CVE-2022-3899

Published: Jan 16, 2024Modified: Jun 17, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into submitting a form.

Affected (1)

Products: 3dprint Project: 3dprint

3dprint Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
3dprint Project 3dprint	Before 3.5.6.9

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://wpscan.com/vulnerability/e3131e16-a0eb-4d26-b6d3-048fc1f1e9fa/

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/e3131e16-a0eb-4d26-b6d3-048fc1f1e9fa/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.