CVE-2024-10480 – 3DPrint Lite < 2.1 - Settings Update via CSRF

https://notcve.org/view.php?id=CVE-2024-10480

15 Nov 2024 — The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. The 3DPrint Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9.9. This is due to missing or incorrect nonce validation on the 'p3dlite_settings' action. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged reques... • https://wpscan.com/vulnerability/725ac766-c849-49d6-a968-58fcc2e134c8 • CWE-352: Cross-Site Request Forgery (CSRF) •