Does Garden Gnome Package have any unpatched vulnerabilities?

No. All known vulnerabilities in Garden Gnome Package have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Garden Gnome Package compatible with WordPress 6.9.0?

According to WordPress.org data, Garden Gnome Package 2.4.1 has been tested up to WordPress 6.9.0. Check the plugin's changelog for the latest compatibility information.

Is Garden Gnome Package compatible with PHP 7.2+?

Garden Gnome Package requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Garden Gnome Package updated?

Garden Gnome Package was last updated on Dec 11, 2025. Frequent updates are generally a positive security signal.

What is Garden Gnome Package's security score?

Garden Gnome Package has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Garden Gnome Package Security & Risk Analysis

wordpress.org/plugins/garden-gnome-package

Display panoramas, virtual tours or object movies created with Pano2VR and Object2VR.

4K active installs v2.4.1 PHP 7.2+ WP 5.0+ Updated Dec 11, 2025

360panoramavirtual-tourwebvrwebxr

A · Safe

CVEs total3

Unpatched0

Last CVEJan 7, 2025

Plugin page Download

Safety Verdict

Is Garden Gnome Package Safe to Use in 2026?

Generally Safe

Score 97/100

Garden Gnome Package has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jan 7, 2025Updated 3mo ago

Risk Assessment

The 'garden-gnome-package' plugin v2.4.1 presents a mixed security posture. Static analysis reveals a relatively small attack surface, with no unprotected AJAX handlers or REST API routes, and a good percentage of output being properly escaped. The complete absence of raw SQL queries and a single nonce check are also positive indicators of secure coding practices.

However, the vulnerability history is a significant concern. The plugin has a history of 3 known CVEs, including high and medium severity vulnerabilities such as Unrestricted Upload of File with Dangerous Type and Cross-Site Scripting. While there are currently no unpatched vulnerabilities, this pattern suggests a recurring weakness in the plugin's security, potentially indicating a need for more rigorous security auditing and testing by the developers. The lack of any identified critical taint flows in the static analysis is a positive point, but the historical vulnerabilities outweigh this for the overall risk assessment.

In conclusion, while the current version of 'garden-gnome-package' shows some good security implementations in its static analysis, its past vulnerability record demands caution. Users should be aware of the potential for future vulnerabilities given the history of insecure code patterns, and developers should prioritize addressing the root causes of past issues.

Key Concerns

High number of past vulnerabilities (3 total)
Past high severity vulnerability (1)
Past medium severity vulnerabilities (2)
No capability checks on entry points
Some output not properly escaped (11%)

Vulnerabilities

Garden Gnome Package Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2024-12854high · 8.8Unrestricted Upload of File with Dangerous Type

Garden Gnome Package <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload

Jan 7, 2025 Patched in 2.4.0 (1d)

CVE-2024-8657medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Garden Gnome Package <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 23, 2024 Patched in 2.3.0 (1d)

CVE-2023-5664medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Garden Gnome Package <= 2.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Nov 6, 2023 Patched in 2.2.9 (78d)

Code Analysis

Analyzed Mar 16, 2026

Garden Gnome Package Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

33 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

89% escaped37 total outputs

Attack Surface

Garden Gnome Package Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[ggpkg] ggpkg.php:53

WordPress Hooks 16

actioninitggpkg.php:52

filterupload_mimesggpkg.php:56

filterwp_check_filetype_and_extggpkg.php:57

actionadd_attachmentggpkg.php:58

filterpost_mime_typesggpkg.php:59

actiondelete_attachmentggpkg.php:60

filterwp_get_attachment_image_attributesggpkg.php:61

filterwp_prepare_attachment_for_jsggpkg.php:62

filterwp_get_attachment_metadataggpkg.php:63

filterwp_mime_type_iconggpkg.php:64

filtermedia_send_to_editorggpkg.php:65

actionelementor/widgets/widgets_registeredggpkg.php:66

actionadmin_menuggpkg.php:79

actionadmin_initggpkg.php:80

actionadmin_print_scriptsggpkg.php:83

actionadmin_print_stylesggpkg.php:84

Maintenance & Trust

Garden Gnome Package Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0

Last updatedDec 11, 2025

PHP min version7.2

Downloads51K

Community Trust

Rating84/100

Number of ratings5

Active installs4K

Alternatives

Garden Gnome Package Alternatives

WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress

wpvr

Create stunning 360 virtual tours to impress visitors and get more clients using WPVR - the easiest virtual tour creator in WordPress.

10K 14 CVEs

iPanorama 360 – Advanced Virtual Tour Builder

ipanorama-360-virtual-tour-builder-lite

Let's create virtual tours for your site that empowers your visitors and clients!!! Build a live tour in just a few steps.

5K 6 CVEs

Panorama – 360 Virtual Tour, Panoramic image viewer and More

panorama

100

Panorama Viewer displays panoramic images/videos easily on your WordPress site. Supports various files like .png, .jpeg, .mp4, and more.

3K No CVEs

Photo Sphere Viewer – 360° Panorama, Virtual Tour & 360 Video for WordPress

photo-sphere-viewer

100

Display 360° panoramas, virtual tours & 360 videos on WordPress with Elementor, Gutenberg, or shortcodes. No coding needed.

400 No CVEs

360 Viewer Light

360-viewer-light-for-elementor-wpbakery

360 Photo Viewer

300 No CVEs

Developer Profile

Garden Gnome Package Developer Profile

Chief Gnome

1 plugin · 4K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

27 days

View full developer profile

Detection Fingerprints

How We Detect Garden Gnome Package

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/garden-gnome-package/include/ggskin.css

HTML / DOM Fingerprints

CSS Classes

ggpkg-viewer

Data Attributes

data-ggpkg-id

Shortcode Output

No Garden Gnome Package selected!

FAQ