The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
Metrics
Affected Vendors & Products
References
History
Fri, 06 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wp3dprinting
Wp3dprinting 3dprint Lite |
|
Weaknesses | CWE-352 | |
CPEs | cpe:2.3:a:wp3dprinting:3dprint_lite:-:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Wp3dprinting
Wp3dprinting 3dprint Lite |
|
Metrics |
cvssV3_1
|
Fri, 06 Dec 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | |
Title | 3DPrint Lite < 2.1 - Settings Update via CSRF | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-12-06T06:00:07.090Z
Updated: 2024-12-06T16:03:29.448Z
Reserved: 2024-10-28T18:48:05.994Z
Link: CVE-2024-10480
Vulnrichment
Updated: 2024-12-06T16:02:11.887Z
NVD
Status : Received
Published: 2024-12-06T06:15:19.270
Modified: 2024-12-06T16:15:19.917
Link: CVE-2024-10480
Redhat
No data.