CVE-2022-3899 – This CSRF vulnerability in the 3dprint WordPres... (How to Fix)

Q: What is the severity of CVE-2022-3899?

CVE-2022-3899 has a CVSS score of 8.1 (HIGH). This CSRF vulnerability in the 3dprint WordPress plugin allows attackers to delete arbitrary files and directories on the server by tricking an authenticated admin into submitting a malicious form. The vulnerability exists in the modified Tiny File Manager component included with the plugin. WordPress sites using vulnerable versions of the 3dprint plugin are affected.

📋 TL;DR

This CSRF vulnerability in the 3dprint WordPress plugin allows attackers to delete arbitrary files and directories on the server by tricking an authenticated admin into submitting a malicious form. The vulnerability exists in the modified Tiny File Manager component included with the plugin. WordPress sites using vulnerable versions of the 3dprint plugin are affected.

💻 Affected Systems

Products:

3dprint WordPress plugin

Versions: Versions before 3.5.6.9

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the plugin to be installed and activated on a WordPress site. The vulnerability is in the modified Tiny File Manager component bundled with the plugin.

📦 What is this software?

3dprint by 3dprint Project

View all CVEs affecting 3dprint →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through deletion of critical system files, leading to website defacement, data loss, or service disruption.

🟠

Likely Case

Selective deletion of website files causing broken functionality, content loss, or partial site compromise.

🟢

If Mitigated

No impact if CSRF protections are properly implemented or the vulnerable component is disabled.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires social engineering to trick an authenticated admin into clicking a malicious link or visiting a crafted page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.6.9

Vendor Advisory: https://wpscan.com/vulnerability/e3131e16-a0eb-4d26-b6d3-048fc1f1e9fa/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find '3dprint' plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 3.5.6.9+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable the plugin

all

Temporarily deactivate the 3dprint plugin until patched.

wp plugin deactivate 3dprint

Implement CSRF protection

all

Add CSRF tokens to forms or use WordPress nonce system for the affected file manager component.

🧯 If You Can't Patch

Restrict admin access to trusted networks only
Implement web application firewall rules to block suspicious file deletion requests

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for 3dprint plugin version.

Check Version:

wp plugin get 3dprint --field=version

Verify Fix Applied:

Confirm plugin version is 3.5.6.9 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

Unusual file deletion patterns in web server logs
POST requests to 3dprint plugin file manager endpoints without referrer headers

Network Indicators:

HTTP requests containing file deletion parameters targeting the 3dprint plugin

SIEM Query:

source="web_logs" AND uri="*3dprint*" AND (method="POST" OR params="*delete*")

📊 Metadata

CVE ID: CVE-2022-3899

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE: CWE-352

Published: January 16, 2024

Last Updated: June 2, 2025

🔗 References

https://wpscan.com/vulnerability/e3131e16-a0eb-4d26-b6d3-048fc1f1e9fa/ Exploit,Third Party Advisory
https://wpscan.com/vulnerability/e3131e16-a0eb-4d26-b6d3-048fc1f1e9fa/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-3899, you might also want to check these: