, Cross-site Scripting (XSS), and Unrestricted Upload of File with Dangerous Type, suggest recurring security flaws in how user input is handled and access is controlled. The fact that a high-severity vulnerability remains unpatched is a serious red flag. While the plugin has strengths in its data handling (SQL and output escaping), the unpatched vulnerability and unprotected AJAX endpoints create a substantial risk that needs immediate attention.

Key Concerns

Unpatched High Severity CVE
3 AJAX handlers without auth checks
Bundled Freemius v1.0 library
5 previous CVEs indicate recurring issues

Vulnerabilities

Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder Security Vulnerabilities

CVEs by Year

3 CVEs in 2024

2024

1 CVE in 2025

2025

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

High

Medium

5 total CVEs

CVE-2026-25423medium · 4.3Missing Authorization

Real 3D FlipBook <= 4.16.4 - Missing Authorization

Feb 10, 2026Unpatched

CVE-2025-68512medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Real 3D FlipBook <= 4.11.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 22, 2025 Patched in 4.16.4 (15d)

CVE-2024-9849high · 8.8Unrestricted Upload of File with Dangerous Type

Real3D Flipbook Lite – 3D FlipBook, PDF Viewer, PDF Embedder <= 4.8 - Authenticated (Author+) Arbitrary File Upload

Nov 15, 2024 Patched in 4.8.5 (4d)

CVE-2024-34561medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin <= 3.71 - Authenticated (Author+) Stored Cross-Site Scripting

May 7, 2024 Patched in 3.72 (10d)

CVE-2024-32694medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin <= 3.62 - Reflected Cross-Site Scripting

Apr 19, 2024 Patched in 3.63 (6d)

Code Analysis

Analyzed Mar 16, 2026

Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

95 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

Output Escaping

96% escaped99 total outputs

Data Flows

All sanitized

Data Flow Analysis

7 flows

r3d_save_general_callback (includes\plugin-admin.php:33)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder Attack Surface

