cleantalk
Vulnerabilities and Security Researches

3DPrint Lite, CVE-2021-4436

CVE, Research URL

CVE-2021-4436

Home page URL

Security reports for 3DPrint Lite

Application

3DPrint Lite

Published on
Feb 05, 2024
Research Description
The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache.
Affected versions
Min -, max 1.9.1.5.
Status
vulnerable
Previous vulnerability researches
3DPrint Lite (CVE-2025-3428) , Apr 09, 2025
3DPrint Lite (CVE-2021-4436) , Jun 07, 2024
3DPrint Lite (5b8b12945feaea339b5f2265c01dcbf3ef041992) , Jun 07, 2024
3DPrint Lite (CVE-2024-10480) , Dec 07, 2024
3DPrint Lite (CVE-2025-30865) , Apr 02, 2025
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025