WP-Safety

3D Scan & Show: Product Viewer Security & Risk Analysis

wordpress.org/plugins/3d-scan-and-show

Show your products and spaces in 3D. No code needed.

0 active installs v0.6.0 PHP 7.4+ WP 6.0+ Updated Dec 31, 2025
360-product-view3d-model-viewermodel-viewer
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is 3D Scan & Show: Product Viewer Safe to Use in 2026?

Generally Safe

Score 100/100

3D Scan & Show: Product Viewer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The plugin '3d-scan-and-show' version 0.6.0 exhibits a mixed security posture. On the positive side, there are no recorded vulnerabilities (CVEs) in its history, and the static analysis reveals no dangerous functions, critical or high severity taint flows, and a high percentage of properly escaped output. This suggests a level of developer awareness regarding common web vulnerabilities. However, significant concerns arise from the substantial attack surface exposed without adequate permission checks. Specifically, 12 out of 18 REST API routes lack permission callbacks, presenting a clear opportunity for unauthorized access or data manipulation if these endpoints handle sensitive operations or data. The absence of nonce checks on AJAX handlers, while there are no AJAX handlers in this version, is a potential future risk if AJAX functionality is added later without proper security. The 2 file operations and 12 external HTTP requests also warrant careful scrutiny in a deeper audit to ensure they are handled securely and do not introduce additional vulnerabilities.

Key Concerns

  • REST API routes without permission callbacks
  • Lack of nonce checks on AJAX handlers
  • SQL queries not using prepared statements
  • File operations present
  • External HTTP requests present
Vulnerabilities
None known

3D Scan & Show: Product Viewer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

3D Scan & Show: Product Viewer Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
6 prepared
Unescaped Output
1
10 escaped
Nonce Checks
0
Capability Checks
6
File Operations
2
External Requests
12
Bundled Libraries
0

SQL Query Safety

55% prepared11 total queries

Output Escaping

91% escaped11 total outputs
Attack Surface
12 unprotected

3D Scan & Show: Product Viewer Attack Surface

Entry Points18
Unprotected12

REST API Routes 18

POST/wp-json/3d-scan-and-show/v1/auth/login3d-scan-and-show.php:388
GET/wp-json/3d-scan-and-show/v1/connection3d-scan-and-show.php:415
GET/wp-json/3d-scan-and-show/v1/quota3d-scan-and-show.php:421
GET/wp-json/3d-scan-and-show/v1/products3d-scan-and-show.php:427
GET/wp-json/3d-scan-and-show/v1/categories3d-scan-and-show.php:433
GET/wp-json/3d-scan-and-show/v1/product-link-url3d-scan-and-show.php:439
GET/wp-json/3d-scan-and-show/v1/linked-items3d-scan-and-show.php:468
GET/wp-json/3d-scan-and-show/v1/iframe-url3d-scan-and-show.php:474
GET/wp-json/3d-scan-and-show/v1/all-items3d-scan-and-show.php:503
GET/wp-json/3d-scan-and-show/v1/rooms3d-scan-and-show.php:521
POST/wp-json/3d-scan-and-show/v1/item/(?P<id>[a-zA-Z0-9\-]+)/embed3d-scan-and-show.php:542
POST/wp-json/3d-scan-and-show/v1/room/(?P<id>[a-zA-Z0-9\-]+)/embed3d-scan-and-show.php:564
POST/wp-json/3d-scan-and-show/v1/page-item-link3d-scan-and-show.php:586
GET/wp-json/3d-scan-and-show/v1/page-item-link/(?P<page_id>\d+)3d-scan-and-show.php:619
DELETE/wp-json/3d-scan-and-show/v1/page-item-link/(?P<page_id>\d+)3d-scan-and-show.php:646
GET/wp-json/3d-scan-and-show/v1/page-iframe-url3d-scan-and-show.php:667
POST/wp-json/3d-scan-and-show/v1/remove-connection3d-scan-and-show.php:694
POST/wp-json/3d-scan-and-show/v1/feedback3d-scan-and-show.php:714
WordPress Hooks 10
actioninit3d-scan-and-show.php:36
actionrest_api_init3d-scan-and-show.php:37
filterblock_categories_all3d-scan-and-show.php:38
filterplugin_row_meta3d-scan-and-show.php:39
actionadmin_menu3d-scan-and-show.php:42
actionadmin_enqueue_scripts3d-scan-and-show.php:43
actionadmin_enqueue_scripts3d-scan-and-show.php:44
actionadmin_notices3d-scan-and-show.php:45
actionadmin_enqueue_scriptsincludes\class-deactivation.php:21
actionadmin_footer-plugins.phpincludes\class-deactivation.php:22
Maintenance & Trust

3D Scan & Show: Product Viewer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 31, 2025
PHP min version7.4
Downloads334

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

3D Scan & Show: Product Viewer Alternatives

3D Viewer – Display Interactive 3D Models

3D Viewer – Display Interactive 3D Models

3d-viewer

A
100

3D Viewer lets you embed interactive 3D models and 360 product views on WordPress sites with support for GLB, GLTF, OBJ, STL, FBX, DAE, and BIM.

10K No CVEs
Easy 3d Model Viewer

Easy 3d Model Viewer

easy-3d-model-viewer

A
100

Interactive 3D model viewer with hotspots/markers, tooltips, animations, environment maps and realistic lighting.

80 No CVEs
3D Product Viewer & WebAR for WooCommerce

3D Product Viewer & WebAR for WooCommerce

wc-product-3d-viewer

A
85

The Viraview plugin allows your Woocommerce powered webshop to display your products in 3D & WebAR for PC, Android and Apple.

10 No CVEs
Emb3D Model Viewer

Emb3D Model Viewer

emb3d-model-viewer

A
85

A 3D model viewer for Elementor and WooCommerce

100 No CVEs
Kento 3D Model Viewer

Kento 3D Model Viewer

kento-3d-model-viewer

A
85

Display 3D model on wordPress page, post, or custom page, 3D model rotate, zooming enabled.

100 No CVEs
Developer Profile

3D Scan & Show: Product Viewer Developer Profile

scantheworld

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect 3D Scan & Show: Product Viewer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/3d-scan-and-show/admin/css/menu-icon.css/wp-content/plugins/3d-scan-and-show/admin/js/menu-icon.js/wp-content/plugins/3d-scan-and-show/assets/favicon.svg/wp-content/plugins/3d-scan-and-show/admin/css/shared.css/wp-content/plugins/3d-scan-and-show/admin/css/dashboard.css/wp-content/plugins/3d-scan-and-show/admin/css/settings.css/wp-content/plugins/3d-scan-and-show/admin/css/landing.css/wp-content/plugins/3d-scan-and-show/admin/css/contact.css+2 more
Script Paths
/wp-content/plugins/3d-scan-and-show/admin/js/menu-icon.js/wp-content/plugins/3d-scan-and-show/build/index.js
Version Parameters
3d-scan-and-show/admin/css/menu-icon.css?ver=3d-scan-and-show/admin/js/menu-icon.js?ver=3d-scan-and-show/admin/css/shared.css?ver=3d-scan-and-show/admin/css/dashboard.css?ver=3d-scan-and-show/admin/css/settings.css?ver=3d-scan-and-show/admin/css/landing.css?ver=3d-scan-and-show/admin/css/contact.css?ver=3d-scan-and-show/build/index.js?ver=3d-scan-and-show/build/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
scanshow-menu-iconscanshow-sharedscanshow-dashboardscanshow-settingsscanshow-landingscanshow-contact
Data Attributes
data-block="scan-the-world/3d-scan-and-show-viewer"
JS Globals
scanshowMenuIconScanShowAdmin
REST Endpoints
/wp-json/scan-show/v1
Shortcode Output
[scan_show_product_viewer]
FAQ

Frequently Asked Questions about 3D Scan & Show: Product Viewer