CVE-2025-3430 – The 3DPrint Lite WordPress plugin contains an S... (How to Fix)

📋 TL;DR

The 3DPrint Lite WordPress plugin contains an SQL injection vulnerability in the 'printer_text' parameter that allows unauthenticated attackers to execute arbitrary SQL queries. This can lead to extraction of sensitive data from the database. All WordPress sites using 3DPrint Lite version 2.1.3.6 or earlier are affected.

💻 Affected Systems

Products:

3DPrint Lite WordPress Plugin

Versions: All versions up to and including 2.1.3.6

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the plugin to be installed and active on a WordPress site.

📦 What is this software?

3dprint Lite by Wp3dprinting

View all CVEs affecting 3dprint Lite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including admin credentials, user data, and plugin/WordPress configuration information leading to full site takeover.

🟠

Likely Case

Extraction of sensitive data like user credentials, personal information, or plugin-specific data stored in the database.

🟢

If Mitigated

Limited impact with proper input validation and query parameterization in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are commonly weaponized and this one requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.3.7 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3249784%403dprint-lite&new=3249784%403dprint-lite&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 3DPrint Lite and click 'Update Now'
4. Alternatively, download latest version from WordPress plugin repository and manually update

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate 3dprint-lite

Web Application Firewall

all

Implement WAF rules to block SQL injection attempts

🧯 If You Can't Patch

Implement strict input validation for all user-supplied parameters
Deploy web application firewall with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → 3DPrint Lite version. If version is 2.1.3.6 or earlier, you are vulnerable.

Check Version:

wp plugin get 3dprint-lite --field=version

Verify Fix Applied:

After updating, verify plugin version shows 2.1.3.7 or later in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in WordPress debug logs
Multiple requests to 3DPrint Lite endpoints with SQL-like payloads

Network Indicators:

HTTP requests containing SQL injection patterns targeting printer_text parameter

SIEM Query:

source="wordpress.log" AND "printer_text" AND ("UNION" OR "SELECT" OR "INSERT" OR "DELETE")

📊 Metadata

CVE ID: CVE-2025-3430

CVSS v3 Score: 4.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

EPSS Score: 0.3% exploit probability (52.8th percentile)

Published: April 8, 2025

Last Updated: July 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3430, you might also want to check these: