[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fX4qPFFd9mnIC7Mc92GFt2vH_NlzgOKjqrdVkHAg4oJ8":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2022-0423","3d-flipbook-subscriber-stored-cross-site-scripting","3D FlipBook \u003C= 1.12.0 - Subscriber+ Stored Cross-Site Scripting","The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation\u002Fescaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook.","interactive-3d-flipbook-powered-physics-engine",null,"\u003C1.12.1","1.12.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2022-02-28 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F15d66a77-d650-4209-9ad4-b2e157cd123a?source=api-prod",694]