CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10965 – Real3D Flipbook <= 1.0.0 - Directory Traversal
https://notcve.org/view.php?id=CVE-2016-10965
The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion. El plugin real3d-flipbook-lite versión 1.0 para WordPress, presenta un salto de directorio de deleteBook=../ para la eliminación de archivos. • https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit https://wordpress.org/plugins/real3d-flipbook-lite/#developers • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10966 – Real3D Flipbook <= 1.0.0 - File Upload to User Controlled Location
https://notcve.org/view.php?id=CVE-2016-10966
The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload. El plugin real3d-flipbook-lite versión 1.0 para WordPress, presenta un salto de directorio de bookName=../ para la carga de archivos. The Real3D Flipbook plugin for WordPress is vulnerable to file uploads to user controlled locations due to missing directory validation in the 'bookName' parameter in versions up to, and including, 1.0.0 This makes it possible for attackers to upload files to arbitrary locations on the affected sites server. • https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit https://wordpress.org/plugins/real3d-flipbook-lite/#developers • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10967 – Real3D Flipbook <= 1.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10967
The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter. El plugin real3d-flipbook-lite versión 1.0 para WordPress, presenta una vulnerabilidad de tipo XSS por medio del parámetro bookId del archivo wp-content/plugins/real3d-flipbook/includes/flipbooks.php. • https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit https://wordpress.org/plugins/real3d-flipbook-lite/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •