Real3D FlipBook - Multiple Vulnerabilities



Description
 List of vulnerabilities:

- Delete any file or directory from the server (Unauthenticated)
- Upload images in Root directory (Unauthenticated)
- Cross-Site Scripting (XSS)

The plugin is still affected and has been closed.

Proof of Concept The PoC will be displayed on October 02, 2019, to give users the time to update.

Affects Plugin

References

EXPLOITDB 40055
URL https://codecanyon.net/item/real3d-flipbook-wordpress-plugin/6942587
URL https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit/

Classification

Type MULTI

Miscellaneous

Submitter Mukarram Khalid
Submitter Website https://mukarramkhalid.com/
Submitter Twitter https://twitter.com/themakmaniac
Views 5142
Verified No
WPVDB ID 8536

Timeline

Publicly Published 2016-07-03 (about 3 years ago)
Added 2016-07-05 (about 3 years ago)
Last Updated 2019-09-18 (1 day ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin