CVE-2022-3899 in 3dprint Plugin
Summary
by MITRE • 01/16/2024
The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into submitting a form.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 06/02/2025
The vulnerability identified as CVE-2022-3899 affects the 3dprint WordPress plugin version 3.5.6.9 and earlier, presenting a critical cross-site request forgery weakness that undermines the security posture of affected systems. This flaw exists within a modified version of Tiny File Manager that is bundled with the plugin, creating a dangerous attack vector that leverages the trust relationship between authenticated administrators and the web application. The vulnerability stems from the absence of proper CSRF protection mechanisms in the file management functionality, which allows malicious actors to exploit the trust relationship to execute unauthorized operations on behalf of legitimate users.
The technical implementation of this vulnerability involves the absence of anti-CSRF tokens or other validation mechanisms within the file manager's form submissions. When an administrator navigates to a page containing the vulnerable file manager interface and subsequently visits a malicious website or receives a crafted email with embedded attack vectors, the attacker can construct a malicious request that appears legitimate to the WordPress application. This request can target the file manager's delete functionality, enabling the attacker to remove arbitrary files or directories from the server without proper authorization. The vulnerability specifically impacts the modified Tiny File Manager component that is integrated into the 3dprint plugin, making it distinct from standard WordPress security mechanisms that typically protect against such attacks.
The operational impact of this vulnerability is severe and multifaceted, as it provides attackers with the capability to cause significant disruption and potential data loss within affected environments. An attacker who successfully exploits this vulnerability can delete critical files including plugin files, theme files, user uploads, or even core WordPress files that could result in complete system compromise or service disruption. The attack requires only that a logged-in administrator visit a malicious page, making it particularly dangerous in environments where administrators frequently browse untrusted websites or receive phishing emails. This vulnerability directly violates the principle of least privilege and can be exploited to escalate attacks beyond simple file deletion, potentially leading to full system compromise through the removal of critical application components.
Organizations affected by this vulnerability should immediately update to version 3.5.6.9 or later of the 3dprint plugin to remediate the CSRF protection gap in the bundled Tiny File Manager. The mitigation strategy should also include monitoring for suspicious file deletion activities and implementing additional security controls such as web application firewalls that can detect and block malicious CSRF requests. Security teams should conduct comprehensive audits of all WordPress installations to identify other plugins that may contain similar vulnerabilities in third-party file management components. This vulnerability aligns with CWE-352, which specifically addresses Cross-Site Request Forgery, and represents a clear violation of the principle of secure authentication and authorization. From an ATT&CK framework perspective, this vulnerability maps to techniques involving privilege escalation and persistence through file manipulation, as attackers can use the deleted files to establish footholds or remove security controls. The remediation process should also include educating administrators about the risks of visiting untrusted websites and the importance of maintaining current software versions to prevent exploitation of known vulnerabilities.