Vulnerabilities and security researches forreal3d-flipbook-lite real3d-flipbook-lite

Jun 07, 2024

CVE, Research URL: CVE-2016-10966
Home page URL: Security reports for 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Application: 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Date: Sep 16, 2019
Research Description: The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2016-10967
Home page URL: Security reports for 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Application: 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Date: Sep 16, 2019
Research Description: The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-32694
Home page URL: Security reports for 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Application: 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Date: Apr 22, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Reflected XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.62.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2016-10965
Home page URL: Security reports for 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Application: 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Date: Sep 16, 2019
Research Description: The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-34561
Home page URL: Security reports for 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Application: 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Date: May 08, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Stored XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.71.
Affected versions: Min -, max -.
Status: vulnerable

Nov 16, 2024

CVE, Research URL: CVE-2024-9849
Home page URL: Security reports for 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Application: 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Date: Nov 16, 2024
Research Description: The 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'r3dfb_save_thumbnail_callback' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions: Min -, max -.
Status: vulnerable