WP-Safety

WN Flipbox Pro Security & Risk Analysis

wordpress.org/plugins/wn-flipbox-pro

Create eye catching and professional flipboxes effects to positively impact the user experience of your website, increase the time on page and the CTR …

100 active installs v2.1 PHP 5.2.4+ WP 4.6+ Updated Sep 24, 2020
3d-flip-boxflip-boxflipboximage-flipbox
63
C · Use Caution
CVEs total1
Unpatched1
Last CVESep 5, 2025
Plugin page Download
Safety Verdict

Is WN Flipbox Pro Safe to Use in 2026?

Use With Caution

Score 63/100

WN Flipbox Pro has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Sep 5, 2025Updated 5yr ago
Risk Assessment

The wn-flipbox-pro v2.1 plugin presents a mixed security posture. While it demonstrates good practices in some areas, such as using prepared statements for all SQL queries and a high percentage of properly escaped output, significant concerns remain. The presence of an unprotected AJAX handler represents a direct entry point that is not adequately secured, increasing the risk of unauthorized actions. Furthermore, the taint analysis revealing a flow with unsanitized paths, even without critical or high severity, warrants attention as it indicates a potential for unexpected behavior or data manipulation.

The vulnerability history, specifically the presence of a currently unpatched medium severity CVE, is a major red flag. The fact that the last vulnerability was in September 2025 suggests a pattern of ongoing security issues that are not being addressed promptly. This historical data, combined with the static analysis findings, points to a plugin that requires immediate attention to patch existing vulnerabilities and address the identified insecure code practices, particularly the unprotected AJAX endpoint and the unsanitized path flow.

Key Concerns

  • Unprotected AJAX handler found
  • Flow with unsanitized path in taint analysis
  • Unpatched medium severity CVE
  • No nonce checks on AJAX handlers
  • No capability checks on entry points
Vulnerabilities
1

WN Flipbox Pro Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-58847medium · 4.3Cross-Site Request Forgery (CSRF)

WN Flipbox Pro <= 2.1 - Cross-Site Request Forgery

Sep 5, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

WN Flipbox Pro Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
33
1025 escaped
Nonce Checks
0
Capability Checks
0
File Operations
4
External Requests
0
Bundled Libraries
0

Output Escaping

97% escaped1058 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<wn_ih_admin> (templates\wn_ih_admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WN Flipbox Pro Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_myprefix_get_imagewn-flipbox-pro.php:64

Shortcodes 1

[wn-flipbox] wn-flipbox-pro.php:65
WordPress Hooks 5
actionelementor/initwn-flipbox-pro.php:57
actionadmin_menuwn-flipbox-pro.php:59
actionadmin_enqueue_scriptswn-flipbox-pro.php:61
actionadmin_enqueue_scriptswn-flipbox-pro.php:62
actioninitwn-flipbox-pro.php:63
Maintenance & Trust

WN Flipbox Pro Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedSep 24, 2020
PHP min version5.2.4
Downloads3K

Community Trust

Rating86/100
Number of ratings3
Active installs100
Alternatives

WN Flipbox Pro Alternatives

Flipbox – Awesomes Flip Boxes Image Overlay

Flipbox – Awesomes Flip Boxes Image Overlay

image-hover-effects-ultimate-visual-composer

A
99

Showcase team members or any list with Flipbox - Awesome Flip Boxes Image Overlay. A clean, responsive, and professional way to display your team.

10K 1 CVE
Flip Cards Module For Divi

Flip Cards Module For Divi

flip-cards-module-divi

A
92

A simple plugin that adds a flip cards module in the Divi builder.

4K No CVEs
Flipbox

Flipbox

flipbox

A
92

Deliver your content beautifully to grab attention with an animated Flipbox block.

2K No CVEs
Flipbox Addon for Elementor

Flipbox Addon for Elementor

ultimate-flipbox-addon-for-elementor

A
99

Flip Boxes for Elementor – animated, 3D, responsive flip box widgets for posts, custom post types, portfolios, and product showcases.

300 1 CVE
Flip Block – Create Flipbox Overlays and Hovers

Flip Block – Create Flipbox Overlays and Hovers

flip-block

A
92

A simple block to create a flip card in WordPress.

100 No CVEs
Developer Profile

WN Flipbox Pro Developer Profile

Yaidier

4 plugins · 1K total installs

80
trust score
Avg Security Score
80/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WN Flipbox Pro

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wn-flipbox-pro/css/mycss.css/wp-content/plugins/wn-flipbox-pro/js/main.js/wp-content/plugins/wn-flipbox-pro/js/admin_section.js/wp-content/plugins/wn-flipbox-pro/js/templates_selector.js
Script Paths
/wp-content/plugins/wn-flipbox-pro/js/main.js/wp-content/plugins/wn-flipbox-pro/js/admin_section.js/wp-content/plugins/wn-flipbox-pro/js/templates_selector.js
Version Parameters
wn_flipbox_pro_css_styleswn_flipbox_pro_myprefix_scriptwn_flipbox_pro_myprefix_script2wn_flipbox_pro_myprefix_script4wn_flipbox_pro_outputJs

HTML / DOM Fingerprints

CSS Classes
wn-flipbox-pro
JS Globals
myprefix_get_image
REST Endpoints
/wp-json/wp/v2/myprefix_get_image
Shortcode Output
[wn-flipbox]
FAQ

Frequently Asked Questions about WN Flipbox Pro