CVE-2021-4436
Last modified
CVE-2021-4436 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache.. EPSS estimates a 6.70% chance of exploitation in the next 30 days.
Description
The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Wp3dprinting | 3dprint Lite | < 1.9.1.5 |
References
- https://wpscan.com/vulnerability/c46ecd0d-a132-4ad6-b936-8acde3a09282/Exploit, Third Party Advisory
- https://wpscan.com/vulnerability/c46ecd0d-a132-4ad6-b936-8acde3a09282/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-4436?
How severe is CVE-2021-4436?
How do I fix CVE-2021-4436?
Are you affected by CVE-2021-4436?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST