Wp3Dprinting 3Dprint Lite vulnerabilities
6 known vulnerabilities affecting wp3dprinting/3dprint_lite.
Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2021-4436P1CRITICALCVSS 9.8ExploitedPoCRansomwarefixed in 1.9.1.52024-02-05
CVE-2021-4436 [CRITICAL] CWE-434 CVE-2021-4436: The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check
The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache.
nvd
CVE-2025-3430P4MEDIUMCVSS 4.9fixed in 2.1.3.72025-04-08
CVE-2025-3430 [MEDIUM] CWE-89 CVE-2025-3430: The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printer_text' paramete
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printer_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL querie
nvd
CVE-2025-3428P4MEDIUMCVSS 4.9fixed in 2.1.3.72025-04-08
CVE-2025-3428 [MEDIUM] CWE-89 CVE-2025-3428: The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coating_text' paramete
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coating_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL querie
nvd
CVE-2025-3429P4MEDIUMCVSS 4.9fixed in 2.1.3.72025-04-08
CVE-2025-3429 [MEDIUM] CWE-89 CVE-2025-3429: The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'material_text' paramet
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'material_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queri
nvd
CVE-2025-3427P4MEDIUMCVSS 4.9fixed in 2.1.3.72025-04-08
CVE-2025-3427 [MEDIUM] CWE-89 CVE-2025-3427: The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infill_text' parameter
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infill_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries
nvd
CVE-2024-10480P4MEDIUMCVSS 4.3fixed in 2.12024-12-06
CVE-2024-10480 [MEDIUM] CWE-352 CVE-2024-10480: The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its set
The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
nvd