WP-Safety

Vision – Interactive Image Map Builder Security & Risk Analysis

wordpress.org/plugins/vision

Empower your site with interactive visuals! Our plugin seamlessly transforms static images into engaging media, enabling publishers and bloggers.

2K active installs v1.9.9 PHP 7.4+ WP 4.6+ Updated Apr 17, 2025
floor-planhotspotsimage-mapsinfographicsinteractive-images
98
A · Safe
CVEs total3
Unpatched0
Last CVEApr 22, 2024
Plugin page Download
Safety Verdict

Is Vision – Interactive Image Map Builder Safe to Use in 2026?

Generally Safe

Score 98/100

Vision – Interactive Image Map Builder has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 22, 2024Updated 11mo ago
Risk Assessment

The 'vision' v1.9.9 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of prepared SQL statements and properly escaped output. The absence of external HTTP requests and the presence of nonce and capability checks are also strong indicators of security awareness. However, the presence of 10 instances of the dangerous `unserialize` function is a significant concern, as it can lead to critical vulnerabilities if not handled with extreme care and proper sanitization. The taint analysis reveals two flows with unsanitized paths, which, although not rated critical or high severity, still represent potential risks of data manipulation or unexpected behavior. The vulnerability history shows three past medium-severity CVEs, primarily related to Missing Authorization and Cross-Site Scripting. While there are currently no unpatched vulnerabilities, this history suggests a pattern of past security weaknesses that warrant vigilance. Overall, while the plugin has some robust security features, the `unserialize` usage and past vulnerability types highlight areas that require careful monitoring and potential remediation.

Key Concerns

  • Multiple dangerous function uses (unserialize)
  • Flows with unsanitized paths found
  • Past CVEs indicating authorization/XSS issues
Vulnerabilities
3

Vision – Interactive Image Map Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2022
2022
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2024-32779medium · 5.3Missing Authorization

Vision Interactive <= 1.7.1 - Missing Authorization

Apr 22, 2024 Patched in 1.7.2 (8d)
CVE-2022-4391medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Vision Interactive <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 16, 2022 Patched in 1.5.4 (403d)
WF-202a8724-14da-4edb-870e-2fee205b1d53-visionmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Vision Interactive For WordPress <= 1.5.1 - Reflected Cross-Site Scripting

Oct 11, 2021 Patched in 1.5.2 (834d)
Code Analysis
Analyzed Mar 16, 2026

Vision – Interactive Image Map Builder Code Analysis

Dangerous Functions
10
Raw SQL Queries
7
60 prepared
Unescaped Output
7
89 escaped
Nonce Checks
14
Capability Checks
11
File Operations
4
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$itemData = unserialize($item->data);includes\list-table-items.php:367
unserialize$itemConfig = unserialize($item->config);includes\list-table-items.php:370
unserialize$config = unserialize($item->config);includes\plugin.php:94
unserialize$config = unserialize($item->config);includes\plugin.php:100
unserialize$settings = unserialize($settings_value);includes\plugin.php:179
unserialize$itemData = unserialize($item->data);includes\plugin.php:316
unserialize$globals['settings'] = unserialize($settings_value); // json_encode(unserialize($settings_value)) princludes\plugin.php:708
unserialize$globals['config'] = unserialize($item->data); // json_encode(unserialize($item->data)) problem withincludes\plugin.php:722
unserialize$globals['config'] = wp_json_encode(unserialize($settings_value));includes\plugin.php:772
unserialize$itemData = unserialize($item->data);includes\plugin.php:813

SQL Query Safety

90% prepared67 total queries

Output Escaping

93% escaped96 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
page_redirects (includes\plugin.php:597)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Vision – Interactive Image Map Builder Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 15
filterfilesystem_methodincludes\list-table-items.php:55
filterrequest_filesystem_credentialsincludes\list-table-items.php:56
actionadmin_menuincludes\plugin.php:43
filtersubmenu_fileincludes\plugin.php:44
actionadmin_footerincludes\plugin.php:45
actionadmin_noticesincludes\plugin.php:46
actionin_admin_headerincludes\plugin.php:47
actionwp_loadedincludes\plugin.php:48
filterdo_parse_requestincludes\plugin.php:63
actionrest_api_initincludes\plugin.php:66
filterfilesystem_methodincludes\plugin.php:129
filterrequest_filesystem_credentialsincludes\plugin.php:130
actionadmin_noticesincludes\plugin.php:532
actionplugins_loadedvision.php:57
actioninitvision.php:73
Maintenance & Trust

Vision – Interactive Image Map Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 17, 2025
PHP min version7.4
Downloads70K

Community Trust

Rating98/100
Number of ratings8
Active installs2K
Alternatives

Vision – Interactive Image Map Builder Alternatives

Interactive Image Map Plugin – Draw Attention

Interactive Image Map Plugin – Draw Attention

draw-attention

A
99

Create interactive images with clickable hotspots, using modern image maps for WordPress. Perfect for floor plans, infographics, maps, and more.

20K 2 CVEs
Interactive Image – Real Estate Visualizer & Image Map

Interactive Image – Real Estate Visualizer & Image Map

interactive-real-estate

A
100

⚡ Create interactive images with clickable zones on svg. Display floor plans, image maps, property details and 2D/3D photos. No coding required.

20 No CVEs
PicPoints

PicPoints

picpoints

A
100

Create interactive images with clickable hotspots for WordPress.

0 No CVEs
Shoppable Images (Lookbook) for WooCommerce

Shoppable Images (Lookbook) for WooCommerce

mabel-shoppable-images-lite

A
99

Create interactive 'shoppable' images (lookbooks) with click-to-buy tags. Ideal to showcase your products in a different way and drive more traffic.

7K 2 CVEs
Image Hotspot – Map Image Annotation

Image Hotspot – Map Image Annotation

image-map-hotspots

A
100

Image hotspot lets you easily add custom tooltips to your images and add hotspot when highlighting them. Furthermore, you have the option of setting c &hellip;

3K No CVEs
Developer Profile

Vision – Interactive Image Map Builder Developer Profile

Avirtum

6 plugins · 11K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
324 days
View full developer profile
Detection Fingerprints

How We Detect Vision – Interactive Image Map Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/vision/assets/vendor/lucide/lucide.css/wp-content/plugins/vision/assets/css/preview.css/wp-content/plugins/vision/assets/js/preview.js/wp-content/plugins/vision/assets/js/loader.js
Script Paths
/wp-content/plugins/vision/assets/vendor/lucide/lucide.css/wp-content/plugins/vision/assets/css/preview.css/wp-content/plugins/vision/assets/js/preview.js/wp-content/plugins/vision/assets/js/loader.js
Version Parameters
vision-lucidevision-previewvision-loader

HTML / DOM Fingerprints

CSS Classes
vision-preview-wrapvision-preview-headervision-preview-btnvision-preview-workspacevision-preview-canvas
Data Attributes
data-device
JS Globals
vision_globals
REST Endpoints
/wp-json/vision/v1/item/
Shortcode Output
[vision
FAQ

Frequently Asked Questions about Vision – Interactive Image Map Builder