Real3D FlipBook - Multiple Vulnerabilities



Description
 List of vulnerabilities:

- Delete any file or directory from the server (Unauthenticated)
- Upload images in Root directory (Unauthenticated)
- Cross-Site Scripting (XSS)

Proof of Concept
https://github.com/mukarramkhalid/wordpress-real-3d-flipbook-exploit/blob/master/real3dflipbook-exploit.py

Affects Plugin

References

EXPLOITDB 40055
URL https://codecanyon.net/item/real3d-flipbook-wordpress-plugin/6942587
URL https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit/

Classification

Type MULTI

Miscellaneous

Submitter Mukarram Khalid
Submitter Website https://mukarramkhalid.com/
Submitter Twitter https://twitter.com/themakmaniac
Views 4326
Verified No
WPVDB ID 8536

Timeline

Publicly Published 2016-07-03 (about 3 years ago)
Added 2016-07-05 (about 3 years ago)
Last Updated 2016-07-05 (about 3 years ago)