CVE-2026-1985

CVE-2026-1985 : Connected document identifies a concrete vulnerability in the WordPress Press3D plugin (versions

CVE-2026-1985 Press3D <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block

The Press3D plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 3D Model Gutenberg block in all versions up to, and including, 1.0.2. This is due to the plugin failing to sanitize and validate the URL scheme when storing link URLs for 3D model blocks, allowing javascript:...

WordPress Press3D plugin <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block vulnerability discovered by WordFence in WordPress Plugin Press3D versions = 1.0.2...

CVE-2024-1074

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'linkurl' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

U.S. Dept Of Defense: Cross-Site Scripting via 'return_link_url' parameter

A Cross-Site Scripting XSS vulnerability was discovered on a website. The vulnerability was found in the 'returnlinkurl' parameter, which allowed an attacker to inject malicious scripts that could be executed. Exploitation of this vulnerability could have led to consequences such as cookie theft...

PT-2024-16503 · WordPress · The Beaver Builder

Name of the Vulnerable Software and Affected Versions: The Beaver Builder – WordPress Page Builder plugin for WordPress versions up to, and including, 2.7.4.2 Description: The issue is related to Stored Cross-Site Scripting via the link url parameter in the audio widget, caused by insufficient...