WP Virtual Tour Security & Risk Analysis
wordpress.org/plugins/wp-virtualtourEasily create interactive virtual 360° tours.
Is WP Virtual Tour Safe to Use in 2026?
Generally Safe
Score 85/100WP Virtual Tour has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The wp-virtualtour plugin v1.0.12 exhibits a mixed security posture. On the positive side, it demonstrates good practices by not using dangerous functions, performing all SQL queries with prepared statements, and avoiding external HTTP requests or file operations. The absence of any recorded vulnerabilities in its history is also a strong indicator of a generally well-maintained codebase. However, significant concerns arise from the static analysis. The presence of an unprotected AJAX handler represents a direct entry point that could be exploited without proper authentication. Furthermore, the taint analysis reveals two flows with unsanitized paths, indicating potential for vulnerabilities even though they are not classified as critical or high. The lack of nonce checks and capability checks on its entry points, especially the AJAX handler, exacerbates these risks. While the vulnerability history is clean, the identified code-level weaknesses, particularly the unprotected AJAX handler and unsanitized taint flows, present tangible risks that should be addressed.
Key Concerns
- Unprotected AJAX handler
- Flows with unsanitized paths
- Missing nonce checks
- Missing capability checks
- Low output escaping rate (57%)
WP Virtual Tour Security Vulnerabilities
WP Virtual Tour Release Timeline
WP Virtual Tour Code Analysis
Output Escaping
Data Flow Analysis
WP Virtual Tour Attack Surface
AJAX Handlers 1
Shortcodes 1
WordPress Hooks 9
Maintenance & Trust
WP Virtual Tour Maintenance & Trust
Maintenance Signals
Community Trust
WP Virtual Tour Alternatives
WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress
wpvr
Create stunning 360 virtual tours to impress visitors and get more clients using WPVR - the easiest virtual tour creator in WordPress.
iPanorama 360 – Advanced Virtual Tour Builder
ipanorama-360-virtual-tour-builder-lite
Let's create virtual tours for your site that empowers your visitors and clients!!! Build a live tour in just a few steps.
Garden Gnome Package
garden-gnome-package
Display panoramas, virtual tours or object movies created with Pano2VR and Object2VR.
Panorama – 360 Virtual Tour, Panoramic image viewer and More
panorama
Panorama Viewer displays panoramic images/videos easily on your WordPress site. Supports various files like .png, .jpeg, .mp4, and more.
Photo Sphere Viewer – 360° Panorama, Virtual Tour & 360 Video for WordPress
photo-sphere-viewer
Display 360° panoramas, virtual tours & 360 videos on WordPress with Elementor, Gutenberg, or shortcodes. No coding needed.
WP Virtual Tour Developer Profile
1 plugin · 50 total installs
How We Detect WP Virtual Tour
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-virtualtour/admin/block/build/index.js/wp-content/plugins/wp-virtualtour/public/css/pannellum@2.5.6.css/wp-content/plugins/wp-virtualtour/public/js/pannellum@2.5.6.js/wp-content/plugins/wp-virtualtour/admin/vue-app/dist/style.css/wp-content/plugins/wp-virtualtour/admin/assets/block-editor.css/wp-content/plugins/wp-virtualtour/admin/vue-app/dist/main.js/wp-content/plugins/wp-virtualtour/admin/block/build/index.js/wp-content/plugins/wp-virtualtour/public/js/pannellum@2.5.6.js/wp-content/plugins/wp-virtualtour/admin/vue-app/dist/main.jswp-virtualtour/admin/block/build/index.js?ver=wp-virtualtour/public/css/pannellum@2.5.6.css?ver=wp-virtualtour/public/js/pannellum@2.5.6.js?ver=wp-virtualtour/admin/vue-app/dist/style.css?ver=wp-virtualtour/admin/assets/block-editor.css?ver=wp-virtualtour/admin/vue-app/dist/main.js?ver=HTML / DOM Fingerprints
wpvtTourwrapwpvtAppid="wpvtTour"id="wpvtApp"wp_virtualtourwindow.wp_virtualtour