Search criteria
7 vulnerabilities by creativeinteractivemedia
CVE-2025-68512 (GCVE-0-2025-68512)
Vulnerability from cvelistv5 – Published: 2025-12-24 12:31 – Updated: 2025-12-24 19:34
VLAI?
Title
WordPress Real 3D FlipBook plugin <= 4.11.4 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Stored XSS.This issue affects Real 3D FlipBook: from n/a through <= 4.11.4.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| creativeinteractivemedia | Real 3D FlipBook |
Affected:
n/a , ≤ <= 4.11.4
(custom)
|
Credits
Muhammad Yudha - DJ | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-68512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T19:11:02.600588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T19:34:47.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "real3d-flipbook-lite",
"product": "Real 3D FlipBook",
"vendor": "creativeinteractivemedia",
"versions": [
{
"changes": [
{
"at": "4.16.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "\u003c= 4.11.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammad Yudha - DJ | Patchstack Bug Bounty Program"
}
],
"datePublic": "2025-12-24T13:29:43.733Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Stored XSS.\u003cp\u003eThis issue affects Real 3D FlipBook: from n/a through \u003c= 4.11.4.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Stored XSS.This issue affects Real 3D FlipBook: from n/a through \u003c= 4.11.4."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T12:31:21.792Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/real3d-flipbook-lite/vulnerability/wordpress-real-3d-flipbook-plugin-4-11-4-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress Real 3D FlipBook plugin \u003c= 4.11.4 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-68512",
"datePublished": "2025-12-24T12:31:21.792Z",
"dateReserved": "2025-12-19T10:16:51.230Z",
"dateUpdated": "2025-12-24T19:34:47.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12620 (GCVE-0-2024-12620)
Vulnerability from cvelistv5 – Published: 2025-02-01 03:21 – Updated: 2025-02-03 16:38
VLAI?
Title
AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations <= 1.4.23 - Missing Authorization to Unauthenticated Settings Update
Summary
The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agl_json' AJAX action in all versions up to, and including, 1.4.23. This makes it possible for unauthenticated attackers to update the plugin's settings.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| creativeinteractivemedia | AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations |
Affected:
* , ≤ 1.4.23
(semver)
|
Credits
Lucio Sá
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T16:24:06.986867Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T16:38:27.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AnimateGL Animations for WordPress \u2013 Elementor \u0026 Gutenberg Blocks Animations",
"vendor": "creativeinteractivemedia",
"versions": [
{
"lessThanOrEqual": "1.4.23",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lucio S\u00e1"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AnimateGL Animations for WordPress \u2013 Elementor \u0026 Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027agl_json\u0027 AJAX action in all versions up to, and including, 1.4.23. This makes it possible for unauthenticated attackers to update the plugin\u0027s settings."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-01T03:21:12.444Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/841a028d-ff36-4e3f-903b-e25951648075?source=cve"
},
{
"url": "https://wordpress.org/plugins/animategl/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-31T14:42:26.000+00:00",
"value": "Disclosed"
}
],
"title": "AnimateGL Animations for WordPress \u2013 Elementor \u0026 Gutenberg Blocks Animations \u003c= 1.4.23 - Missing Authorization to Unauthenticated Settings Update"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-12620",
"datePublished": "2025-02-01T03:21:12.444Z",
"dateReserved": "2024-12-13T14:33:15.856Z",
"dateUpdated": "2025-02-03T16:38:27.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9849 (GCVE-0-2024-9849)
Vulnerability from cvelistv5 – Published: 2024-11-16 03:20 – Updated: 2024-11-19 15:16
VLAI?
Title
3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin <= 4.6 - Authenticated (Author+) Arbitrary File Upload
Summary
The 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'r3dfb_save_thumbnail_callback' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity ?
8.8 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| creativeinteractivemedia | Real3D Flipbook Lite – 3D FlipBook, PDF Viewer, PDF Embedder |
Affected:
* , ≤ 4.6
(semver)
|
Credits
Aitor F
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:creativeinteractivemedia:real3d_flipbook:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "real3d_flipbook",
"vendor": "creativeinteractivemedia",
"versions": [
{
"lessThanOrEqual": "4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T15:42:00.390312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T15:16:00.469Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Real3D Flipbook Lite \u2013 3D FlipBook, PDF Viewer, PDF Embedder",
"vendor": "creativeinteractivemedia",
"versions": [
{
"lessThanOrEqual": "4.6",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aitor F"
}
],
"descriptions": [
{
"lang": "en",
"value": "The 3D FlipBook, PDF Viewer, PDF Embedder \u2013 Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the \u0027r3dfb_save_thumbnail_callback\u0027 function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-16T03:20:43.463Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f99b366-1a94-41ed-813a-bb13893604d0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/real3d-flipbook-lite/tags/4.6/includes/plugin-admin.php#L77"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-15T15:06:58.000+00:00",
"value": "Disclosed"
}
],
"title": "3D FlipBook, PDF Viewer, PDF Embedder \u2013 Real 3D FlipBook WordPress Plugin \u003c= 4.6 - Authenticated (Author+) Arbitrary File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9849",
"datePublished": "2024-11-16T03:20:43.463Z",
"dateReserved": "2024-10-10T22:34:54.736Z",
"dateUpdated": "2024-11-19T15:16:00.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37215 (GCVE-0-2024-37215)
Vulnerability from cvelistv5 – Published: 2024-07-22 09:28 – Updated: 2024-08-02 03:50
VLAI?
