3 matches found
CVE-2016-10965
The CVE-2016-10965 entry concerns the real3d-flipbook-lite plugin for WordPress (version 1.0). The underlying issue is a deleteBook=../ directory traversal vulnerability that enables traversal for file deletion. Connected sources confirm the affected software and the root cause (directory travers...
CVE-2016-10966
The CVE-2016-10966 entry concerns the WordPress plugin real3d-flipbook-lite version 1.0. The vulnerability is a directory traversal in the file upload process via bookName=../, enabling traversal beyond the intended directory. Details across connected documents confirm the affected product and th...
CVE-2016-10967
The CVE-2016-10967 entry concerns the WordPress plugin real3d-flipbook-lite (v1.0) . The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via the parameter bookId in the file path wp-content/plugins/real3d-flipbook/includes/flipbooks.php . Root cause is inadequate input handling/san...