CVE-2024-10480

The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://wpscan.com/vulnerability/725ac766-c849-49d6-a968-58fcc2e134c8/

Configurations

No configuration.

History

06 Dec 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-06 06:15

Updated : 2024-12-06 16:15

NVD link : CVE-2024-10480

Mitre link : CVE-2024-10480

CVE.ORG link : CVE-2024-10480

JSON object : View

Products Affected

No product.

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

4.3 /10