STL Viewer Security & Risk Analysis
wordpress.org/plugins/stl-viewerWith a simple shortcode you can enable and embed a WebGL viewer to show 3d stl files.
Is STL Viewer Safe to Use in 2026?
Generally Safe
Score 85/100STL Viewer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'stl-viewer' plugin v1.1 exhibits a mixed security posture. On the positive side, it has no known vulnerabilities (CVEs) and demonstrates good practices by exclusively using prepared statements for SQL queries and having no external HTTP requests or cron events. The attack surface, while containing two shortcodes, currently has no identified unprotected entry points.
However, significant concerns arise from the static analysis. The most glaring issue is that 100% of its outputs are unescaped, presenting a high risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, there are no nonce checks, which is a critical oversight for any handler that could potentially be triggered by an authenticated user, further increasing the risk of unauthorized actions. While taint analysis shows no current flows, the lack of output escaping means any potential taint could lead to severe consequences.
Given the absence of past vulnerabilities, it's difficult to draw definitive patterns, but this could indicate either a very stable codebase or simply a lack of prior rigorous security auditing. The current analysis highlights a critical weakness in output sanitization and a concerning lack of protective measures like nonce checks, outweighing the positive aspects of its SQL handling and vulnerability history. The plugin's overall security is compromised by these critical omissions.
Key Concerns
- 100% of outputs are unescaped
- No nonce checks found
- Capability check is only present on 1 out of 2 entry points
STL Viewer Security Vulnerabilities
STL Viewer Code Analysis
Output Escaping
STL Viewer Attack Surface
Shortcodes 2
WordPress Hooks 4
Maintenance & Trust
STL Viewer Maintenance & Trust
Maintenance Signals
Community Trust
STL Viewer Alternatives
Easy 3D Viewer
woo-3d-viewer
Easy to use WordPress/WooCommerce product 3D viewer.
Press3D
press3d
Display interactive 3D models (STL, OBJ, GLB, GLTF) with Gutenberg blocks and shortcodes.
Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer
3d-flipbook-dflip-lite
Dear Flipbook creates PDF Flipbook, 3D Flipbook, PDF viewer, PDF embed for WordPress sites. Create impressive and realistic 3D flipbooks with PDFs.
3D Viewer – Display Interactive 3D Models
3d-viewer
3D Viewer lets you embed interactive 3D models and 360 product views on WordPress sites with support for GLB, GLTF, OBJ, STL, FBX, DAE, and BIM.
3D Viewer Block – Interactive 3D Model Display
3d-viewer-block
Embed 3D models. Display interactive 3D models within a few clicks using the Gutenberg Editor.
STL Viewer Developer Profile
3 plugins · 120 total installs
How We Detect STL Viewer
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/stl-viewer/js/three.min.js/wp-content/plugins/stl-viewer/js/STLLoader.js/wp-content/plugins/stl-viewer/js/TrackballControls.js/wp-content/plugins/stl-viewer/js/Detector.js/wp-content/plugins/stl-viewer/js/STLViewer.js/wp-content/plugins/stl-viewer/js/STLViewer.jsHTML / DOM Fingerprints
THREE.EulerTHREE.Vector3<div id="progress" style="width: 100%; text-align: center"><div id="webGLError" style="width: 100%; text-align: center"><div id="canvas" style="width:height: