Does Easy 3D Viewer have any unpatched vulnerabilities?

No. All known vulnerabilities in Easy 3D Viewer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Easy 3D Viewer compatible with WordPress 6.9.4?

According to WordPress.org data, Easy 3D Viewer 1.8.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Easy 3D Viewer updated?

Easy 3D Viewer was last updated on Mar 4, 2026. Frequent updates are generally a positive security signal.

What is Easy 3D Viewer's security score?

Easy 3D Viewer has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Easy 3D Viewer Security & Risk Analysis

wordpress.org/plugins/woo-3d-viewer

Easy to use WordPress/WooCommerce product 3D viewer.

1K active installs v1.8.7 PHP + WP 3.5+ Updated Mar 4, 2026

obj3dmodelstlviewer

A · Safe

CVEs total1

Unpatched0

Last CVEJul 2, 2025

Download

Safety Verdict

Is Easy 3D Viewer Safe to Use in 2026?

Generally Safe

Score 99/100

Easy 3D Viewer has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 2, 2025Updated 1mo ago

Risk Assessment

The "woo-3d-viewer" plugin v1.8.7 presents a mixed security posture. While the majority of output is properly escaped and there are no critical or high severity taint flows, several areas warrant concern. The presence of one unprotected AJAX handler significantly increases the attack surface, as it can be triggered without authentication. Furthermore, the plugin exclusively uses raw SQL queries without prepared statements, which is a major security risk. The vulnerability history indicates a past medium severity Cross-Site Scripting (XSS) vulnerability, suggesting a pattern of input sanitization issues that could re-emerge if not carefully addressed.

Although the plugin shows strengths in output escaping and a lack of bundled libraries, the unprotected AJAX endpoint, raw SQL queries, and past XSS vulnerability are significant risks. The plugin needs to implement proper authentication and authorization checks on its AJAX handler and adopt prepared statements for all SQL queries to mitigate these vulnerabilities and improve its overall security. The medium severity XSS vulnerability, even if patched, highlights a potential weakness in how user-supplied data is handled.

Key Concerns

Unprotected AJAX handler
SQL queries not using prepared statements
Past medium severity XSS vulnerability

Vulnerabilities

Easy 3D Viewer Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-2540medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library

Jul 2, 2025 Patched in 1.8.6.7 (160d)

Code Analysis

Analyzed Mar 16, 2026

Easy 3D Viewer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

490 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

94% escaped523 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths

woo3dv_meta_box_output (includes\woo3dv-admin.php:390)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Easy 3D Viewer Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_woo3dv_handle_zipwoo-3d-viewer.php:34

Shortcodes 1

[woo3dviewer] includes\woo3dv-functions.php:1137

WordPress Hooks 27

actionadmin_menuincludes\woo3dv-admin.php:15

actionadd_meta_boxesincludes\woo3dv-admin.php:385

actionplugins_loadedincludes\woo3dv-functions.php:146

actionadmin_initincludes\woo3dv-functions.php:461

actionsave_postincludes\woo3dv-functions.php:525

actionwoocommerce_variation_optionsincludes\woo3dv-functions.php:539

actionwoocommerce_save_product_variationincludes\woo3dv-functions.php:651

actionwoocommerce_process_product_metaincludes\woo3dv-functions.php:678

filterupload_mimesincludes\woo3dv-functions.php:1064

filterwp_check_filetype_and_extincludes\woo3dv-functions.php:1076

actionadmin_enqueue_scriptsincludes\woo3dv-functions.php:1103

filterwoocommerce_single_product_image_htmlincludes\woo3dv-functions.php:1352

filterwc_get_templateincludes\woo3dv-functions.php:1632

filterwoocommerce_locate_templateincludes\woo3dv-functions.php:1644

actionwoocommerce_before_add_to_cart_buttonincludes\woo3dv-functions.php:1720

filterwoocommerce_add_cart_item_dataincludes\woo3dv-functions.php:1725

filterwoocommerce_cart_item_permalinkincludes\woo3dv-functions.php:1749

filterwoocommerce_cart_item_thumbnailincludes\woo3dv-functions.php:1781

filterwoocommerce_admin_order_item_thumbnailincludes\woo3dv-functions.php:1791

actionwoocommerce_add_order_item_metaincludes\woo3dv-functions.php:1807

filterwoocommerce_order_item_get_formatted_meta_dataincludes\woo3dv-functions.php:1809

