Lucene search

WPScanCVE-2022-3899

HistoryJan 16, 2024 - 4:15 p.m.

CVE-2022-3899

2024-01-1616:15:10

CWE-352

WPScan

web.nvd.nist.gov

cve-2022-3899

3dprint wordpress plugin

csrf attack

tiny file manager

security vulnerability

nvd

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

17.8%

JSON

The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into submitting a form.

Affected configurations

Nvd

Vulners

Node

3dprint_project3dprintRange<3.5.6.9wordpress

VendorProductVersionCPE
3dprint_project3dprint*cpe:2.3:a:3dprint_project:3dprint:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
3dprint_project	3dprint	*	cpe:2.3:a:3dprint_project:3dprint::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "3dprint",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "3.5.6.9"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/e3131e16-a0eb-4d26-b6d3-048fc1f1e9fa/

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

17.8%

JSON

Related for CVE-2022-3899