cleantalk
Vulnerabilities and Security Researches

3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin, CVE-2024-9849

CVE, Research URL

CVE-2024-9849

Home page URL

Security reports for 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin

Application

3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin

Published on
Nov 16, 2024
Research Description
The 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'r3dfb_save_thumbnail_callback' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
Min -, max 4.8.5.
Status
vulnerable
Previous vulnerability researches
3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin (CVE-2016-10966) , Jun 07, 2024
3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin (CVE-2016-10967) , Jun 07, 2024
3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin (CVE-2024-32694) , Jun 07, 2024
3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin (CVE-2016-10965) , Jun 07, 2024
3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin (CVE-2024-34561) , Jun 07, 2024
New vulnerability
The Plus Addons for Elementor (CVE-2025-49076) , Jun 06, 2025
WP Pipes (CVE-2025-48267) , Jun 06, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-5292) , Jun 06, 2025
Newsletters (CVE-2025-4857) , Jun 06, 2025
Royal Elementor Addons and Templates (CVE-2025-3813) , Jun 06, 2025