SwiftXR (3D/AR/VR) Viewer Security & Risk Analysis
wordpress.org/plugins/swiftxr-3darvr-viewerEasily enhance customer engagement with immersive 3D, AR, and VR experiences
Is SwiftXR (3D/AR/VR) Viewer Safe to Use in 2026?
Mostly Safe
Score 71/100SwiftXR (3D/AR/VR) Viewer is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved.
The "swiftxr-3darvr-viewer" plugin, version 1.0.7, presents a mixed security posture. While it exhibits good practices in terms of limiting its attack surface to a single shortcode and avoiding file operations and external HTTP requests, there are significant concerns. The taint analysis reveals two high-severity flows with unsanitized paths, indicating potential vulnerabilities that could be exploited if user input is not properly validated and sanitized before use. Furthermore, the presence of an unpatched medium severity CVE with a recent discovery date (2025-04-04) is a notable weakness, suggesting a potential for known exploits to be leveraged against users running this version.
The plugin's reliance on capabilities checks is a positive sign for authorization, but the complete absence of nonce checks is a significant oversight, particularly if any of its functionality can be triggered by external requests. The SQL query usage, while mostly prepared, still has a portion that is not, which could be a vector for SQL injection if not handled with extreme care. Overall, the plugin has strengths in its limited entry points and output escaping, but the high-severity taint flows and the unpatched CVE require immediate attention.
Key Concerns
- Unpatched CVE (medium severity)
- High severity taint flow with unsanitized path
- High severity taint flow with unsanitized path
- Raw SQL without prepared statements
- Missing nonce checks
SwiftXR (3D/AR/VR) Viewer Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
SwiftXR (3D/AR/VR) Viewer <= 1.0.7 - Cross-Site Request Forgery
SwiftXR (3D/AR/VR) Viewer Release Timeline
SwiftXR (3D/AR/VR) Viewer Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
SwiftXR (3D/AR/VR) Viewer Attack Surface
Shortcodes 1
WordPress Hooks 2
Maintenance & Trust
SwiftXR (3D/AR/VR) Viewer Maintenance & Trust
Maintenance Signals
Community Trust
SwiftXR (3D/AR/VR) Viewer Alternatives
AR for WordPress
ar-for-wordpress
Augmented Reality for WordPress lets you showcase 3D models in an interactive viewer and AR on iOS and Android, with no app downloads needed.
3D Viewer – 3D Model Viewer – Augmented Reality
ar-vr-3d-model-try-on
Display 3D models on WordPress & WooCommerce with built-in AR for iOS & Android. Unlimited uploads, no app needed. Gutenberg block included.
Augmented Reality Viewer – 3D Model Viewer
ar-viewer
By using this plugin, you can easily create an augmented reality viewer or 3D model viewer anywhere on your website.
PausAR – 3D and AR for Elementor
pausar-3d-ar-for-elementor
PausAR is a user-friendly and web-based 3D & augmented reality viewer that can be easily integrated into any Elementor powered WordPress website.
AR for WooCommerce
ar-for-woocommerce
Augmented Reality for WooCommerce plugin lets you display 3D models and AR products directly in your store with no app required.
SwiftXR (3D/AR/VR) Viewer Developer Profile
1 plugin · 100 total installs
How We Detect SwiftXR (3D/AR/VR) Viewer
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/swiftxr-3darvr-viewer/admin/js/swiftxr-viewer-admin.js/wp-content/plugins/swiftxr-3darvr-viewer/admin/css/swiftxr-viewer-admin.css/wp-content/plugins/swiftxr-3darvr-viewer/admin/js/swiftxr-viewer-admin.jsHTML / DOM Fingerprints
swiftxr-settings-containerKill Unauthorized AccessPlugin Name: SwiftXR (3D/AR/VR) ViewerDescription: Easily add 3D/AR/VR views to your wesite and products to boost sales, engagement and delight customersVersion: 1.0.7+26 moreswiftxr-product-appendswiftxr-heightswiftxr-h-unitswiftxr-settings-submitmy_script_vars<iframe title="SwiftXR Embed