Press3D WordPress Plugin Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Press3D plugin for WordPress, affecting all versions up to and including 1.0.2. The issue arises from the plugin's failure to properly sanitize and validate the URL scheme when saving link URLs for 3D model blocks in the Gutenberg editor. This oversight allows authenticated attackers with Author-level access or higher to inject arbitrary web scripts via the link URL parameter. The injected scripts execute when a user clicks on the 3D model, potentially leading to the theft of cookies or other sensitive information.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the 3D model, violating the same-origin policy and potentially leading to cookie theft or other malicious actions.

Reproduction

To reproduce this vulnerability, an authenticated user with Author-level access or higher can create a 3D Model block using the Press3D WordPress plugin. When adding a link URL, the user can include a 'javascript:' URL. Once the block is saved and viewed, the injected script will execute.

Remediation

No known patch is available for this vulnerability. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.