CVE-2024-48034: 
WordPress vulnerability analysis and mitigation

The Creates 3D Flipbook, PDF Flipbook WordPress plugin contains an Unrestricted Upload of File with Dangerous Type vulnerability (CVE-2024-48034) affecting versions up to and including 1.2. The vulnerability was discovered by researcher stealthcopter and publicly disclosed on October 9, 2024 (WPScan, Patchstack).

The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) and has received a CVSS v3.1 base score of 9.9 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. The issue stems from missing file type validation in the plugin, which allows for arbitrary file uploads (NVD, Patchstack).

The vulnerability allows authenticated attackers with Subscriber-level access or higher to upload arbitrary files to the affected site's server, potentially enabling remote code execution through web shell uploads (WPScan, Patchstack).

Currently, there is no official fix available for this vulnerability. Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available (Patchstack).