Does Three Importer have any unpatched vulnerabilities?

No. All known vulnerabilities in Three Importer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Three Importer compatible with WordPress 6.9.4?

According to WordPress.org data, Three Importer 1.0.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Three Importer compatible with PHP 7.4+?

Three Importer requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Three Importer updated?

Three Importer was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Three Importer's security score?

Three Importer has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Three Importer Security & Risk Analysis

wordpress.org/plugins/three-importer

A powerful ThreeJS WordPress plugin for creating 3D scenes via blocks, shortcodes, or custom script injection.

0 active installs v1.0.5 PHP 7.4+ WP 6.7+ Updated Unknown

3danimationgraphicsthreejswebgl

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Three Importer Safe to Use in 2026?

Generally Safe

Score 100/100

Three Importer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "three-importer" plugin v1.0.5 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, SQL queries executed via prepared statements, and universally properly escaped output are excellent indicators of secure coding practices. Furthermore, the plugin has no recorded vulnerabilities, suggesting a mature and well-maintained codebase.

However, there are some areas that warrant attention. The lack of any nonce checks or capability checks across all entry points (shortcodes in this case) is a significant concern. While the static analysis reported zero unprotected entry points, this is likely due to the absence of AJAX handlers and REST API routes. The shortcodes, being direct user-facing entry points, should ideally have some form of authorization or validation to prevent potential misuse, especially if they handle any user-supplied data or perform actions.

In conclusion, "three-importer" v1.0.5 has a solid foundation in terms of preventing common web vulnerabilities like SQL injection and XSS through prepared statements and proper output escaping. The clean vulnerability history further bolsters confidence. The primary weakness lies in the potential for unauthorized execution of shortcode functionality due to the absence of security checks on these entry points, which represents a notable risk despite the current lack of exploitable CVEs.

Key Concerns

Missing nonce checks on shortcodes
Missing capability checks on shortcodes

Vulnerabilities

None known

Three Importer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Three Importer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

37 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped37 total outputs

Attack Surface

Three Importer Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[ti3d_scene] three-importer.php:138

[ti3d_sceneinject] three-importer.php:197

WordPress Hooks 3

actioninitthree-importer.php:33

actionwp_enqueue_scriptsthree-importer.php:253

actionenqueue_block_editor_assetsthree-importer.php:269

Maintenance & Trust

Three Importer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version7.4

Downloads182

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Three Importer Alternatives

Elements Hive for Breakdance

elements-hive-for-breakdance

100

Turn Your Breakdance Websites Into Visual Symphonies With Elements Hive.

1K No CVEs

ThreeWP

threewp

100

Easily integrate Three.js with WordPress to create and display 3D models and animations.

200 No CVEs

3D Viewer – Display Interactive 3D Models

3d-viewer

100

3D Viewer lets you embed interactive 3D models and 360 product views on WordPress sites with support for GLB, GLTF, OBJ, STL, FBX, DAE, and BIM.

10K No CVEs

Verge3D Publishing and E-Commerce

verge3d

Verge3D application publising and e-commerce plugin for WordPress.

500 6 CVEs

Threepress

threepress

3d model gallery uploader and viewer powered by three.js

200 1 CVE

Developer Profile

Three Importer Developer Profile

callahancodes

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Three Importer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/three-importer/build/blocks/ti-scene.js/wp-content/plugins/three-importer/build/ti-block.asset.php/wp-content/plugins/three-importer/build/ti-scene.js/wp-content/plugins/three-importer/build/ti-block.asset.php/wp-content/plugins/three-importer/assets/css/style.css

Script Paths

/wp-content/plugins/three-importer/build/ti-block.js

Version Parameters

three-importer/assets/css/style.css?ver=three-importer/build/ti-block.asset.php?ver=

HTML / DOM Fingerprints

CSS Classes

three-importer-containerti-content

Data Attributes

data-geometry-typedata-geometry-sizedata-geometry-materialdata-geometry-colordata-geometry-xrotationdata-geometry-yrotation+33 more

JS Globals

TI3D_MODE_MANUALTI3D_MODE_BLOCK_ACTIVETI3D_MODE_AUTOMATED

Shortcode Output

<div class="three-importer-container"

FAQ