Does MomentoPress for Momento360 have any unpatched vulnerabilities?

No. All known vulnerabilities in MomentoPress for Momento360 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MomentoPress for Momento360 compatible with WordPress 6.4.8?

According to WordPress.org data, MomentoPress for Momento360 1.0.2 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

How often is MomentoPress for Momento360 updated?

MomentoPress for Momento360 was last updated on Oct 26, 2023. Frequent updates are generally a positive security signal.

What is MomentoPress for Momento360's security score?

MomentoPress for Momento360 has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MomentoPress for Momento360 Security & Risk Analysis

wordpress.org/plugins/cmyee-momentopress

Add 360° VR photos and videos easily to your WordPress site using MomentoPress for Momento360.

1K active installs v1.0.2 PHP + WP 4.8+ Updated Oct 26, 2023

360360-degree-photosmomento360virtual-realityvr

A · Safe

CVEs total1

Unpatched0

Last CVEOct 23, 2023

Download

Safety Verdict

Is MomentoPress for Momento360 Safe to Use in 2026?

Generally Safe

Score 85/100

MomentoPress for Momento360 has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 23, 2023Updated 2yr ago

Risk Assessment

The cmyee-momentopress plugin version 1.0.2 exhibits a generally positive security posture based on the static analysis, with no identified dangerous functions, file operations, or external HTTP requests. Notably, all SQL queries are prepared, and output escaping appears to be correctly implemented, which are strong indicators of secure coding practices. The absence of critical or high-severity taint flows further reinforces this. However, the plugin's vulnerability history reveals a past medium-severity Cross-Site Scripting (XSS) vulnerability, even though it is currently patched. This past incident, while resolved, suggests a potential for XSS to be introduced, and the lack of identified nonce or capability checks on its single shortcode, which represents its entire attack surface, is a significant concern. While the current analysis shows no direct exploits, the historical XSS and the potential for unauthenticated shortcode execution warrant caution.

Key Concerns

No capability checks on entry points
No nonce checks on entry points
History of medium XSS vulnerability

Vulnerabilities

MomentoPress for Momento360 Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-46782medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MomentoPress for Momento360 <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Oct 23, 2023 Patched in 1.0.2 (92d)

Code Analysis

Analyzed Mar 16, 2026

MomentoPress for Momento360 Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

MomentoPress for Momento360 Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[momentopress] momentopress.php:51

WordPress Hooks 1

actioninitmomentopress.php:22

Maintenance & Trust

MomentoPress for Momento360 Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedOct 26, 2023

PHP min version

Downloads17K

Community Trust

Rating90/100

Number of ratings2

Active installs1K

Alternatives

MomentoPress for Momento360 Alternatives

WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress

wpvr

Create stunning 360 virtual tours to impress visitors and get more clients using WPVR - the easiest virtual tour creator in WordPress.

10K 14 CVEs

WonderPano – 360 Panorama Viewer

wonderpano

100

WonderPano is a plugin that enables you add interactive 360 photos to your WordPress website.

10 No CVEs

Garden Gnome Package

garden-gnome-package

Display panoramas, virtual tours or object movies created with Pano2VR and Object2VR.

4K 3 CVEs

QTVR Viewer

qtvr-viewer

This plugin inserts a panoramic player into a WordPress article to view a 360 panoramic picture in QTVR format (.mov)

70 No CVEs

FPP-Pano

fpp-pano

100

FPP-Pano enables your WordPress blog to easily display your panoramas using the Flash Panorama Player (FPP)

10 No CVEs

Developer Profile

MomentoPress for Momento360 Developer Profile

Chris Yee

1 plugin · 1K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

92 days

View full developer profile

Detection Fingerprints

How We Detect MomentoPress for Momento360

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cmyee-momentopress/css/momentopress.css

Version Parameters

cmyee-momentopress/css/momentopress.css?ver=

HTML / DOM Fingerprints

CSS Classes

momentopress-containermomentopress-embed

Shortcode Output

<div class="momentopress-container"><iframe class="momentopress-embed" src="

FAQ