Does WP W3D plugin have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP W3D plugin compatible with WordPress 3.7.41?

According to WordPress.org data, WP W3D plugin 0.1 has been tested up to WordPress 3.7.41. Check the plugin's changelog for the latest compatibility information.

How often is WP W3D plugin updated?

WP W3D plugin was last updated on Apr 1, 2014. Frequent updates are generally a positive security signal.

What is WP W3D plugin's security score?

WP W3D plugin has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP W3D plugin Security & Risk Analysis

wordpress.org/plugins/wp-w3d

WP W3D aims to help WP users or developers to add easily several UI elements to their website, including 3D components and complex animated layouts.

10 active installs v0.1 PHP + WP 3.5.1+ Updated Apr 1, 2014

3ddepthparallaxsliderw3d-project

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP W3D plugin Safe to Use in 2026?

Generally Safe

Score 85/100

WP W3D plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The wp-w3d plugin v0.1 presents a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and avoids external HTTP requests and file operations. The absence of known vulnerabilities and a clean taint analysis history are also encouraging signs. However, there are significant concerns regarding its attack surface and the handling of potentially dangerous functions.

The plugin exposes two AJAX handlers without authentication checks, creating a direct path for unauthenticated attackers to interact with the plugin's functionality. Furthermore, the presence of the `unserialize` function is a critical risk, especially when not paired with robust input validation and sanitization. While the taint analysis did not reveal any explicit unsanitized paths, the `unserialize` function itself is inherently dangerous and can lead to Remote Code Execution if used with user-supplied, untrusted data. The low percentage of properly escaped output (10%) also suggests a risk of Cross-Site Scripting (XSS) vulnerabilities.

Overall, while the plugin has a clean vulnerability history, the identified code signals and attack surface necessitate caution. The lack of authentication on AJAX endpoints and the use of `unserialize` are high-priority areas that require immediate attention to mitigate potential security risks.

Key Concerns

Unprotected AJAX handlers
Use of unserialize function
Low percentage of properly escaped output

Vulnerabilities

None known

WP W3D plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP W3D plugin Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

WP W3D plugin Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

192

22 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$datetime = unserialize( $meta );includes/metabox/helpers/cmb_Meta_Box_types.php:305

SQL Query Safety

100% prepared3 total queries

Output Escaping

10% escaped214 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<init> (includes/metabox/init.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

WP W3D plugin Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 2

authwp_ajax_cmb_oembed_handlerincludes/metabox/init.php:1125

noprivwp_ajax_cmb_oembed_handlerincludes/metabox/init.php:1126

Shortcodes 2

[w3dslider] public/class-wp-w3d.php:97

[responsive3dgrid] public/class-wp-w3d.php:98

WordPress Hooks 33

actionadmin_enqueue_scriptsadmin/class-wp-w3d-admin.php:66

actionadmin_enqueue_scriptsadmin/class-wp-w3d-admin.php:67

actionadmin_menuadmin/class-wp-w3d-admin.php:70

actionadmin_menuadmin/class-wp-w3d-admin.php:73

actionadmin_headadmin/class-wp-w3d-admin.php:74

filtercmb_meta_boxesadmin/class-wp-w3d-admin.php:88

filtercmb_meta_boxesincludes/metabox/example-functions.php:11

actioninitincludes/metabox/example-functions.php:350

filterget_post_metadataincludes/metabox/helpers/cmb_Meta_Box_ajax.php:112

filterupdate_post_metadataincludes/metabox/helpers/cmb_Meta_Box_ajax.php:114

filtercmb_show_onincludes/metabox/init.php:157

actionadmin_enqueue_scriptsincludes/metabox/init.php:161

actionadmin_menuincludes/metabox/init.php:164

actionadd_attachmentincludes/metabox/init.php:165

actionedit_attachmentincludes/metabox/init.php:166

actionsave_postincludes/metabox/init.php:167

actionadmin_enqueue_scriptsincludes/metabox/init.php:168

actionadmin_headincludes/metabox/init.php:171

actionshow_user_profileincludes/metabox/init.php:186

actionedit_user_profileincludes/metabox/init.php:187

actionpersonal_options_updateincludes/metabox/init.php:189

actionedit_user_profile_updateincludes/metabox/init.php:190

actionadmin_headincludes/metabox/init.php:193

actioninitpublic/class-wp-w3d.php:71

actionwpmu_new_blogpublic/class-wp-w3d.php:74

actionwp_enqueue_scriptspublic/class-wp-w3d.php:77

actioninitpublic/class-wp-w3d.php:79

actioninitpublic/class-wp-w3d.php:85

actioninitpublic/class-wp-w3d.php:86

filtermanage_edit-w3dslider_columnspublic/class-wp-w3d.php:88

actionmanage_posts_custom_columnpublic/class-wp-w3d.php:89

actionplugins_loadedwp-w3d.php:53

actionplugins_loadedwp-w3d.php:73

Maintenance & Trust

WP W3D plugin Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41

Last updatedApr 1, 2014

PHP min version

Downloads2K

Community Trust

Rating80/100

Number of ratings1

Active installs10

Alternatives

WP W3D plugin Alternatives

Cinematic 3D Parallax Touch Slider

cinematic

Responsive 3D Parallax Touch Slider. The most realistic mobile 3D layer photo animation in the market.

60 No CVEs

Hot Blocks

hot-blocks

100

A collection of several blocks for new WordPress editor (Gutenberg).

500 No CVEs

Carousel 3D Slider

carousel-3d-slider

100

Configure a Responsive 3D jQuery Carousel Slider and Insert it in any Page or Post as a Shortcode.

200 No CVEs

Cube 3D Slider

cube-3d-slider

100

Display cube 3D slider in your website.

100 No CVEs

Image Parallax

image-parallax

Create images with a parallax effect. Upload some layers, configure the animation, and publish !

100 No CVEs

Developer Profile

WP W3D plugin Developer Profile

wp-maverick

2 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP W3D plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-w3d/assets/css/admin.css/wp-content/plugins/wp-w3d/assets/css/edit-slider.css/wp-content/plugins/wp-w3d/assets/js/edit-slider.js

Script Paths

/wp-content/plugins/wp-w3d/assets/js/edit-slider.js

Version Parameters

wp-w3d-admin-styles?ver=wp-w3d-admin-edit-slider-styles?ver=wp-w3d-admin-edit-slider-script?ver=

HTML / DOM Fingerprints

CSS Classes

w3dslider

FAQ