Title
WordPress Transition Slider – Responsive Image Slider and Gallery plugin <= 2.20.3 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in creativeinteractivemedia Transition Slider – Responsive Image Slider and Gallery allows Stored XSS.This issue affects Transition Slider – Responsive Image Slider and Gallery: from n/a through 2.20.3.
Severity ?
5.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| creativeinteractivemedia | Transition Slider – Responsive Image Slider and Gallery |
Affected:
n/a , ≤ 2.20.3
(custom)
|
Credits
Steven Julian (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T10:27:36.248766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T10:27:45.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:55.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/transition-slider-lite/wordpress-transition-slider-responsive-image-slider-and-gallery-plugin-2-20-3-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "transition-slider-lite",
"product": "Transition Slider \u2013 Responsive Image Slider and Gallery",
"vendor": "creativeinteractivemedia",
"versions": [
{
"lessThanOrEqual": "2.20.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Steven Julian (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in creativeinteractivemedia Transition Slider \u2013 Responsive Image Slider and Gallery allows Stored XSS.\u003cp\u003eThis issue affects Transition Slider \u2013 Responsive Image Slider and Gallery: from n/a through 2.20.3.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in creativeinteractivemedia Transition Slider \u2013 Responsive Image Slider and Gallery allows Stored XSS.This issue affects Transition Slider \u2013 Responsive Image Slider and Gallery: from n/a through 2.20.3."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T09:28:51.239Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/transition-slider-lite/wordpress-transition-slider-responsive-image-slider-and-gallery-plugin-2-20-3-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Transition Slider \u2013 Responsive Image Slider and Gallery plugin \u003c= 2.20.3 - Cross Site Scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-37215",
"datePublished": "2024-07-22T09:28:51.239Z",
"dateReserved": "2024-06-04T16:45:55.566Z",
"dateUpdated": "2024-08-02T03:50:55.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10967 (GCVE-0-2016-10967)
Vulnerability from cvelistv5 – Published: 2019-09-16 12:34 – Updated: 2024-08-06 03:47
VLAI?
Summary
The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:33.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/real3d-flipbook-lite/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-16T12:34:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/real3d-flipbook-lite/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/real3d-flipbook-lite/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/real3d-flipbook-lite/#developers"
},
{
"name": "https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit/",
"refsource": "MISC",
"url": "https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10967",
"datePublished": "2019-09-16T12:34:00",
"dateReserved": "2019-09-13T00:00:00",
"dateUpdated": "2024-08-06T03:47:33.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10966 (GCVE-0-2016-10966)
Vulnerability from cvelistv5 – Published: 2019-09-16 12:33 – Updated: 2024-08-06 03:47
VLAI?
Summary
The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:33.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/real3d-flipbook-lite/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-16T12:33:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/real3d-flipbook-lite/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/real3d-flipbook-lite/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/real3d-flipbook-lite/#developers"
},
{
"name": "https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit/",
"refsource": "MISC",
"url": "https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10966",
"datePublished": "2019-09-16T12:33:08",
"dateReserved": "2019-09-13T00:00:00",
"dateUpdated": "2024-08-06T03:47:33.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10965 (GCVE-0-2016-10965)
Vulnerability from cvelistv5 – Published: 2019-09-16 12:30 – Updated: 2024-08-06 03:47
VLAI?
Summary
The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:32.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/real3d-flipbook-lite/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-16T12:30:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/real3d-flipbook-lite/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/real3d-flipbook-lite/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/real3d-flipbook-lite/#developers"
},
{
"name": "https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit/",
"refsource": "MISC",
"url": "https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10965",
"datePublished": "2019-09-16T12:30:45",
"dateReserved": "2019-09-13T00:00:00",
"dateUpdated": "2024-08-06T03:47:32.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}