Entry Points14

Unprotected3

AJAX Handlers 8

authwp_ajax_r3d_save_generalincludes\plugin-admin.php:31

authwp_ajax_r3d_reset_generalincludes\plugin-admin.php:73

authwp_ajax_r3d_save_thumbnailincludes\plugin-admin.php:85

authwp_ajax_r3d_importincludes\Real3DFlipbook.php:480

authwp_ajax_r3d_get_jsonincludes\Real3DFlipbook.php:482

authwp_ajax_r3d_last_pageincludes\Real3DFlipbook.php:491

authwp_ajax_pdfincludes\Real3DFlipbook.php:496

noprivwp_ajax_pdfincludes\Real3DFlipbook.php:497

Shortcodes 6

[real3dflipbook] includes\Real3DFlipbook.php:203

[pdf-embedder] includes\Real3DFlipbook.php:250

[dflip] includes\Real3DFlipbook.php:264

[wonderplugin_pdf] includes\Real3DFlipbook.php:276

[3d-flip-book] includes\Real3DFlipbook.php:282

[pdfjs-viewer] includes\Real3DFlipbook.php:288

WordPress Hooks 28

filtermanage_r3d_posts_columnsincludes\post-type.php:115

actionmanage_r3d_posts_custom_columnincludes\post-type.php:116

filtermanage_edit-r3d_category_columnsincludes\post-type.php:118

filtermanage_r3d_category_custom_columnincludes\post-type.php:119

filterpost_row_actionsincludes\post-type.php:121

actionrestrict_manage_postsincludes\post-type.php:123

filterparse_queryincludes\post-type.php:124

actionadmin_action_r3d_duplicate_postincludes\post-type.php:126

actionbefore_delete_postincludes\post-type.php:129

actionmedia_buttonsincludes\Real3DFlipbook.php:153

filterwidget_textincludes\Real3DFlipbook.php:202

actionwp_enqueue_scriptsincludes\Real3DFlipbook.php:252

filterrender_blockincludes\Real3DFlipbook.php:258

actionwp_enqueue_scriptsincludes\Real3DFlipbook.php:265

actionadmin_noticesincludes\Real3DFlipbook.php:420

actioninitincludes\Real3DFlipbook.php:464

actionplugins_loadedincludes\Real3DFlipbook.php:466

actioninitincludes\Real3DFlipbook.php:468

actionadmin_enqueue_scriptsincludes\Real3DFlipbook.php:477

actionadmin_menuincludes\Real3DFlipbook.php:478

actionadmin_footerincludes\Real3DFlipbook.php:484

actionadd_meta_boxesincludes\Real3DFlipbook.php:486

actionedit_form_after_titleincludes\Real3DFlipbook.php:487

actionsave_post_r3dincludes\Real3DFlipbook.php:488

filtersingle_templateincludes\Real3DFlipbook.php:493

filtertaxonomy_templateincludes\Real3DFlipbook.php:494

actionenqueue_block_assetsincludes\Real3DFlipbook.php:871

actionenqueue_block_editor_assetsincludes\Real3DFlipbook.php:872

Maintenance & Trust

Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 3, 2026

PHP min version

Downloads178K

Community Trust

Rating86/100

Number of ratings9

Active installs10K

Alternatives

Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder Alternatives

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer

3d-flipbook-dflip-lite

Dear Flipbook creates PDF Flipbook, 3D Flipbook, PDF viewer, PDF embed for WordPress sites. Create impressive and realistic 3D flipbooks with PDFs.

100K 8 CVEs

3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery

interactive-3d-flipbook-powered-physics-engine

3D FlipBook is PDF Viewer, allowing to browse images, PDFs or HTMLs as flipbook. Flipbook attracts user attention and makes more impression on him.

80K 8 CVEs

PDF Poster – Display PDF Files with Custom Viewer

pdf-poster

100

PDF Poster lets you embed PDF files in WordPress using a responsive viewer and block support, including full-screen, download, and print options.

20K 1 CVE

flowpaper

flowpaper-lite-pdf-flipbook

Flipbook PDF viewer - all you need is a PDF : [flipbook pdf="https://flowpaper.com/example.pdf"]

10K 2 CVEs

Algori PDF Viewer

algori-pdf-viewer

Algori PDF Viewer is a Gutenberg Block Plugin that enables you to easily display PDF documents directly on your website.

7K 1 CVE

Developer Profile

Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder Developer Profile

creativeinteractivemedia

2 plugins · 13K total installs

trust score

Avg Security Score

73/100

Avg Patch Time

9 days

View full developer profile

Detection Fingerprints

How We Detect Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/real3d-flipbook-lite/freemius/css/main.css/wp-content/plugins/real3d-flipbook-lite/freemius/js/main.js/wp-content/plugins/real3d-flipbook-lite/css/real3d-flipbook-admin.css/wp-content/plugins/real3d-flipbook-lite/css/real3d-flipbook-public.css/wp-content/plugins/real3d-flipbook-lite/js/real3d-flipbook-admin.js/wp-content/plugins/real3d-flipbook-lite/js/real3d-flipbook-public.js

Script Paths

real3d-flipbook-lite/freemius/js/main.jsreal3d-flipbook-lite/js/real3d-flipbook-admin.jsreal3d-flipbook-lite/js/real3d-flipbook-public.js

Version Parameters

real3d-flipbook-lite/freemius/css/main.css?ver=real3d-flipbook-lite/freemius/js/main.js?ver=real3d-flipbook-lite/css/real3d-flipbook-admin.css?ver=real3d-flipbook-lite/css/real3d-flipbook-public.css?ver=real3d-flipbook-lite/js/real3d-flipbook-admin.js?ver=real3d-flipbook-lite/js/real3d-flipbook-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

r3d_wrapaddons-banner-block-itemaddons-banner-block-item-contentaddons-buttonreal3dflipbook-adminr3d-tabspostbox-headerhndle+5 more

HTML Comments

Data Attributes

data-tabid="real3dflipbook-admin"id="r3d-tabs"class="nav-tab"id="flipbook-general-options"id="flipbook-toc-options"+5 more

JS Globals

r3d_fsreal3d_flipbook_adminReal3DFlipbook

FAQ