WordPress Plugin Vulnerabilities

A Page Flip Book 2.3 - index.php pageflipbook_language Parameter Traversal Local File Inclusion

Description

The A Page Flip Book WordPress plugin was affected by an index.php pageflipbook_language Parameter Traversal Local File Inclusion security vulnerability.

Affects Plugins

Plugin icon
wppageflip
No known fix

References

CVE
CVE-2012-6652
URL
https://www.openwall.com/lists/oss-security/2014/07/30/2
URL
https://wordpress.org/support/topic/pageflipbook-pageflipbook_language-parameter-local-file-inclusion/

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
ceriksen
Verified
No
WPVDB ID
c7adb3b0-632d-4f8d-bffc-a85cd2beb318

Timeline

Publicly Published
2012-07-10 (about 13 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2016-11-30
Title
WP Vault 0.8.6.6 - Unauthenticated Local File Inclusion (LFI)
Published
2026-01-13
Title
WPLMS <= 1.9.9.5.4 - Unauthenticated Arbitrary File Deletion
Published
2024-10-15
Title
FREE DOWNLOAD MANAGER <= 1.0.0 - Unauthenticated Arbitrary File Download
Published
2021-08-24
Title
Live Scores for SportsPress < 1.9.1 - Authenticated Local File Inclusion
Published
2014-08-01
Title
WP Custom Pages 0.5.0.1 - LFI