WP-Safety

3D Viewer – glb/gltf Viewer by WPSE Security & Risk Analysis

wordpress.org/plugins/advanced-3d-model-viewer

Embed and interact with 3D models in your WordPress content using a block, shortcode, or custom post type.

40 active installs v1.0.0 PHP 7.4+ WP 5.8+ Updated Sep 26, 2025
3d-model-display3d-viewerglb-viewergltfwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is 3D Viewer – glb/gltf Viewer by WPSE Safe to Use in 2026?

Generally Safe

Score 100/100

3D Viewer – glb/gltf Viewer by WPSE has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The "advanced-3d-model-viewer" plugin version 1.0.0 demonstrates a strong security posture based on the provided static analysis. The absence of dangerous functions, the consistent use of prepared statements for SQL queries, and the proper escaping of all output are significant strengths. Furthermore, the lack of file operations and external HTTP requests reduces the potential for common attack vectors. The plugin also exhibits no known vulnerabilities in its history, suggesting a diligent approach to security by its developers.

However, the analysis does reveal a critical area for concern: the complete absence of nonce and capability checks across all entry points. While the current attack surface appears small (one shortcode with no apparent auth checks), this lack of security fundamentals means that any future expansion of functionality or unforeseen vulnerabilities could be easily exploited. The zero taint flows are positive, but this should not overshadow the fundamental security gaps.

In conclusion, the plugin has excellent technical implementations for sanitization and query security. Nevertheless, the complete disregard for authentication and authorization mechanisms represents a significant weakness. The developers should prioritize implementing nonce and capability checks to ensure that even benign functionalities cannot be abused by unauthenticated users.

Key Concerns

  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

3D Viewer – glb/gltf Viewer by WPSE Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

3D Viewer – glb/gltf Viewer by WPSE Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
14 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped14 total outputs
Attack Surface

3D Viewer – glb/gltf Viewer by WPSE Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[a3dmv_model_viewer] includes\A3DMV.php:67
WordPress Hooks 12
actionplugins_loadedincludes\A3DMV.php:35
actionadmin_enqueue_scriptsincludes\A3DMV.php:40
actionadmin_enqueue_scriptsincludes\A3DMV.php:41
actionwp_enqueue_scriptsincludes\A3DMV.php:46
actionwp_enqueue_scriptsincludes\A3DMV.php:47
actioninitincludes\A3DMV.php:52
actioninitincludes\A3DMV.php:59
actioninitincludes\A3DMV.php:60
actioninitincludes\A3DMV.php:61
filterscript_loader_tagincludes\A3DMV.php:62
filterupload_mimesincludes\EnableMimeType.php:12
filterwp_check_filetype_and_extincludes\EnableMimeType.php:13
Maintenance & Trust

3D Viewer – glb/gltf Viewer by WPSE Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 26, 2025
PHP min version7.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs40
Alternatives

3D Viewer – glb/gltf Viewer by WPSE Alternatives

3D Viewer Online

3D Viewer Online

3dvieweronline-wp

A
91

An easy, realistic and customizable 3D Viewer to embed 3D models of your products/designs into your Wordpress/WooCommerce website (responsive layout)

40 1 CVE
ExploreXR

ExploreXR

explorexr

A
100

Interactive 3D models for WordPress. Upload GLB/GLTF files, embed via shortcode, and extend with modular add-ons. No coding required.

30 No CVEs
3D Webviewer by Arty

3D Webviewer by Arty

3d-webviewer-by-arty

A
85

3D model web viewer by Arty.

10 No CVEs
Press3D

Press3D

press3d

B
78

Display interactive 3D models (STL, OBJ, GLB, GLTF) with Gutenberg blocks and shortcodes.

10 1 unpatched
3D Product Viewer & WebAR for WooCommerce

3D Product Viewer & WebAR for WooCommerce

wc-product-3d-viewer

A
85

The Viraview plugin allows your Woocommerce powered webshop to display your products in 3D & WebAR for PC, Android and Apple.

10 No CVEs
Developer Profile

3D Viewer – glb/gltf Viewer by WPSE Developer Profile

WP Shopify Expert

3 plugins · 90 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect 3D Viewer – glb/gltf Viewer by WPSE

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advanced-3d-model-viewer/assets/css/main.css/wp-content/plugins/advanced-3d-model-viewer/assets/js/frontend.js/wp-content/plugins/advanced-3d-model-viewer/assets/js/editor.js/wp-content/plugins/advanced-3d-model-viewer/build/index.js
Script Paths
/wp-content/plugins/advanced-3d-model-viewer/assets/js/frontend.js/wp-content/plugins/advanced-3d-model-viewer/assets/js/editor.js/wp-content/plugins/advanced-3d-model-viewer/build/index.js
Version Parameters
advanced-3d-model-viewer/assets/css/main.css?ver=advanced-3d-model-viewer/assets/js/frontend.js?ver=advanced-3d-model-viewer/assets/js/editor.js?ver=advanced-3d-model-viewer/build/index.js?ver=

HTML / DOM Fingerprints

CSS Classes
a3dmv-model-viewer
Data Attributes
data-a3dmv-model-url
JS Globals
wp
Shortcode Output
[a3dmv_model_viewer
FAQ

Frequently Asked Questions about 3D Viewer – glb/gltf Viewer by WPSE