actionadmin_noticesincludes\woo3dv-functions.php:1912

actionadmin_noticesincludes\woo3dv-functions.php:1937

actionbefore_woocommerce_initwoo-3d-viewer.php:23

actionadmin_enqueue_scriptswoo-3d-viewer.php:32

actionwp_enqueue_scriptswoo-3d-viewer.php:38

actioninitwoo-3d-viewer.php:45

Maintenance & Trust

Easy 3D Viewer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 4, 2026

PHP min version

Downloads43K

Community Trust

Rating82/100

Number of ratings12

Active installs1K

Alternatives

Easy 3D Viewer Alternatives

Kento 3D Model Viewer

kento-3d-model-viewer

Display 3D model on wordPress page, post, or custom page, 3D model rotate, zooming enabled.

100 No CVEs

Press3D

press3d

Display interactive 3D models (STL, OBJ, GLB, GLTF) with Gutenberg blocks and shortcodes.

10 1 unpatched

3D Viewer – Display Interactive 3D Models

3d-viewer

100

3D Viewer lets you embed interactive 3D models and 360 product views on WordPress sites with support for GLB, GLTF, OBJ, STL, FBX, DAE, and BIM.

10K No CVEs

3D Viewer Block – Interactive 3D Model Display

3d-viewer-block

100

Embed 3D models. Display interactive 3D models within a few clicks using the Gutenberg Editor.

900 No CVEs

3D viewer by Visody

visody-3d-product-viewer

100

Easily add beautiful, fully-customizable 3D viewers to your WooCommerce product galleries and WordPress pages! AR capabilies included.

900 No CVEs

Developer Profile

Easy 3D Viewer Developer Profile

fuzzoid

2 plugins · 2K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

133 days

View full developer profile

Detection Fingerprints

How We Detect Easy 3D Viewer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woo-3d-viewer/js/viewer.js/wp-content/plugins/woo-3d-viewer/js/jquery.mousewheel.min.js/wp-content/plugins/woo-3d-viewer/js/dat.gui.min.js/wp-content/plugins/woo-3d-viewer/js/Three.js/wp-content/plugins/woo-3d-viewer/js/TrackballControls.js/wp-content/plugins/woo-3d-viewer/js/DeviceOrientationControls.js/wp-content/plugins/woo-3d-viewer/js/OrbitControls.js/wp-content/plugins/woo-3d-viewer/css/style.css+1 more

Script Paths

Version Parameters

woo-3d-viewer/js/viewer.js?ver=woo-3d-viewer/js/jquery.mousewheel.min.js?ver=woo-3d-viewer/js/dat.gui.min.js?ver=woo-3d-viewer/js/Three.js?ver=woo-3d-viewer/js/TrackballControls.js?ver=woo-3d-viewer/js/DeviceOrientationControls.js?ver=woo-3d-viewer/js/OrbitControls.js?ver=woo-3d-viewer/css/style.css?ver=woo-3d-viewer/css/theme.css?ver=

HTML / DOM Fingerprints

CSS Classes

woo3dv_wrapperwoo3dv_canvaswoo3dv_upload_button

HTML Comments

Data Attributes

data-model-urldata-display-modedata-display-mode-mobiledata-canvas-widthdata-canvas-heightdata-canvas-border+37 more

JS Globals

woo3dv_viewer_settingswoo3dv_admin_ajax_url

REST Endpoints

/wp-json/woo3dv/v1/upload_image

Shortcode Output

[woo3d_viewer

FAQ