Does Advanced YouTube Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in Advanced YouTube Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Advanced YouTube Widget compatible with WordPress 2.8.4?

According to WordPress.org data, Advanced YouTube Widget 1.0.5 has been tested up to WordPress 2.8.4. Check the plugin's changelog for the latest compatibility information.

How often is Advanced YouTube Widget updated?

Advanced YouTube Widget was last updated on Sep 20, 2009. Frequent updates are generally a positive security signal.

What is Advanced YouTube Widget's security score?

Advanced YouTube Widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Advanced YouTube Widget Security & Risk Analysis

wordpress.org/plugins/advanced-youtube-widget

Widget that will enable visitors to give you/the site a virtual beer by clicking on the widget.

10 active installs v1.0.5 PHP + WP 2.8+ Updated Sep 20, 2009

imagessearchwidgetyoutube

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Advanced YouTube Widget Safe to Use in 2026?

Generally Safe

Score 85/100

Advanced YouTube Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago

Risk Assessment

The 'advanced-youtube-widget' plugin version 1.0.5 presents a mixed security posture. While the plugin has no recorded vulnerability history, indicating a potentially stable past, the static analysis reveals significant concerns. The presence of the 'unserialize' function is a critical risk, as it can lead to Remote Code Execution if vulnerable data is processed without proper sanitization. Furthermore, a concerning 100% of output is not properly escaped, which opens the door to Cross-Site Scripting (XSS) vulnerabilities where user-supplied data could be injected into the page.

The lack of any identified attack surface points like AJAX handlers, REST API routes, or shortcodes is a positive sign. However, this is overshadowed by the identified code signals. The complete absence of taint analysis results is likely due to the lack of complex data flows or entry points, but the fundamental risks from unserialize and unescaped output remain. The plugin also lacks nonce and capability checks on any potential entry points, further increasing the risk of unauthorized actions if such points were to exist.

Key Concerns

Dangerous function 'unserialize' used
0% output properly escaped (XSS risk)
No nonce checks found
No capability checks found

Vulnerabilities

None known

Advanced YouTube Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Advanced YouTube Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$xArrOptions = unserialize(get_option('advanced_youtube_widget_options'));advanced-youtube-widget.php:17

unserialize$xArrOptions = unserialize(get_option('advanced_youtube_widget_options'));advanced-youtube-widget.php:106

Output Escaping

0% escaped22 total outputs

Attack Surface

Advanced YouTube Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionplugins_loadedadvanced-youtube-widget.php:172

Maintenance & Trust

Advanced YouTube Widget Maintenance & Trust

Maintenance Signals

WordPress version tested2.8.4

Last updatedSep 20, 2009

PHP min version

Downloads10K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Advanced YouTube Widget Alternatives

Advanced Twitter Widget

advanced-twitter-widget

Widget that will enable visitors to give you/the site a virtual beer by clicking on the widget.

10 No CVEs

Post Country

post-country

This plug-in allows you to record a country against your posts.

10 No CVEs

Feeds for YouTube (YouTube video, channel, and gallery plugin)

feeds-for-youtube

The Feeds for YouTube plugin allows you to display customizable YouTube feeds from any YouTube channel.

100K 4 CVEs

Meks Easy Photo Feed Widget

meks-easy-instagram-widget

Easily display Instagram photos as a widget that looks good in (almost) any WordPress theme.

20K 1 CVE

Developer Profile

Advanced YouTube Widget Developer Profile

Ciprian Turcu

5 plugins · 80 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Advanced YouTube Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

/wp-content/plugins/advanced-youtube-widget/swfobject.js

HTML / DOM Fingerprints

CSS Classes

videostitlec

Data Attributes

id="playerContainer"id="player"id="videos2"

JS Globals

showMyVideos2

FAQ