WP-Safety

Audio/Video Bonus Pack Security & Risk Analysis

wordpress.org/plugins/audio-video-bonus-pack

Audio/Video extras not found in WordPress core.

10 active installs v0.1 PHP + WP 3.9+ Updated Mar 10, 2015
audiomediavideo
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Audio/Video Bonus Pack Safe to Use in 2026?

Generally Safe

Score 85/100

Audio/Video Bonus Pack has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "audio-video-bonus-pack" plugin version 0.1 exhibits significant security concerns primarily due to its unprotected entry points and the presence of dangerous functions. The static analysis reveals three AJAX handlers, all lacking authentication checks, creating a substantial attack surface that could be exploited by unauthenticated users. Furthermore, the use of the `exec` function is a critical red flag, as it allows for arbitrary command execution on the server if not handled with extreme care and robust sanitization, which is not evident from the provided data.

While the plugin demonstrates good practices in SQL query handling (100% prepared statements) and does not appear to have any known past vulnerabilities, these strengths are heavily overshadowed by the identified risks. The taint analysis did not reveal critical or high-severity issues, but the single unsanitized path flow warrants attention, especially in conjunction with the exposed AJAX endpoints and the `exec` function. The limited number of known CVEs and the absence of historical vulnerabilities are positive indicators, suggesting the developer might be responsive to security issues, but the current version's posture is weak and requires immediate attention to secure its exposed functionalities.

Key Concerns

  • Unprotected AJAX handlers
  • Use of dangerous 'exec' function
  • Flow with unsanitized paths
  • Unescaped output
Vulnerabilities
None known

Audio/Video Bonus Pack Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Audio/Video Bonus Pack Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
5
5 escaped
Nonce Checks
1
Capability Checks
1
File Operations
2
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

execexec( "which ffmpeg", $exec_ffmpeg );audio-video-bonus-pack.php:128
execexec( "which ffprobe", $exec_ffprobe );audio-video-bonus-pack.php:132

Output Escaping

50% escaped10 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
soundcloud_register_key (features\soundcloud\soundcloud.php:213)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Audio/Video Bonus Pack Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_soundcloud-save-assetfeatures\soundcloud\soundcloud.php:22
authwp_ajax_soundcloud-register-keyfeatures\soundcloud\soundcloud.php:23
authwp_ajax_av-read-queuefeatures\transcoding\transcoding.php:46
WordPress Hooks 13
actionadmin_initaudio-video-bonus-pack.php:57
actionactivated_pluginaudio-video-bonus-pack.php:137
actionmedia_buttonsfeatures\soundcloud\soundcloud.php:18
actionload-post.phpfeatures\soundcloud\soundcloud.php:19
actionload-post-new.phpfeatures\soundcloud\soundcloud.php:20
actionprint_media_templatesfeatures\soundcloud\soundcloud.php:235
actioninitfeatures\transcoding\transcoding.php:23
actionadmin_initfeatures\transcoding\transcoding.php:24
actiondelete_postfeatures\transcoding\transcoding.php:25
actionadmin_noticesfeatures\transcoding\transcoding.php:31
filterwp_generate_attachment_metadatafeatures\transcoding\transcoding.php:35
actionadmin_footerfeatures\transcoding\transcoding.php:48
actionadmin_noticesfeatures\transcoding\transcoding.php:51
Maintenance & Trust

Audio/Video Bonus Pack Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42
Last updatedMar 10, 2015
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Audio/Video Bonus Pack Alternatives

Mixed Media Gallery Blocks

Mixed Media Gallery Blocks

simply-gallery-block

A
92

Create mixed media galleries with images, HTML5 video, YouTube, Vimeo, and VideoPress — all in one gallery by Simply Gallery.

40K 7 CVEs
Lean Player – Video and Audio Player for WordPress, Elementor, Block Editor and Classic Editor

Lean Player – Video and Audio Player for WordPress, Elementor, Block Editor and Classic Editor

az-video-and-audio-player-addon-for-elementor

A
100

WordPress Video Player & Audio Player plugin - simple, lightweight and customizable HTML5, YouTube, Vimeo & mp3 media player that supports all devices

3K No CVEs
GamiPress – Multimedia Content

GamiPress – Multimedia Content

gamipress-multimedia-content

A
100

Add activity triggers based on multimedia content creation and interaction

500 No CVEs
Able Player, accessible HTML5 media player

Able Player, accessible HTML5 media player

ableplayer

A
98

Accessible HTML5 media player

300 2 CVEs
Correct Audio/Video Uploads

Correct Audio/Video Uploads

correct-audio-video-uploads

A
85

Restores the ability to upload audio & video files in recent minor WordPress updates.

30 No CVEs
Developer Profile

Audio/Video Bonus Pack Developer Profile

Scott Taylor

8 plugins · 210 total installs

85
trust score
Avg Security Score
87/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Audio/Video Bonus Pack

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/audio-video-bonus-pack/features/transcoding/css/transcoding.css/wp-content/plugins/audio-video-bonus-pack/features/soundcloud/css/soundcloud.css/wp-content/plugins/audio-video-bonus-pack/features/soundcloud/js/soundcloud.js
Script Paths
/wp-content/plugins/audio-video-bonus-pack/features/transcoding/js/transcoding.js/wp-content/plugins/audio-video-bonus-pack/features/soundcloud/js/soundcloud.js
Version Parameters
audio-video-bonus-pack/style.css?ver=audio-video-bonus-pack/features/transcoding/css/transcoding.css?ver=audio-video-bonus-pack/features/soundcloud/css/soundcloud.css?ver=audio-video-bonus-pack/features/transcoding/js/transcoding.js?ver=audio-video-bonus-pack/features/soundcloud/js/soundcloud.js?ver=

HTML / DOM Fingerprints

CSS Classes
av-settings-section
HTML Comments
<!-- 248c57e7f54fb15812a11f34afd88c92 -->
Data Attributes
name="av_transcoding_enabled"name="av_soundcloud_manager_enabled"
REST Endpoints
/wp-json/audio-video-bonus-pack/v1/settings
FAQ

Frequently Asked Questions about Audio/Video Bonus Pack