Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2021-4436
HistoryFeb 05, 2024 - 9:02 a.m.

CVE-2021-4436 3DPrint Lite < 1.9.1.5 - Unauthenticated Arbitrary File Upload

2024-02-0509:02:44
WPScan
www.cve.org
3dprint lite
wordpress
plugin
cve-2021-4436
unauthenticated
file upload
.htaccess
apache

9.7 High

AI Score

Confidence

High

0.188 Low

EPSS

Percentile

96.3%

JSON

The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "3DPrint Lite",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "1.9.1.5"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Related

nuclei 1
cve 1
thn 1
nvd 1
prion 1
nuclei
nuclei
3DPrint Lite < 1.9.1.5 - Arbitrary File Upload
2024-06-24 13:55:44
cve
cve
CVE-2021-4436
2024-02-05 09:15:43
thn
thn
Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks
2024-03-07 13:45:00
nvd
nvd
CVE-2021-4436
2024-02-05 09:15:43
prion
prion
Design/Logic Flaw
2024-02-05 09:15:00

9.7 High

AI Score

Confidence

High

0.188 Low

EPSS

Percentile

96.3%

JSON
Related for CVELIST:CVE-2021-4436
nuclei1cve1thn1nvd1prion1