CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10480 – 3DPrint Lite < 2.1 - Settings Update via CSRF
https://notcve.org/view.php?id=CVE-2024-10480
15 Nov 2024 — The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. The 3DPrint Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9.9. This is due to missing or incorrect nonce validation on the 'p3dlite_settings' action. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged reques... • https://wpscan.com/vulnerability/725ac766-c849-49d6-a968-58fcc2e134c8 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2021-4436 – 3DPrint Lite < 1.9.1.5 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2021-4436
23 Sep 2021 — The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache. El complemento 3DPrint Lite de WordPress anterior a 1.9.1.5 no tiene ninguna autorización y no verifica el archivo cargado en su acción p3dlite_handle_upload AJAX, lo que permite ... • https://wpscan.com/vulnerability/c46ecd0d-a132-4ad6-b936-8acde3a09282 • CWE-434: Unrestricted Upload of File with Dangerous Type •