WordPress Plugin Vulnerabilities

3DPrint Lite < 1.9.1.5 - Unauthenticated Arbitrary File Upload

Description

The plugin does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache.

Proof of Concept

Affects Plugins

Plugin icon
3dprint-lite
Fixed in 1.9.1.5

References

CVE
CVE-2021-4436
Exploitdb
50321

Miscellaneous

Original Researcher
Spacehen
Verified
Yes
WPVDB ID
c46ecd0d-a132-4ad6-b936-8acde3a09282

Timeline

Publicly Published
2021-09-23 (about 4 years ago)
Added
2021-09-23 (about 4 years ago)
Last Updated
2024-02-05 (about 1 year ago)

Other

Published
Title
Published
2015-01-23
Title
WordPress File Upload < 2.5.0 - PHP File Upload
Published
2023-11-14
Title
Slider Revolution < 6.6.16 - Authenticated (Author+) Arbitrary File Upload
Published
2014-08-01
Title
felici - Custom Background Shell Upload
Published
2015-07-10
Title
MailCWP 1.100 - Unauthenticated Arbitrary File Upload
Published
2024-10-21
Title
Portfolleo <= 1.2 - Authenticated (Subscriber+) Arbitrary File Upload