CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3427 – 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'infill_text'
https://notcve.org/view.php?id=CVE-2025-3427
07 Apr 2025 — The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infill_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://www.wordfence.com/threat-intel/vulnerabilities/id/156945e1-80dc-4fb4-958f-bb87722e96fb?source=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3428 – 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'coating_text'
https://notcve.org/view.php?id=CVE-2025-3428
07 Apr 2025 — The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coating_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://www.wordfence.com/threat-intel/vulnerabilities/id/eaac2a61-7be6-4936-82a0-21c3665fa436?source=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3429 – 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'material_text'
https://notcve.org/view.php?id=CVE-2025-3429
07 Apr 2025 — The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'material_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://www.wordfence.com/threat-intel/vulnerabilities/id/3cf26716-70b6-4e5e-9ac1-764060be2215?source=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3430 – 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'printer_text'
https://notcve.org/view.php?id=CVE-2025-3430
07 Apr 2025 — The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printer_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://www.wordfence.com/threat-intel/vulnerabilities/id/718f5cf2-ca83-4981-9123-4360d043a32d?source=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30865 – WordPress 3DPrint Lite plugin <= 2.1.3.5 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2025-30865
27 Mar 2025 — Cross-Site Request Forgery (CSRF) vulnerability in fuzzoid 3DPrint Lite allows Cross Site Request Forgery. This issue affects 3DPrint Lite: from n/a through 2.1.3.5. The 3DPrint Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an... • https://patchstack.com/database/wordpress/plugin/3dprint-lite/vulnerability/wordpress-3dprint-lite-plugin-2-1-3-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10480 – 3DPrint Lite < 2.1 - Settings Update via CSRF
https://notcve.org/view.php?id=CVE-2024-10480
15 Nov 2024 — The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. The 3DPrint Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9.9. This is due to missing or incorrect nonce validation on the 'p3dlite_settings' action. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged reques... • https://wpscan.com/vulnerability/725ac766-c849-49d6-a968-58fcc2e134c8 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 70%CPEs: 1EXPL: 1CVE-2021-4436 – 3DPrint Lite < 1.9.1.5 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2021-4436
23 Sep 2021 — The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache. El complemento 3DPrint Lite de WordPress anterior a 1.9.1.5 no tiene ninguna autorización y no verifica el archivo cargado en su acción p3dlite_handle_upload AJAX, lo que permite ... • https://wpscan.com/vulnerability/c46ecd0d-a132-4ad6-b936-8acde3a09282 • CWE-434: Unrestricted Upload of File with Dangerous Type •