The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode.
8.8CVSS
8.6AI Score
0.001EPSS
The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode.
5.3CVSS
5.6AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maurice Spin 360 deg and 3D Model Viewer allows Stored XSS.This issue affects Spin 360 deg and 3D Model Viewer: from n/a through 1.2.7.
6.5CVSS
9.1AI Score
0.0004EPSS