CVE-2025-69019
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlippingBook FlippingBook flippingbook allows DOM-Based XSS.This issue affects FlippingBook: from n/a through <= 2.0.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
DOM-based XSS vulnerability in FlippingBook WordPress plugin allows script injection; update to version 2.0.2.
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the FlippingBook plugin for WordPress versions 2.0.1 and earlier. The issue stems from improper neutralization of input during web page generation, allowing attackers to inject malicious scripts via DOM manipulation [1].
Exploitation requires user interaction, typically tricking a privileged user (such as an admin) into clicking a crafted link or submitting a malicious form. The vulnerability is often targeted in mass-exploit campaigns, affecting thousands of websites regardless of their size or popularity [1].
Successful exploitation enables an attacker to inject arbitrary JavaScript, leading to actions such as redirecting users to malicious sites, displaying unwanted advertisements, or stealing sensitive information from the victim's session [1].
The vendor has released version 2.0.2 to address this vulnerability. Users are advised to update immediately. For those unable to update, restricting privileged user interactions or seeking assistance from a hosting provider is recommended [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=2.0.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.