Does Press3D have any unpatched vulnerabilities?

Yes — Press3D currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Press3D compatible with WordPress 6.9.4?

According to WordPress.org data, Press3D 1.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Press3D compatible with PHP 7.4+?

Press3D requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Press3D updated?

Press3D was last updated on Feb 14, 2026. Frequent updates are generally a positive security signal.

What is Press3D's security score?

Press3D has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Press3D Security & Risk Analysis

wordpress.org/plugins/press3d

Display interactive 3D models (STL, OBJ, GLB, GLTF) with Gutenberg blocks and shortcodes.

10 active installs v1.1.0 PHP 7.4+ WP 6.6+ Updated Feb 14, 2026

obj3d3d-viewergltfstl

B · Generally Safe

CVEs total1

Unpatched1

Last CVEFeb 13, 2026

Download

Safety Verdict

Is Press3D Safe to Use in 2026?

Mostly Safe

Score 78/100

Press3D is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Feb 13, 2026Updated 1mo ago

Risk Assessment

The "press3d" plugin v1.1.0 exhibits a generally strong security posture based on the static analysis. The absence of any identified dangerous functions, unsanitized taint flows, or raw SQL queries is commendable. Furthermore, the high percentage of properly escaped output and the presence of capability checks indicate good coding practices for preventing common web vulnerabilities.

However, a significant concern arises from the plugin's vulnerability history. The presence of one known medium severity CVE, specifically related to Cross-Site Scripting, that remains unpatched is a critical security risk. While the static analysis did not reveal any immediate exploitable flaws in the current version's code, the past vulnerability suggests a potential for recurring security weaknesses. The lack of nonce checks across entry points, while not a direct finding in the static analysis for this specific version, is a general best practice that is absent here and could be a contributing factor to past vulnerabilities.

In conclusion, while "press3d" v1.1.0 benefits from robust static analysis results with minimal immediate code-level threats, the unpatched historical vulnerability significantly detracts from its overall security. The developer needs to prioritize addressing this known CVE. The absence of nonce checks on any entry points, though not explicitly flagged as a direct risk in this analysis, is a best practice that should be implemented to enhance defense-in-depth.

Key Concerns

Unpatched CVE (Medium severity)
No nonce checks on entry points

Vulnerabilities

Press3D Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-1985medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Press3D <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block

Feb 13, 2026Unpatched

Code Analysis

Analyzed Mar 16, 2026

Press3D Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

65 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped66 total outputs

Attack Surface

Press3D Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionadmin_noticespress3d.php:20

actionadmin_initpress3d.php:23

actionadmin_noticespress3d.php:31

actionadmin_initpress3d.php:34

actionadmin_noticessrc\Plugin.php:105

Maintenance & Trust

Press3D Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 14, 2026

PHP min version7.4

Downloads211

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Press3D Alternatives

Easy 3D Viewer

woo-3d-viewer

Easy to use WordPress/WooCommerce product 3D viewer.

1K 1 CVE

3D Viewer – glb/gltf Viewer by WPSE

advanced-3d-model-viewer

100

Embed and interact with 3D models in your WordPress content using a block, shortcode, or custom post type.

40 No CVEs

3D Webviewer by Arty

3d-webviewer-by-arty

3D model web viewer by Arty.

10 No CVEs

Wingstech 3D Product Viewer Interactive

wingstech-3d-product-viewer-interactive

100

Display interactive 3D models and AR (Augmented Reality) experiences directly on your WordPress site.

0 No CVEs

3D Viewer Block – Interactive 3D Model Display

3d-viewer-block

100

Embed 3D models. Display interactive 3D models within a few clicks using the Gutenberg Editor.

900 No CVEs

Developer Profile

Press3D Developer Profile

arieslab

1 plugin · 10 total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Press3D

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/press3d/assets/dist/vendors.js/wp-content/plugins/press3d/assets/dist/common.js/wp-content/plugins/press3d/assets/dist/admin.js/wp-content/plugins/press3d/assets/dist/admin/settings.css/wp-content/plugins/press3d/assets/dist/admin.css

Script Paths

/wp-content/plugins/press3d/assets/dist/vendors.js/wp-content/plugins/press3d/assets/dist/common.js/wp-content/plugins/press3d/assets/dist/admin.js

Version Parameters

press3d/vendors.js?ver=press3d/common.js?ver=press3d/admin.js?ver=press3d/admin.css?ver=press3d/admin/settings.css?ver=

HTML / DOM Fingerprints

CSS Classes

press3d-color-picker

Data Attributes

data-press3d

JS Globals

Press3D

FAQ