Mukarram Khalid

#12742of 53,633
21.1Total CVSS
Vulnerabilities · 3
Medium
1
High
2
PT-2019-7758
7.5
2019-09-16
WordPress · Real3D-Flipbook-Lite · CVE-2016-10965
**Name of the Vulnerable Software and Affected Versions** real3d-flipbook-lite plugin version 1.0 for WordPress **Description** The issue concerns a directory traversal vulnerability for file deletion, specifically through the `deleteBook` parameter. This allows for the deletion of files outside the intended directory. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For real3d-flipbook-lite plugin version 1.0, as a temporary workaround, consider restricting access to the `deleteBook` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2019-7759
7.5
2019-09-16
WordPress · Real3D-Flipbook-Lite · CVE-2016-10966
**Name of the Vulnerable Software and Affected Versions** real3d-flipbook-lite plugin version 1.0 for WordPress **Description** The issue concerns a directory traversal vulnerability in the real3d-flipbook-lite plugin for WordPress, specifically affecting file upload. This is achieved through the `bookName` parameter, allowing for traversal using `../`. **Recommendations** For real3d-flipbook-lite plugin version 1.0, consider restricting access to the file upload functionality until a patch is available, or avoid using the `bookName` parameter with `../` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2019-7760
6.1
2019-09-16
WordPress · Real3D-Flipbook-Lite · CVE-2016-10967
**Name of the Vulnerable Software and Affected Versions** real3d-flipbook-lite plugin version 1.0 **Description** The issue concerns a problem with the real3d-flipbook-lite plugin for WordPress, where there is a potential for XSS via the `bookId` parameter in the `/wp-content/plugins/real3d-flipbook/includes/flipbooks.php` endpoint. **Recommendations** For real3d-flipbook-lite plugin version 1.0, avoid using the `bookId` parameter in the affected endpoint until the issue is resolved. Consider temporarily restricting access to the flipbooks.php file to minimize the risk of exploitation.