SwiftXR (3D/AR/VR) Viewer Security & Risk Analysis
wordpress.org/plugins/swiftxr-3darvr-viewerEasily enhance customer engagement with immersive 3D, AR, and VR experiences
Is SwiftXR (3D/AR/VR) Viewer Safe to Use in 2026?
Mostly Safe
Score 70/100SwiftXR (3D/AR/VR) Viewer is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.
The "swiftxr-3darvr-viewer" plugin, version 1.0.7, presents a mixed security posture. While it exhibits good practices in terms of limiting its attack surface to a single shortcode and avoiding file operations and external HTTP requests, there are significant concerns. The taint analysis reveals two high-severity flows with unsanitized paths, indicating potential vulnerabilities that could be exploited if user input is not properly validated and sanitized before use. Furthermore, the presence of an unpatched medium severity CVE with a recent discovery date (2025-04-04) is a notable weakness, suggesting a potential for known exploits to be leveraged against users running this version.
The plugin's reliance on capabilities checks is a positive sign for authorization, but the complete absence of nonce checks is a significant oversight, particularly if any of its functionality can be triggered by external requests. The SQL query usage, while mostly prepared, still has a portion that is not, which could be a vector for SQL injection if not handled with extreme care. Overall, the plugin has strengths in its limited entry points and output escaping, but the high-severity taint flows and the unpatched CVE require immediate attention.
Key Concerns
- Unpatched CVE (medium severity)
- High severity taint flow with unsanitized path
- High severity taint flow with unsanitized path
- Raw SQL without prepared statements
- Missing nonce checks
SwiftXR (3D/AR/VR) Viewer Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
SwiftXR (3D/AR/VR) Viewer <= 1.0.7 - Cross-Site Request Forgery
SwiftXR (3D/AR/VR) Viewer Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
SwiftXR (3D/AR/VR) Viewer Attack Surface
Shortcodes 1
WordPress Hooks 2
Maintenance & Trust
SwiftXR (3D/AR/VR) Viewer Maintenance & Trust
Maintenance Signals
Community Trust
SwiftXR (3D/AR/VR) Viewer Alternatives
AR for WordPress
ar-for-wordpress
Augmented Reality for WordPress lets you showcase 3D models in an interactive viewer and AR on iOS and Android, with no app downloads needed.
Augmented Reality Viewer – 3D Model Viewer
ar-viewer
By using this plugin, you can easily create an augmented reality viewer or 3D model viewer anywhere on your website.
AR for WooCommerce
ar-for-woocommerce
Augmented Reality for WooCommerce plugin lets you display 3D models and AR products directly in your store with no app required.
ARViewz
arviewz
This plugin integrates ARViewz functionality into WordPress.
Reality shop – Unlimited 3D for Elementor and WooCommerce
reality-shop-3d
🔥 Reality Shop 3D – WooCommerce 3D & 360° Product Viewer for WordPress
SwiftXR (3D/AR/VR) Viewer Developer Profile
1 plugin · 100 total installs
How We Detect SwiftXR (3D/AR/VR) Viewer
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/swiftxr-3darvr-viewer/admin/js/swiftxr-viewer-admin.js/wp-content/plugins/swiftxr-3darvr-viewer/admin/css/swiftxr-viewer-admin.css/wp-content/plugins/swiftxr-3darvr-viewer/admin/js/swiftxr-viewer-admin.jsHTML / DOM Fingerprints
swiftxr-settings-containerKill Unauthorized AccessPlugin Name: SwiftXR (3D/AR/VR) ViewerDescription: Easily add 3D/AR/VR views to your wesite and products to boost sales, engagement and delight customersVersion: 1.0.7+26 moreswiftxr-product-appendswiftxr-heightswiftxr-h-unitswiftxr-settings-submitmy_script_vars<iframe title="SwiftXR Embed