Creates 3D Flipbook, PDF Flipbook <= 1.2 – Authenticated (Subscriber+) Arbitrary File Upload | CVE 2024-48034 | Plugin Vulnerabilities

Description

The Creates 3D Flipbook, PDF Flipbook in WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

create-flipbook-from-pdf

No known fix

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/5b5c8733-7396-4ae5-862d-15db370dbdd7

Miscellaneous

Original Researcher

stealthcopter

Verified

No

WPVDB ID

7a4f9779-0692-419f-80d0-2bdf064894df

Timeline

Publicly Published

2024-10-09 (about 1 year ago)

Added

2024-10-16 (about 1 year ago)

Last Updated

2024-10-16 (about 1 year ago)

Other

Published

Title

Published

2016-06-22

Title

Contus Video Comments - Unauthenticated Remote JPG File Upload

Published

2025-07-11

Title

Helpdesk Support Ticket System for WooCommerce <= 2.1.0 - Unauthenticated Arbitrary File Upload

Published

2024-08-12

Title

Media Library Assistant < 3.19 - Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action

Published

2014-12-08

Title

Gravity Forms <= 1.8.19 - Arbitrary File Upload

Published

2025-08-27

Title

Pin WP < 7.2 - Authenticated (Subscriber+) Arbitrary File Upload