The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
History

Fri, 06 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Wp3dprinting
Wp3dprinting 3dprint Lite
Weaknesses CWE-352
CPEs cpe:2.3:a:wp3dprinting:3dprint_lite:-:*:*:*:*:wordpress:*:*
Vendors & Products Wp3dprinting
Wp3dprinting 3dprint Lite
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 06 Dec 2024 06:15:00 +0000

Type Values Removed Values Added
Description The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
Title 3DPrint Lite < 2.1 - Settings Update via CSRF
References

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-12-06T06:00:07.090Z

Updated: 2024-12-06T16:03:29.448Z

Reserved: 2024-10-28T18:48:05.994Z

Link: CVE-2024-10480

cve-icon Vulnrichment

Updated: 2024-12-06T16:02:11.887Z

cve-icon NVD

Status : Received

Published: 2024-12-06T06:15:19.270

Modified: 2024-12-06T16:15:19.917

Link: CVE-2024-10480

cve-icon Redhat

No data.