Title: Broken access control – plugin vulnerability Last modified: May 28, 2026 --- # Broken access control – plugin vulnerability * [kristynakadlecova](https://wordpress.org/support/users/kristynakadlecova/) * (@kristynakadlecova) * [1 week, 4 days ago](https://wordpress.org/support/topic/broken-access-control-plugin-vulnerability/) * Hi there, In version 2.4.27 of a free plugin version of 3DearFlip app our Patchstack monitoring service revealed a vulnerability:Broken Access ControlA broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. * Can you fix that, please? Thanks in advance Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Author [Deepak Ghimire](https://wordpress.org/support/users/deip/) * (@deip) * [1 week, 4 days ago](https://wordpress.org/support/topic/broken-access-control-plugin-vulnerability/#post-18922011) * Hi, * We are working on it with PatchStack team and the reporter to solve the issue. * It involves only private flipbooks, if you create any. Normally that is not the use case in our experience. But even though it is a edge case and will be handled. If you do not set your flipbooks to private and set them as public, there is no issue. * The complication is from password protected case, we do not need nor want it, but custom post adds it anyway and the testing team wants it handled. We are thinking to just show an info that password protected flipbook post are not supported. * Best Regards, Deepak - This reply was modified 1 week, 4 days ago by [Deepak Ghimire](https://wordpress.org/support/users/deip/). * [charactercreates](https://wordpress.org/support/users/charactercreates/) * (@charactercreates) * [1 week, 3 days ago](https://wordpress.org/support/topic/broken-access-control-plugin-vulnerability/#post-18923016) * Hi, I have a vulnerability showing on my update tool. I am at the latest version of the plugin 2.4.28. * Can you advise if there is another patch due out please? * Plugin Author [Deepak Ghimire](https://wordpress.org/support/users/deip/) * (@deip) * [6 days, 18 hours ago](https://wordpress.org/support/topic/broken-access-control-plugin-vulnerability/#post-18925902) * We have released a patch 2.4.30 It was approved by PatchStack yesterday and should be announced by today. Viewing 3 replies - 1 through 3 (of 3 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fbroken-access-control-plugin-vulnerability%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/3d-flipbook-dflip-lite/assets/icon-128x128.gif?rev=3175518) * [DearFlip - PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer](https://wordpress.org/plugins/3d-flipbook-dflip-lite/) * [Frequently Asked Questions](https://wordpress.org/plugins/3d-flipbook-dflip-lite/#faq) * [Support Threads](https://wordpress.org/support/plugin/3d-flipbook-dflip-lite/) * [Active Topics](https://wordpress.org/support/plugin/3d-flipbook-dflip-lite/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/3d-flipbook-dflip-lite/unresolved/) * [Reviews](https://wordpress.org/support/plugin/3d-flipbook-dflip-lite/reviews/) * 4 replies * 3 participants * Last reply from: [Deepak Ghimire](https://wordpress.org/support/users/deip/) * Last activity: [6 days, 18 hours ago](https://wordpress.org/support/topic/broken-access-control-plugin-vulnerability/#post-18925902) * Status: not resolved