CVE-2025-5314
BaseFortify
Publication date: 2025-07-01
Last updated on: 2025-07-03
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5314 is a DOM-Based Reflected Cross-Site Scripting (XSS) vulnerability in the Dear Flipbook WordPress plugin, specifically via the 'pdf-source' URL parameter. The plugin did not properly sanitize or escape input from this parameter, allowing unauthenticated attackers to inject malicious scripts that execute when a user interacts with a crafted link. The vulnerability arises from unsafe handling of URL parameters and unconditional DOM injection of a ShareBox component. The issue was fixed by disabling automatic processing of the 'pdf-source' parameter and adding the ShareBox UI element to the DOM only when explicitly required. [1, 3, 4]
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary JavaScript in the context of the affected website, potentially leading to theft of user credentials, session hijacking, defacement, or redirection to malicious sites. Since the attack requires tricking a user into clicking a crafted link, it can be used in phishing attacks. The vulnerability affects the confidentiality and integrity of user interactions with the website, posing a moderate security risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your WordPress site is running the Dear Flipbook β PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin version 2.3.65 or earlier. Specifically, you can look for the presence of the vulnerable 'pdf-source' parameter in URLs used by the plugin. A simple detection method is to test if the 'pdf-source' parameter in the URL is unsanitized and can be used to inject scripts. For example, you can try accessing a URL on your site with a crafted 'pdf-source' parameter containing a script payload and observe if the script executes. There are no specific commands provided in the resources, but you can use curl or wget to fetch URLs with the 'pdf-source' parameter and inspect the response for injected scripts. Example command: curl -i 'https://your-site.com/page?pdf-source=<script>alert(1)</script>' and check if the script is reflected in the response. Additionally, review the plugin version installed via WordPress admin or by checking the plugin files for version info. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the Dear Flipbook β PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer WordPress plugin to version 2.3.67 or later, where the vulnerability has been fixed. The fix disables unsafe automatic processing of the 'pdf-source' URL parameter and ensures the ShareBox component is only added to the DOM when required, reducing the attack surface. If updating immediately is not possible, consider disabling or restricting access to the plugin's features that process the 'pdf-source' parameter or block URLs containing this parameter at the web server or application firewall level to prevent exploitation. Monitoring and restricting user input that includes the 'pdf-source' parameter can also help mitigate risk until the update is applied. [1, 3, 4]