Real3D FlipBook <= 2.8 - Multiple Vulnerabilities



Description
 List of vulnerabilities:

- Delete any file or directory from the server (Unauthenticated)
- Upload images in Root directory (Unauthenticated)
- Cross-Site Scripting (XSS)
Proof of Concept
https://github.com/mukarramkhalid/wordpress-real-3d-flipbook-exploit/blob/master/real3dflipbook-exploit.py

Affects Plugin

fixed in version 2.9

References

EXPLOITDB 40055
URL https://codecanyon.net/item/real3d-flipbook-wordpress-plugin/6942587
URL https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit/

Classification

Type MULTI

Miscellaneous

Submitter Mukarram Khalid
Submitter Website https://mukarramkhalid.com/
Submitter Twitter themakmaniac
Views 5752
Verified No
WPVDB ID 8536

Timeline

Publicly Published 2016-07-03 (over 3 years ago)
Added 2016-07-05 (over 3 years ago)
Last Updated 2019-11-01 (12 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin