Does 3D WP Tag Cloud-M have any unpatched vulnerabilities?

No. All known vulnerabilities in 3D WP Tag Cloud-M have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is 3D WP Tag Cloud-M compatible with WordPress 4.9.29?

According to WordPress.org data, 3D WP Tag Cloud-M 3.2.7 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is 3D WP Tag Cloud-M updated?

3D WP Tag Cloud-M was last updated on Jan 17, 2018. Frequent updates are generally a positive security signal.

What is 3D WP Tag Cloud-M's security score?

3D WP Tag Cloud-M has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

3D WP Tag Cloud-M Security & Risk Analysis

wordpress.org/plugins/3d-wp-tag-cloud-m

3D WP Tag Cloud-M creates multiple 3D tag clouds widget.

10 active installs v3.2.7 PHP + WP 4.8+ Updated Jan 17, 2018

3dhtml5shortcodetag-cloudwidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is 3D WP Tag Cloud-M Safe to Use in 2026?

Generally Safe

Score 85/100

3D WP Tag Cloud-M has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The '3d-wp-tag-cloud-m' plugin v3.2.7 presents a mixed security posture. While it exhibits good practices such as using prepared statements for all SQL queries and having a very limited attack surface with no unprotected entry points, significant concerns arise from its output escaping and file operation handling. The complete lack of output escaping for 2411 identified outputs is a critical flaw, exposing the plugin to potential Cross-Site Scripting (XSS) vulnerabilities. Additionally, a single file operation, combined with a taint flow indicating an unsanitized path, raises red flags for potential path traversal or arbitrary file manipulation vulnerabilities. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive indicator. However, this does not negate the identified risks within the code itself. Overall, the lack of output escaping and the concerning file operation/taint flow represent substantial security weaknesses that need immediate attention, overshadowing the plugin's strengths in other areas.

Key Concerns

No output escaping detected
Unsanitized path in taint flow
File operation without clear context
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

3D WP Tag Cloud-M Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

3D WP Tag Cloud-M Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2410

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped2411 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<m.CP> (m.CP.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3D WP Tag Cloud-M Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[tc-m] 3D.WP.Tag.Cloud.M.php:22

WordPress Hooks 3

actionadmin_notices3D.WP.Tag.Cloud.M.php:1374

actionwidgets_init3D.WP.Tag.Cloud.M.php:1380

filterpre_option_link_manager_enabled3D.WP.Tag.Cloud.M.php:1382

Maintenance & Trust

3D WP Tag Cloud-M Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedJan 17, 2018

PHP min version

Downloads8K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

3D WP Tag Cloud-M Alternatives

3D WP Tag Cloud-S

my-wp-tagcanvas

3D WP Tag Cloud-S draws and animates an HTML5 canvas based tag cloud.

90 No CVEs

WP-TagCanvas

wp-tagcanvas

WP-TagCanvas is a plugin using Javascript class which will draw and animate a HTML5 canvas based tag cloud. It support three shape

40 No CVEs

WI Games Shortcode

wi-games-shortcode

This plug-in will help you to place any game which you can find on wigames.net without problems

10 No CVEs

WI Games widget Plugin

wi-games-widget

100

This plugin will help you to smoothly integrate WI Games widget to your website.

10 No CVEs

Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress

contact-form-plugin

The most powerful and user-friendly WordPress contact form plugin. Create beautiful contact forms, widgets and pages using shortcodes.

30K 1 unpatched

Developer Profile

3D WP Tag Cloud-M Developer Profile

hityr5yr

2 plugins · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect 3D WP Tag Cloud-M

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/3d-wp-tag-cloud-m/m.variables.php

Script Paths

/wp-content/plugins/3d-wp-tag-cloud-m/js/3D.WP.tagcanvas.js

Version Parameters

3D.WP.tagcanvas.js?ver=

HTML / DOM Fingerprints

CSS Classes

all_in_oneall-menu-tooltipexcludediv

HTML Comments

Data Attributes

goof

JS Globals

goofWebFont

Shortcode Output

<div id="all_archives_container_<div id="all_authors_container_<div id="all_categories_container_<div id="all_links_container_

FAQ