CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12620 – AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations <= 1.4.23 - Missing Authorization to Unauthenticated Settings Update
https://notcve.org/view.php?id=CVE-2024-12620
31 Jan 2025 — The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agl_json' AJAX action in all versions up to, and including, 1.4.23. This makes it possible for unauthenticated attackers to update the plugin's settings. • https://wordpress.org/plugins/animategl • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-9849 – 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin <= 4.6 - Authenticated (Author+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-9849
15 Nov 2024 — The 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'r3dfb_save_thumbnail_callback' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The Real3D Flipbook Lite – 3D FlipBook, PDF Viewer, PDF... • https://plugins.trac.wordpress.org/browser/real3d-flipbook-lite/tags/4.6/includes/plugin-admin.php#L77 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37215 – WordPress Transition Slider – Responsive Image Slider and Gallery plugin <= 2.20.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37215
20 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in creativeinteractivemedia Transition Slider – Responsive Image Slider and Gallery allows Stored XSS.This issue affects Transition Slider – Responsive Image Slider and Gallery: from n/a through 2.20.3. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en creativeinteractivemedia Transition Slider – Responsive Image Slider and G... • https://patchstack.com/database/vulnerability/transition-slider-lite/wordpress-transition-slider-responsive-image-slider-and-gallery-plugin-2-20-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10965 – Real3D Flipbook <= 1.0.0 - Directory Traversal
https://notcve.org/view.php?id=CVE-2016-10965
03 Jul 2016 — The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion. El plugin real3d-flipbook-lite versión 1.0 para WordPress, presenta un salto de directorio de deleteBook=../ para la eliminación de archivos. • https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10966 – Real3D Flipbook <= 1.0.0 - File Upload to User Controlled Location
https://notcve.org/view.php?id=CVE-2016-10966
03 Jul 2016 — The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload. El plugin real3d-flipbook-lite versión 1.0 para WordPress, presenta un salto de directorio de bookName=../ para la carga de archivos. The Real3D Flipbook plugin for WordPress is vulnerable to file uploads to user controlled locations due to missing directory validation in the 'bookName' parameter in versions up to, and including, 1.0.0 This makes it possible for attackers to upload files to arbitrary loca... • https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10967 – Real3D Flipbook <= 1.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10967
03 Jul 2016 — The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter. El plugin real3d-flipbook-lite versión 1.0 para WordPress, presenta una vulnerabilidad de tipo XSS por medio del parámetro bookId del archivo wp-content/plugins/real3d-flipbook/includes/flipbooks.php. • https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •