3D Scene Viewer Security & Risk Analysis
wordpress.org/plugins/3d-scene-viewerDisplay a 3D model or an entire scene made of multiple 3D models onto your site.
Is 3D Scene Viewer Safe to Use in 2026?
Generally Safe
Score 100/1003D Scene Viewer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "3d-scene-viewer" plugin v1.1.1 exhibits a generally good security posture with no recorded CVEs and a focus on secure coding practices. The static analysis reveals that all SQL queries are properly prepared, all output is correctly escaped, and there are no direct file operations or external HTTP requests. The presence of a nonce check is also a positive indicator of security awareness.
However, a significant concern arises from the use of the `unserialize()` function, which is known to be a potent vector for remote code execution if used with untrusted input. While the static analysis doesn't explicitly show unsanitized taint flows or a large attack surface, the presence of this dangerous function without further context on its usage warrants caution. The absence of capability checks on any potential entry points (even though none are explicitly identified as unprotected) could also be a weakness if the plugin were to evolve and introduce new interaction methods.
Given the lack of historical vulnerabilities, it suggests that the developers have likely been diligent in addressing any past issues. The plugin's strengths lie in its robust handling of SQL and output, but the single identified dangerous function represents a potential blind spot. Overall, the plugin is in a decent state, but the `unserialize` function requires careful scrutiny to ensure it's not exposed to malicious data.
Key Concerns
- Use of unserialize() function
- No capability checks
3D Scene Viewer Security Vulnerabilities
3D Scene Viewer Code Analysis
Dangerous Functions Found
Output Escaping
3D Scene Viewer Attack Surface
WordPress Hooks 18
Maintenance & Trust
3D Scene Viewer Maintenance & Trust
Maintenance Signals
Community Trust
3D Scene Viewer Alternatives
3D Viewer – Display Interactive 3D Models
3d-viewer
3D Viewer lets you embed interactive 3D models and 360 product views on WordPress sites with support for GLB, GLTF, OBJ, STL, FBX, DAE, and BIM.
Threepress
threepress
3d model gallery uploader and viewer powered by three.js
Easy 3d Model Viewer
easy-3d-model-viewer
Interactive 3D model viewer with hotspots/markers, tooltips, animations, environment maps and realistic lighting.
3D Viewer Online
3dvieweronline-wp
An easy, realistic and customizable 3D Viewer to embed 3D models of your products/designs into your Wordpress/WooCommerce website (responsive layout)
3D Viewer – glb/gltf Viewer by WPSE
advanced-3d-model-viewer
Embed and interact with 3D models in your WordPress content using a block, shortcode, or custom post type.
3D Scene Viewer Developer Profile
2 plugins · 20 total installs
How We Detect 3D Scene Viewer
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/3d-scene-viewer/dist/css/style.css/wp-content/plugins/3d-scene-viewer/dist/js/main.js/wp-content/plugins/3d-scene-viewer/dist/js/vendors.js/wp-content/plugins/3d-scene-viewer/dist/css/style.css?ver=/wp-content/plugins/3d-scene-viewer/dist/js/main.js?ver=/wp-content/plugins/3d-scene-viewer/dist/js/vendors.js?ver=HTML / DOM Fingerprints
scene3d-modal-wrapperscene3d-modal-headerscene3d-modal-bodyscene3d-modal-closescene3d-modal-contentscene3d-modal-overlayscene3d-preview-settingsscene3d-btn+19 more<!-- BEGIN WordPress Backend Integration --><!-- BEGIN Content For Clipboard --><!-- END Content For Clipboard --><!-- BEGIN 3D Model Upload -->+9 moredata-scene3d-iddata-modal-titledata-modal-content-urldata-scene3d-modaldata-scene3d-clipboard-targetdata-scene3d-tooltip+5 moreScene3d/wp-json/scene3d/v1/scene/[scene3d]