CVE-2021-4436: 
WordPress vulnerability analysis and mitigation

The 3DPrint Lite WordPress plugin before version 1.9.1.5 contains a critical vulnerability (CVE-2021-4436) with a CVSS score of 9.8. The vulnerability was discovered in September 2021 and involves an unauthorized file upload issue in the plugin's p3dlite_handle_upload AJAX action. This security flaw allows unauthenticated users to upload arbitrary files to the web server, although access to uploaded files is partially mitigated by .htaccess restrictions on Apache servers (WPScan, NVD).

The vulnerability stems from the absence of proper authorization checks and file validation in the p3dlite_handle_upload AJAX action. The flaw is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). Attackers can exploit this vulnerability by sending a specially crafted POST request to /wp-admin/admin-ajax.php with a multipart/form-data content type, including the action parameter set to p3dlite_handle_upload and an arbitrary file upload (WPScan).

The vulnerability allows attackers to upload malicious files to the web server, potentially leading to remote code execution. Recent reports indicate that threat actors are actively exploiting this vulnerability to deploy the Godzilla web shell, which provides persistent remote access to compromised websites (Hacker News, GB Hackers).

Website administrators are strongly advised to update the 3DPrint Lite plugin to version 1.9.1.5 or later immediately. While .htaccess restrictions provide some protection on Apache servers, this should not be relied upon as the sole security measure (NVD).

The cybersecurity community has expressed significant concern about this vulnerability, particularly due to its active exploitation in deploying the Godzilla Web Shell. Security researchers and experts are actively monitoring the situation and working on developing countermeasures to address this emerging threat (GB Hackers).