WP-Safety

FWD Easy Virtual Tour Builder Security & Risk Analysis

wordpress.org/plugins/fwd-easy-virtual-tour-builder

Build immersive 360 virtual tours with multi-scene navigation, hotspots, camera presets, floor-map navigation, and realistic rendering.

0 active installs v1.0 PHP 8.0+ WP 6.0+ Updated Apr 2, 2026
360-panoramapanorama-viewerreal-estatevirtual-tour
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is FWD Easy Virtual Tour Builder Safe to Use in 2026?

Generally Safe

Score 100/100

FWD Easy Virtual Tour Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The FWD Easy Virtual Tour Builder plugin, version 1.0, exhibits a mixed security posture. On the positive side, it demonstrates strong security practices by exclusively using prepared statements for SQL queries and ensuring all output is properly escaped. The absence of any known vulnerabilities, including critical or high severity ones, and no recorded history of past issues is also a significant strength, suggesting a generally well-maintained codebase. However, the plugin presents notable security concerns primarily due to its attack surface. It exposes four AJAX handlers that lack authentication checks, creating potential entry points for unauthorized actions. While taint analysis and static code signals show no direct evidence of dangerous functions or unsanitized flows in this version, the unprotected AJAX endpoints represent a significant risk that could be exploited if vulnerabilities exist within them. The lack of capability checks on these endpoints further exacerbates this risk. In conclusion, while the plugin benefits from robust SQL and output sanitization and a clean vulnerability history, the unprotected AJAX endpoints are a critical weakness that requires immediate attention. Future development should prioritize implementing proper authentication and authorization checks for all exposed AJAX handlers to mitigate potential security risks.

Key Concerns

  • AJAX handlers without auth checks
  • AJAX handlers without capability checks
Vulnerabilities
None known

FWD Easy Virtual Tour Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

FWD Easy Virtual Tour Builder Release Timeline

v1.0Current
Code Analysis
Analyzed Apr 16, 2026

FWD Easy Virtual Tour Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
755 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped755 total outputs
Attack Surface
4 unprotected

FWD Easy Virtual Tour Builder Attack Surface

Entry Points7
Unprotected4

AJAX Handlers 6

noprivwp_ajax_fwdevtb_get_cssphp/FWDEVTB.php:121
authwp_ajax_fwdevtb_get_cssphp/FWDEVTB.php:122
noprivwp_ajax_fwdevtb_set_cssphp/FWDEVTB.php:124
authwp_ajax_fwdevtb_set_cssphp/FWDEVTB.php:125
noprivwp_ajax_fwdevtb_update_scenesphp/FWDEVTB.php:127
authwp_ajax_fwdevtb_update_scenesphp/FWDEVTB.php:128

Shortcodes 1

[fwdevtb] php/FWDEVTB.php:132
WordPress Hooks 11
actioninitfwd-easy-virtual-tour-builder.php:39
actionadmin_initfwd-easy-virtual-tour-builder.php:40
filterupload_mimesfwd-easy-virtual-tour-builder.php:49
filterwp_check_filetype_and_extfwd-easy-virtual-tour-builder.php:57
actionadmin_menuphp/FWDEVTB.php:115
actionadmin_enqueue_scriptsphp/FWDEVTB.php:116
actionwp_enqueue_scriptsphp/FWDEVTB.php:117
actionwpphp/FWDEVTB.php:136
filterwoocommerce_single_product_image_thumbnail_htmlphp/FWDEVTB.php:163
actionwoocommerce_before_single_product_summaryphp/FWDEVTB.php:164
filterwoocommerce_single_product_image_gallery_classesphp/FWDEVTB.php:165
Maintenance & Trust

FWD Easy Virtual Tour Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 2, 2026
PHP min version8.0
Downloads165

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

FWD Easy Virtual Tour Builder Alternatives

WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress

WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress

wpvr

A
91

Create stunning 360 virtual tours to impress visitors and get more clients using WPVR - the easiest virtual tour creator in WordPress.

10K 14 CVEs
HappyVR – Virtual Tour Builder & 360 Panorama Viewer

HappyVR – Virtual Tour Builder & 360 Panorama Viewer

happyvr

A
100

Create high-performance 360° virtual tours in minutes with a feature-rich, React-powered builder optimized for smooth editing and fast loading.

30 No CVEs
iPanorama 360 – Advanced Virtual Tour Builder

iPanorama 360 – Advanced Virtual Tour Builder

ipanorama-360-virtual-tour-builder-lite

A
86

Let's create virtual tours for your site that empowers your visitors and clients!!! Build a live tour in just a few steps.

5K 6 CVEs
Photo Sphere Viewer – 360° Panorama, Virtual Tour & 360 Video for WordPress

Photo Sphere Viewer – 360° Panorama, Virtual Tour & 360 Video for WordPress

photo-sphere-viewer

A
100

Display 360° panoramas, virtual tours & 360 videos on WordPress with Elementor, Gutenberg, or shortcodes. No coding needed.

400 No CVEs
Virtual Tour Builder

Virtual Tour Builder

virtual-tours

A
85

Transform your WordPress site with Viar.Live Virtual Tour Builder! Create immersive 360° tours, enhance engagement with interactive hotspots, and boos …

0 No CVEs
Developer Profile

FWD Easy Virtual Tour Builder Developer Profile

FWD

8 plugins · 90 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect FWD Easy Virtual Tour Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fwd-easy-virtual-tour-builder/js/fwdevtb.js/wp-content/plugins/fwd-easy-virtual-tour-builder/css/fwdevtb.css
Script Paths
/wp-content/plugins/fwd-easy-virtual-tour-builder/js/fwdevtb.js
Version Parameters
fwd-easy-virtual-tour-builder/js/fwdevtb.js?ver=fwd-easy-virtual-tour-builder/css/fwdevtb.css?ver=

HTML / DOM Fingerprints

CSS Classes
fwdevtb-wrap
Data Attributes
data-fwdevtb-src
JS Globals
FWDEVTB
Shortcode Output
[fwdevtb id=
FAQ

Frequently Asked Questions about FWD Easy Virtual Tour Builder