WP-Safety

Planet Pop Security & Risk Analysis

wordpress.org/plugins/planet-pop

Interactive 3D planet viewer with hotspots, tooltips, animations, environment maps and realistic lighting.

0 active installs v1.0 PHP 8.0+ WP 6.0+ Updated Jan 30, 2026
3d-model-viewergltfplanetsspacesun
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Planet Pop Safe to Use in 2026?

Generally Safe

Score 100/100

Planet Pop has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "planet-pop" v1.0 plugin exhibits a generally strong security posture, with several key positive indicators. Notably, all SQL queries utilize prepared statements, and all output is properly escaped, which are fundamental security practices. The absence of dangerous functions, file operations, external HTTP requests, and the use of a single nonce check also contribute positively. However, a significant concern arises from the presence of 6 AJAX handlers, of which 4 lack authentication checks. This creates a substantial attack surface that could be exploited by unauthenticated users. While there is no recorded vulnerability history or taint analysis findings, the unprotected AJAX endpoints represent a critical, albeit currently theoretical, risk that demands attention. The plugin demonstrates good coding practices in critical areas like SQL and output handling, but the unprotected AJAX handlers significantly detract from its overall security.

Key Concerns

  • 4 AJAX handlers without authentication
  • Only 1 nonce check for 7 entry points
  • Only 1 capability check for 7 entry points
Vulnerabilities
None known

Planet Pop Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Planet Pop Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
74 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped74 total outputs
Attack Surface
4 unprotected

Planet Pop Attack Surface

Entry Points7
Unprotected4

AJAX Handlers 6

noprivwp_ajax_fwdpp_get_cssphp\FWDPP.php:120
authwp_ajax_fwdpp_get_cssphp\FWDPP.php:121
noprivwp_ajax_fwdpp_set_cssphp\FWDPP.php:123
authwp_ajax_fwdpp_set_cssphp\FWDPP.php:124
noprivwp_ajax_fwdpp_update_planetsphp\FWDPP.php:127
authwp_ajax_fwdpp_update_planetsphp\FWDPP.php:128

Shortcodes 1

[fwdpp] php\FWDPP.php:138
WordPress Hooks 11
actionadmin_menuphp\FWDPP.php:114
actionadmin_enqueue_scriptsphp\FWDPP.php:115
actionwp_enqueue_scriptsphp\FWDPP.php:116
actionwpphp\FWDPP.php:142
filterwoocommerce_single_product_image_thumbnail_htmlphp\FWDPP.php:169
actionwoocommerce_before_single_product_summaryphp\FWDPP.php:170
filterwoocommerce_single_product_image_gallery_classesphp\FWDPP.php:171
actioninitplanet-pop.php:38
actionadmin_initplanet-pop.php:39
filterupload_mimesplanet-pop.php:48
filterwp_check_filetype_and_extplanet-pop.php:56
Maintenance & Trust

Planet Pop Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 30, 2026
PHP min version8.0
Downloads92

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Planet Pop Alternatives

Imsanity

Imsanity

imsanity

A
100

Automatically resizes huge image uploads. Are contributors uploading huge photos? Tired of manually resizing your images? Imsanity to the rescue!

200K No CVEs
3D Viewer – Display Interactive 3D Models

3D Viewer – Display Interactive 3D Models

3d-viewer

A
100

3D Viewer lets you embed interactive 3D models and 360 product views on WordPress sites with support for GLB, GLTF, OBJ, STL, FBX, DAE, and BIM.

10K No CVEs
FakerPress

FakerPress

fakerpress

A
100

FakerPress is a clean way to generate fake and dummy content to your WordPress, great for developers who need testing

10K No CVEs
PNG to JPG

PNG to JPG

png-to-jpg

A
99

Convert PNG images to JPG, free up web space and speed up your webpage

10K 1 CVE
Disk Usage Sunburst

Disk Usage Sunburst

disk-usage-sunburst

A
100

Visualize and drill down the disk usage of your whole WordPress installation. Find and identify big files immediately!

9K No CVEs
Developer Profile

Planet Pop Developer Profile

FWD

7 plugins · 80 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Planet Pop

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/planet-pop/js/admin.js/wp-content/plugins/planet-pop/js/fwdpp.js/wp-content/plugins/planet-pop/js/fwdpp.public.js/wp-content/plugins/planet-pop/css/admin.css/wp-content/plugins/planet-pop/css/fwdpp.css
Script Paths
/wp-content/plugins/planet-pop/js/admin.js/wp-content/plugins/planet-pop/js/fwdpp.js/wp-content/plugins/planet-pop/js/fwdpp.public.js
Version Parameters
planet-pop/js/admin.js?ver=planet-pop/js/fwdpp.js?ver=planet-pop/js/fwdpp.public.js?ver=planet-pop/css/admin.css?ver=planet-pop/css/fwdpp.css?ver=

HTML / DOM Fingerprints

CSS Classes
fwdpp-viewer-wrapfwdpp-admin-menu-wrap
Data Attributes
data-fwdpp-id
JS Globals
fwdpp_optionsfwdpp_admin_options
REST Endpoints
/wp-json/planet-pop/v1/get-planets/wp-json/planet-pop/v1/save-planets/wp-json/planet-pop/v1/get-css/wp-json/planet-pop/v1/set-css
Shortcode Output
[fwdpp
FAQ

Frequently Asked Questions about Planet Pop