Real3D FlipBook - Multiple Vulnerabilities

Sign up to our free email alerts service for instant vulnerability notifications!

Description
 List of vulnerabilities:

- Delete any file or directory from the server (Unauthenticated)
- Upload images in Root directory (Unauthenticated)
- Cross-Site Scripting (XSS)

Proof of Concept
https://github.com/mukarramkhalid/wordpress-real-3d-flipbook-exploit/blob/master/real3dflipbook-exploit.py

Affects

Plugin real3d-flipbook

References

EXPLOITDB 40055
URL https://codecanyon.net/item/real3d-flipbook-wordpress-plugin/6942587
URL https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit/

Classification

Type MULTI

Miscellaneous

Submitter Mukarram Khalid
Submitter Website https://mukarramkhalid.com/
Submitter Twitter https://twitter.com/themakmaniac
Views 383
Verified No
WPVDB ID 8536

Timeline

Publicly Published 2016-07-03 (5 months ago)
Added 2016-07-05 (5 months ago)
Last Updated 2016-07-05 (5 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.