Cross Site Scripting (XSS) vulnerability

Hostinger’s built-in security has detected it as well and advised to do the same.

Hi,

Thank you for your reports. We are looking into possible solution and will release a fix soon.

The vulnerability is from third party pdf.js library that we use to render pdf pages. Their new version(4.3) with the fix is not compatible with many older browsers so we need a proper audit before we can release with pdf.js 4.3

Best Regards,

DearHive

Thank you DearHive for the update! I appreciate your time and effort. You are the best!

@tanyaslogos The plugin has not yet been updated to remove the vulnerability.

Hi @lawriem1 @zjduncan2007 @tanyaslogos ,

There is an update, 2.2.56, available for the vulnerability.

Best Regards,
DearHive

Thank you for the update. Much appreciated.

Vulnerability marked as fixed at 2.2.56
https://patchstack.com/database/vulnerability/3d-flipbook-dflip-lite/wordpress-pdf-flipbook-3d-flipbook-pdf-embed-pdf-viewer-plugin-2-2-55-cross-site-scripting-xss-vulnerability

Thank you for the quick responses! Sorry for just now getting back to this.