CVE-2024-8717
PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip <= 2.3.32 - Reflected Cross-Site ScriptingThe PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pdf_source' parameter in all versions up to, and including, 2.3.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
We have discovered 20,005 live websites that are affected by CVE-2024-8717.
Affected Software
| Product |  3d Flipbook Dflip Lite |
| Category | Wordpress Plugins |
| Vulnerable Domains | 20,005 live websites (37.30% of 3d Flipbook Dflip Lite install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 59 versions ( 89.39% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Oct 24, 2024
- Updated - Oct 24, 2024
Credits
- Noah Stead (finder)
CWE
CVE References
CWE References
CVE-2024-8717 usage by Country
 United States | 5,199 websites |
 Germany | 2,598 websites |
 France | 1,389 websites |
 Italy | 832 websites |
 GB | 705 websites |
 Turkey | 593 websites |
 Poland | 473 websites |
 Spain | 470 websites |
 Cyprus | 441 websites |
 Japan | 422 websites |
CVE-2024-8717 usage by TLD
| .com | 6,682 websites |
| .org | 1,377 websites |
| .de | 1,140 websites |
| .it | 703 websites |
| .fr | 469 websites |
| .com.br | 439 websites |
| .co.uk | 419 websites |
| .net | 370 websites |
| .nl | 362 websites |
| .pl | 341 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-8717
Top websites that are affected by CVE-2024-8717. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.***.edu | United States | *,*** | |
| ********.de | Germany | **,*** | |
| ******.com | United States | **,*** | |
| ******************.org | United States | **,*** | |
| ***********.org | United States | **,*** | |
| **********.**.uk | United States | **,*** | |
| **********.com | United States | **,*** | |
| ***.gr | United States | **,*** | |
| *******.com | France | **,*** | |
| **************.com |  Netherlands | **,*** |
FAQ
CVE-2024-8717 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in 3d Flipbook Dflip Lite
A total of 20,005 websites have been identified as vulnerable to CVE-2024-8717, discovered through global website indexing conducted by WebTechSurvey.
3d Flipbook Dflip Lite is susceptible to CVE-2024-8717 vulnerability.
3d Flipbook Dflip Lite versions before, and including, 2.3.32 are vulnerable to CVE-2024-8717.