← Back

Wp3dprinting

wp3dprinting

6 CVEs • 1 product

Products (1)

Click to collapse
Toggle
3dprint Lite
3dprint_lite
6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-3430
1Wp3dprinting
13dprint Lite
Jul 10, 2025
Apr 8, 2025
N/A· v4
4.9 MEDIUM· v3
N/A· v2
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printer_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of...Show more
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printer_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.Show less
CVE-2025-3429
1Wp3dprinting
13dprint Lite
Jul 10, 2025
Apr 8, 2025
N/A· v4
4.9 MEDIUM· v3
N/A· v2
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'material_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of...Show more
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'material_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.Show less
CVE-2025-3428
1Wp3dprinting
13dprint Lite
Jul 10, 2025
Apr 8, 2025
N/A· v4
4.9 MEDIUM· v3
N/A· v2
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coating_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of...Show more
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coating_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.Show less
CVE-2025-3427
1Wp3dprinting
13dprint Lite
Jul 10, 2025
Apr 8, 2025
N/A· v4
4.9 MEDIUM· v3
N/A· v2
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infill_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of s...Show more
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infill_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.Show less
CVE-2024-10480
1Wp3dprinting
13dprint Lite
Jun 17, 2026
Dec 6, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
CVE-2021-4436
1Wp3dprinting
13dprint Lite
Jun 17, 2026
Feb 5, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to...Show more
The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache.Show less