Executive Summary

The Press3D plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 3D Model Gutenberg block in all versions up to and including 1.0.2.

This vulnerability occurs because the plugin fails to sanitize and validate the URL scheme when storing link URLs for 3D model blocks, allowing URLs with the "javascript:" scheme.

As a result, authenticated attackers with Author-level access or higher can inject arbitrary web scripts into pages through the link URL parameter. These scripts execute whenever a user clicks on the 3D model.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow attackers with Author-level access or above to inject malicious scripts into your WordPress site.

When users interact with the affected 3D model blocks by clicking on them, the injected scripts will execute, potentially leading to unauthorized actions such as stealing user credentials, session hijacking, or performing actions on behalf of users.

Because the vulnerability is a Stored Cross-Site Scripting issue, the malicious code persists on the site and affects all users who interact with the compromised content.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

The vulnerability involves the Press3D WordPress plugin versions up to 1.0.2 allowing stored Cross-Site Scripting via the 3D Model Gutenberg block by accepting unsafe javascript: URLs in link URL parameters.

Detection can focus on identifying if the vulnerable Press3D plugin version is installed and if any 3D model blocks contain link URLs with javascript: schemes.

• Check the WordPress plugins directory or admin dashboard to confirm if Press3D plugin version 1.0.2 or earlier is active.
• Search the WordPress database for posts or pages containing 3D Model Gutenberg blocks with link URLs starting with "javascript:".
• Example SQL command to find suspicious URLs in post content (adjust table prefix as needed): SELECT ID, post_title FROM wp_posts WHERE post_content LIKE '%javascript:%';
• Use WP-CLI to search for such content: wp post list --post_type=page,post --field=ID | xargs -I % wp post get % --field=post_content | grep -i 'javascript:'

Network detection is less direct since this is a stored XSS triggered by user interaction, but monitoring HTTP requests or logs for suspicious payloads or unexpected javascript: URLs in 3D model blocks could help.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include:

• Update the Press3D plugin to a version later than 1.0.2 where the vulnerability is fixed, if such a version is available.
• If an update is not available, disable or deactivate the Press3D plugin to prevent exploitation.
• Manually sanitize or remove any 3D Model Gutenberg blocks containing link URLs with javascript: schemes from your WordPress content.
• Implement or enforce URL sanitization using WordPress functions like esc_url() when outputting URLs to prevent unsafe protocols.
• Restrict author-level users from adding or editing 3D Model blocks until the vulnerability is resolved.

These steps reduce the risk of stored XSS attacks by preventing injection or execution of malicious scripts via the vulnerable plugin.

Useful 0 Not Useful 0