CVE-2026-1985 Press3D <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block

The Press3D plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 3D Model Gutenberg block in all versions up to, and including, 1.0.2. This is due to the plugin failing to sanitize and validate the URL scheme when storing link URLs for 3D model blocks, allowing javascript:...

CVE-2026-1985

The Press3D plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 3D Model Gutenberg block in all versions up to, and including, 1.0.2. This is due to the plugin failing to sanitize and validate the URL scheme when storing link URLs for 3D model blocks, allowing javascript:...

CVE-2026-1985

CVE-2026-1985 pertains to the WordPress Press3D plugin up to version 1.0.2, where a vulnerability in the 3D Model Gutenberg block allows Stored Cross-Site Scripting via the link URL parameter. The root cause is inadequate sanitization/validation of the URL scheme when storing model block URLs, en...

WordPress Press3D plugin <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block vulnerability discovered by WordFence in WordPress Plugin Press3D versions = 1.0.2...