CVE-2025-3428

Name of the Vulnerable Software and Affected Versions: 3DPrint Lite plugin for WordPress versions up to, and including, 2.1.3.6

Description: The issue allows unauthenticated attackers to perform SQL Injection via the coating text parameter due to insufficient escaping of user-supplied input and lack of preparation in the existing SQL query. This enables attackers to append additional SQL queries to existing ones, potentially extracting sensitive information from the database.

Recommendations: For versions up to, and including, 2.1.3.6, consider disabling the coating text parameter until a patch is available to prevent SQL Injection attacks. Restrict access to sensitive database information to minimize the risk of exploitation. Avoid using the coating text parameter in SQL queries until the issue is resolved.