CVE-2021-4436

nvd nist nuclei

Published: Feb 5, 2024Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache.

Affected (1)

Products: Wp3dprinting: 3dprint Lite

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wp3dprinting 3dprint Lite	Before 1.9.1.5

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://wpscan.com/vulnerability/c46ecd0d-a132-4ad6-b936-8acde3a09282/

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/c46ecd0d-a132-4ad6-b936-8acde3a09282/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.