CVE-2022-3899

HIGH

3dprint < 3.5.6.9 - Cross-Site Request Forgery via Tiny File Manager

Title source: llm
STIX 2.1

Description

The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into submitting a form.

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/e3131e16-a0eb-4d26-b6d3-048fc1f1e9fa/

Scores

CVSS v3 8.1
EPSS 0.0040
EPSS Percentile 32.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (1)
3dprint_project/3dprint < 3.5.6.9
Published Jan 16, 2024
Tracked Since Feb 18, 2026