CSRF Flaw in Popular WordPress Plugin Exposes Administrative Settings
CVE-2024-10480

Currently unrated

Key Information:

Vendor: Wordpress
Status: 3dprint Lite
Vendor: CVE Published:; 6 December 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

CVE-2024-10480 is a critical Cross-Site Request Forgery (CSRF) vulnerability affecting the 3DPrint Lite WordPress plugin prior to version 2.1. This flaw allows malicious actors to leverage a CSRF attack to manipulate configuration settings without the owner’s consent, provided they are logged in as an administrator. The absence of adequate CSRF verification makes it possible for attackers to exploit this security gap, potentially leading to unauthorized changes that could compromise the security of the WordPress site.

Affected Version(s)

3DPrint Lite 0 < 2.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-10480 - Proof of Concept

References

https://wpscan.com/vulnerability/725ac766-c849-49d6-a968-...

exploitvdb-entrytechnical-description

Timeline

🟡
Public PoC available
Dec 6, 2024
👾
Exploit known to exist
Dec 6, 2024
Vulnerability published
Dec 6, 2024
Vulnerability Reserved
Oct 28, 2024

Credit

Vuln Seeker Cybersecurity Team

WPScan