The vulnerability in the 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin arises from the lack of proper capability checks in the send_post_pages_json() function. This function is responsible for handling requests related to flipbook page metadata, but without adequate permission checks, it can expose sensitive information. Unauthenticated attackers can exploit this flaw to retrieve page metadata, which could reveal information about unpublished or restricted flipbooks to unauthorized users. This issue is especially critical for websites that rely on the privacy of their content for draft or protected pages. The vulnerability affects all plugin versions up to and including 1.16.17, posing a potential risk to any WordPress site using this plugin.

To mitigate this vulnerability, site administrators should ensure that access to sensitive functions such as send_post_pages_json() requires proper capability checks. It's crucial to implement checks that only allow authenticated and authorized users to access these functions. Furthermore, restricting data exposure and conducting regular security assessments can help identify similar vulnerabilities in other plugins.