Vulnerabilities and security researches for3dprint-lite 3dprint-lite

Jun 07, 2024

CVE, Research URL: CVE-2021-4436
Home page URL: Security reports for 3DPrint Lite
Application: 3DPrint Lite
Date: Feb 05, 2024
Research Description: The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: 5b8b12945feaea339b5f2265c01dcbf3ef041992
Home page URL: Security reports for 3DPrint Lite
Application: 3DPrint Lite
Date: Oct 11, 2021
Research Description: 3DPrint Lite [3dprint-lite] < 1.9.1.5 WordPress 3DPrint Lite plugin <= 1.9.1.5 - Reflected Cross-Site Scripting (XSS) vulnerability Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress 3DPrint Lite plugin (versions <= 1.9.1.5).
Affected versions: Min -, max -.
Status: vulnerable

Dec 07, 2024

CVE, Research URL: CVE-2024-10480
Home page URL: Security reports for 3DPrint Lite
Application: 3DPrint Lite
Date: Dec 06, 2024
Research Description: The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
Affected versions: Min -, max -.
Status: vulnerable

Apr 02, 2025

CVE, Research URL: CVE-2025-30865
Home page URL: Security reports for 3DPrint Lite
Application: 3DPrint Lite
Date: Mar 27, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in fuzzoid 3DPrint Lite allows Cross Site Request Forgery. This issue affects 3DPrint Lite: from n/a through 2.1.3.5.
Affected versions: Min -, max -.
Status: vulnerable

Apr 09, 2025

CVE, Research URL: CVE-2025-3430
Home page URL: Security reports for 3DPrint Lite
Application: 3DPrint Lite
Date: Apr 08, 2025
Research Description: The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printer_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-3427
Home page URL: Security reports for 3DPrint Lite
Application: 3DPrint Lite
Date: Apr 08, 2025
Research Description: The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infill_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-3429
Home page URL: Security reports for 3DPrint Lite
Application: 3DPrint Lite
Date: Apr 08, 2025
Research Description: The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'material_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-3428
Home page URL: Security reports for 3DPrint Lite
Application: 3DPrint Lite
Date: Apr 08, 2025
Research Description: The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coating_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: Min -, max -.
Status: vulnerable