Vulnerabilities and security researches forreal3d-flipbook-lite real3d-flipbook-lite

Jun 07, 2024

CVE, Research URL: CVE-2016-10966
Home page URL: Security reports for 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Application: 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Date: Sep 16, 2019
Research Description: The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload.
Affected versions: max 1.0.
Status: vulnerable

CVE, Research URL: CVE-2016-10967
Home page URL: Security reports for 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Application: 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Date: Sep 16, 2019
Research Description: The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter.
Affected versions: max 1.1.
Status: vulnerable

CVE, Research URL: CVE-2024-32694
Home page URL: Security reports for 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Application: 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Date: Apr 22, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Reflected XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.62.
Affected versions: max 3.63.
Status: vulnerable

CVE, Research URL: CVE-2016-10965
Home page URL: Security reports for 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Application: 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Date: Sep 16, 2019
Research Description: The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion.
Affected versions: max 1.0.
Status: vulnerable

CVE, Research URL: CVE-2024-34561
Home page URL: Security reports for 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Application: 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Date: May 08, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Stored XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.71.
Affected versions: max 3.72.
Status: vulnerable

Nov 16, 2024

CVE, Research URL: CVE-2024-9849
Home page URL: Security reports for 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Application: 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Date: Nov 16, 2024
Research Description: The 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'r3dfb_save_thumbnail_callback' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions: max 4.8.5.
Status: vulnerable

Jan 10, 2026

CVE, Research URL: CVE-2025-68512
Home page URL: Security reports for 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Application: 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Date: Dec 24, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Stored XSS.This issue affects Real 3D FlipBook: from n/a through <= 4.11.4.
Affected versions: max 4.11.4.
Status: vulnerable

Feb 27, 2026

CVE, Research URL: CVE-2026-25423
Home page URL: Security reports for 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Application: 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Date: Feb 19, 2026
Research Description: Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3D FlipBook: from n/a through <= 4.16.4.
Affected versions: max 4.16.4.
Status: vulnerable