Does 3D Viewer Online have any unpatched vulnerabilities?

No. All known vulnerabilities in 3D Viewer Online have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is 3D Viewer Online compatible with WordPress 6.7.5?

According to WordPress.org data, 3D Viewer Online 2.2.3 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is 3D Viewer Online compatible with PHP 7.0.0+?

3D Viewer Online requires PHP 7.0.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is 3D Viewer Online updated?

3D Viewer Online was last updated on Feb 14, 2025. Frequent updates are generally a positive security signal.

What is 3D Viewer Online's security score?

3D Viewer Online has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

3D Viewer Online Security & Risk Analysis

wordpress.org/plugins/3dvieweronline-wp

An easy, realistic and customizable 3D Viewer to embed 3D models of your products/designs into your Wordpress/WooCommerce website (responsive layout)

40 active installs v2.2.3 PHP 7.0.0+ WP 5.0+ Updated Feb 14, 2025

3d-model-viewer3d-product-viewer3d-viewerwoocommerce-3d-viewer

A · Safe

CVEs total1

Unpatched0

Last CVEJan 8, 2025

Plugin page Download

Safety Verdict

Is 3D Viewer Online Safe to Use in 2026?

Generally Safe

Score 91/100

3D Viewer Online has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 8, 2025Updated 1yr ago

Risk Assessment

The static analysis of "3dvieweronline-wp" v2.2.3 reveals a generally strong security posture with several good practices in place. The absence of dangerous functions, file operations, external HTTP requests, and a complete lack of raw SQL queries using prepared statements are all positive indicators. The high percentage of properly escaped outputs and a significant number of nonce checks further bolster its defenses. However, the most notable concern is the complete absence of capability checks, which means that actions initiated by the shortcodes are not restricted based on user roles. While no critical or high severity taint flows were identified, and all previously known vulnerabilities appear to be patched, the lack of capability checks creates a potential for privilege escalation if the shortcodes can be manipulated by users without sufficient permissions. The historical vulnerability data shows a past medium severity Cross-site Scripting (XSS) issue, suggesting that while currently patched, input validation and output sanitization have been areas requiring attention in the past. The small attack surface consisting of only two shortcodes is a mitigating factor, but the absence of permission checks on these entry points remains a significant weakness.

Key Concerns

Missing capability checks on entry points
Past medium severity vulnerability (XSS)

Vulnerabilities

3D Viewer Online Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-12514medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3DVieweronline <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 8, 2025 Patched in 2.2.3 (43d)

Code Analysis

Analyzed Mar 16, 2026

3D Viewer Online Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

98 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped100 total outputs

Attack Surface

3D Viewer Online Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[3Dvo-model] public\class-threedvieweronline-iframe-public.php:149

[3Dvo-model] trunk\public\class-threedvieweronline-iframe-public.php:149

WordPress Hooks 42

filtermce_external_pluginsadmin\class-threedvieweronline-iframe-admin.php:161

filtermce_buttonsadmin\class-threedvieweronline-iframe-admin.php:162

actionplugins_loadedincludes\class-threedvieweronline-iframe.php:108

actionplugins_loadedincludes\class-threedvieweronline-iframe.php:124

actionadmin_enqueue_scriptsincludes\class-threedvieweronline-iframe.php:139

filterplugin_row_metaincludes\class-threedvieweronline-iframe.php:143

actionadmin_menuincludes\class-threedvieweronline-iframe.php:146

actionenqueue_block_assetsincludes\class-threedvieweronline-iframe.php:149

actionenqueue_block_editor_assetsincludes\class-threedvieweronline-iframe.php:150

actionadd_meta_boxesincludes\class-threedvieweronline-iframe.php:153

actionsave_postincludes\class-threedvieweronline-iframe.php:154

actionadmin_headincludes\class-threedvieweronline-iframe.php:157

actioninitincludes\class-threedvieweronline-iframe.php:171

actionwp_enqueue_scriptsincludes\class-threedvieweronline-iframe.php:173

actionwp_enqueue_scriptsincludes\class-threedvieweronline-iframe.php:174

actionwp_footerincludes\class-threedvieweronline-iframe.php:175

actionwoocommerce_product_tabsincludes\class-threedvieweronline-iframe.php:177

actionwoocommerce_single_product_summaryincludes\class-threedvieweronline-iframe.php:179

actionwoocommerce_before_add_to_cart_formincludes\class-threedvieweronline-iframe.php:180

actionwoocommerce_after_add_to_cart_formincludes\class-threedvieweronline-iframe.php:181

actionadmin_noticesincludes\class-threedvieweronline-iframe.php:232

filtermce_external_pluginstrunk\admin\class-threedvieweronline-iframe-admin.php:161

filtermce_buttonstrunk\admin\class-threedvieweronline-iframe-admin.php:162

actionplugins_loadedtrunk\includes\class-threedvieweronline-iframe.php:108

actionplugins_loadedtrunk\includes\class-threedvieweronline-iframe.php:124

actionadmin_enqueue_scriptstrunk\includes\class-threedvieweronline-iframe.php:139

filterplugin_row_metatrunk\includes\class-threedvieweronline-iframe.php:143

actionadmin_menutrunk\includes\class-threedvieweronline-iframe.php:146

actionenqueue_block_assetstrunk\includes\class-threedvieweronline-iframe.php:149

actionenqueue_block_editor_assetstrunk\includes\class-threedvieweronline-iframe.php:150

actionadd_meta_boxestrunk\includes\class-threedvieweronline-iframe.php:153

actionsave_posttrunk\includes\class-threedvieweronline-iframe.php:154

actionadmin_headtrunk\includes\class-threedvieweronline-iframe.php:157

actioninittrunk\includes\class-threedvieweronline-iframe.php:171

actionwp_enqueue_scriptstrunk\includes\class-threedvieweronline-iframe.php:173

actionwp_enqueue_scriptstrunk\includes\class-threedvieweronline-iframe.php:174

actionwp_footertrunk\includes\class-threedvieweronline-iframe.php:175

actionwoocommerce_product_tabstrunk\includes\class-threedvieweronline-iframe.php:177

actionwoocommerce_single_product_summarytrunk\includes\class-threedvieweronline-iframe.php:179

actionwoocommerce_before_add_to_cart_formtrunk\includes\class-threedvieweronline-iframe.php:180

actionwoocommerce_after_add_to_cart_formtrunk\includes\class-threedvieweronline-iframe.php:181

actionadmin_noticestrunk\includes\class-threedvieweronline-iframe.php:232

Maintenance & Trust

3D Viewer Online Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 14, 2025

PHP min version7.0.0

Downloads8K

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

3D Viewer Online Alternatives

3D viewer by Visody

visody-3d-product-viewer

100

Easily add beautiful, fully-customizable 3D viewers to your WooCommerce product galleries and WordPress pages! AR capabilies included.

900 No CVEs

3D Product Viewer & WebAR for WooCommerce

wc-product-3d-viewer

The Viraview plugin allows your Woocommerce powered webshop to display your products in 3D & WebAR for PC, Android and Apple.

10 No CVEs

3D Viewer – Display Interactive 3D Models

3d-viewer

100

3D Viewer lets you embed interactive 3D models and 360 product views on WordPress sites with support for GLB, GLTF, OBJ, STL, FBX, DAE, and BIM.

10K No CVEs

3D Viewer Block – Interactive 3D Model Display

3d-viewer-block

100

Embed 3D models. Display interactive 3D models within a few clicks using the Gutenberg Editor.

900 No CVEs

Emb3D Model Viewer

emb3d-model-viewer

A 3D model viewer for Elementor and WooCommerce

100 No CVEs

Developer Profile

3D Viewer Online Developer Profile

3dvieweronline

1 plugin · 40 total installs

trust score

Avg Security Score

91/100

Avg Patch Time

43 days

View full developer profile

Detection Fingerprints

How We Detect 3D Viewer Online

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/3dvieweronline-wp/admin/css/font-awesome/css/font-awesome.min.css/wp-content/plugins/3dvieweronline-wp/admin/css/threedvieweronline-common-admin.css/wp-content/plugins/3dvieweronline-wp/admin/css/threedvieweronline-iframe-admin.css/wp-content/plugins/3dvieweronline-wp/admin/js/threedvieweronline-common-admin.js/wp-content/plugins/3dvieweronline-wp/admin/js/threedvieweronline-iframe-admin.js

Version Parameters

threedvieweronline-wp/admin/css/font-awesome/css/font-awesome.min.css?ver=threedvieweronline-wp/admin/css/threedvieweronline-common-admin.css?ver=threedvieweronline-wp/admin/css/threedvieweronline-iframe-admin.css?ver=threedvieweronline-wp/admin/js/threedvieweronline-common-admin.js?ver=threedvieweronline-wp/admin/js/threedvieweronline-iframe-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

tdv-contenttdv-model-wrappertdv-overlay

HTML Comments

Data Attributes

data-tdv-srcdata-tdv-autostartdata-tdv-canvas-iddata-tdv-controlsdata-tdv-ui

JS Globals

tdv_frontend_obj

Shortcode Output

[thrive_3d_viewer]

FAQ