WP-Safety

Castio.live – Live Streaming Plugin for WordPress (HLS) + Real-Time Chat Security & Risk Analysis

wordpress.org/plugins/castio-live

Live streaming plugin for WordPress with HLS, real-time chat, PayPal & Stripe paywall, and Gutenberg blocks. No OBS, no RTMP.

30 active installs v1.2.0 PHP 7.3+ WP 6.2+ Updated Mar 30, 2026
hls-streaminglive-chatlive-streamingvideo-streamingwordpress-live-streaming
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Castio.live – Live Streaming Plugin for WordPress (HLS) + Real-Time Chat Safe to Use in 2026?

Generally Safe

Score 100/100

Castio.live – Live Streaming Plugin for WordPress (HLS) + Real-Time Chat has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The castio-live plugin v1.1.0 demonstrates a generally good security posture based on the provided static analysis. A significant number of entry points (30) are present, but all are reported as protected by authentication checks, which is a strong positive indicator. The plugin also adheres to secure coding practices by utilizing prepared statements for all SQL queries, a healthy 83% of output is properly escaped, and a substantial number of capability checks are implemented. The absence of known CVEs and a clean vulnerability history further contribute to a positive security assessment.

Key Concerns

  • Flows with unsanitized paths
  • Unescaped output
Vulnerabilities
None known

Castio.live – Live Streaming Plugin for WordPress (HLS) + Real-Time Chat Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Castio.live – Live Streaming Plugin for WordPress (HLS) + Real-Time Chat Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Castio.live – Live Streaming Plugin for WordPress (HLS) + Real-Time Chat Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
6 prepared
Unescaped Output
72
354 escaped
Nonce Checks
10
Capability Checks
31
File Operations
3
External Requests
7
Bundled Libraries
0

SQL Query Safety

100% prepared6 total queries

Output Escaping

83% escaped426 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

8 flows4 with unsanitized paths
filter_stream_post_content (castio-live.php:1862)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Castio.live – Live Streaming Plugin for WordPress (HLS) + Real-Time Chat Attack Surface

Entry Points30
Unprotected0

AJAX Handlers 22

authwp_ajax_castio_create_streamcastio-live.php:259
authwp_ajax_castio_create_streamcastio-live.php:260
authwp_ajax_castio_create_viewer_pagecastio-live.php:261
authwp_ajax_castio_create_viewer_pagecastio-live.php:262
authwp_ajax_castio_rename_streamcastio-live.php:263
authwp_ajax_castio_rename_streamcastio-live.php:264
authwp_ajax_castio_rec_renamecastio-live.php:265
authwp_ajax_castio_rec_renamecastio-live.php:266
authwp_ajax_castio_save_accesscastio-live.php:267
authwp_ajax_castio_save_accesscastio-live.php:268
authwp_ajax_castio_get_accesscastio-live.php:269
authwp_ajax_castio_get_accesscastio-live.php:270
authwp_ajax_castio_save_descriptioncastio-live.php:271
authwp_ajax_castio_save_descriptioncastio-live.php:272
authwp_ajax_castio_get_descriptioncastio-live.php:273
authwp_ajax_castio_get_descriptioncastio-live.php:274
authwp_ajax_castio_list_userscastio-live.php:276
authwp_ajax_castio_list_userscastio-live.php:277
authwp_ajax_castio_send_invite_previewcastio-live.php:278
authwp_ajax_castio_send_invite_previewcastio-live.php:279
authwp_ajax_castio_send_invitescastio-live.php:280
authwp_ajax_castio_send_invitescastio-live.php:281

Shortcodes 8

[castio_viewer] castio-live.php:294
[castio_streams] castio-live.php:295
[castio_my_videos] castio-live.php:296
[castio_live] castio-live.php:297
[castio_viewer] castio-live.php:299
[castio_streams] castio-live.php:300
[castio_my_videos] castio-live.php:301
[castio_live] castio-live.php:302
WordPress Hooks 17
actioninitcastio-live.php:252
actionadmin_menucastio-live.php:255
actionadmin_enqueue_scriptscastio-live.php:256
actionwp_enqueue_scriptscastio-live.php:257
actionadmin_post_castio_delete_recordingcastio-live.php:282
actionadmin_post_castio_bulk_deletecastio-live.php:283
actionrest_api_initcastio-live.php:285
actiontemplate_redirectcastio-live.php:286
filterthe_contentcastio-live.php:289
actionbefore_delete_postcastio-live.php:291
actionwp_trash_postcastio-live.php:292
actionadmin_noticescastio-live.php:309
actionadmin_noticescastio-live.php:311
actionadmin_initcastio-live.php:315
actioninitcastio-live.php:317
actionwp_enqueue_scriptscastio-live.php:1908
filterscript_loader_tagcastio-live.php:3552
Maintenance & Trust

Castio.live – Live Streaming Plugin for WordPress (HLS) + Real-Time Chat Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 30, 2026
PHP min version7.3
Downloads422

Community Trust

Rating100/100
Number of ratings2
Active installs30
Alternatives

Castio.live – Live Streaming Plugin for WordPress (HLS) + Real-Time Chat Alternatives

WpStream – Live Streaming, Video on Demand, Pay Per View

WpStream – Live Streaming, Video on Demand, Pay Per View

wpstream

A
92

WpStream is a Video Streaming Plugin that lets you broadcast live events and helps you sell tickets or recordings via WooCommerce.

4K 6 CVEs
Cam Site Builder

Cam Site Builder

cam-site-builder

A
85

With Cam Site Builder plugin you can easily add live webcams section into your website.

10 No CVEs
Instant Indexing for Google

Instant Indexing for Google

fast-indexing-api

A
100

A very efficient yet simple plugin to take care of your indexing woos and helps get your content crawled by search bots instantly.

200K No CVEs
HubSpot All-In-One Marketing – Forms, Popups, Live Chat

HubSpot All-In-One Marketing – Forms, Popups, Live Chat

leadin

A
95

The CRM, Sales, and Marketing WordPress plugin to grow your business better. Capture and engage web visitors with free live chat, forms, CRM, email ma …

200K 3 CVEs
Tawk.To Live Chat

Tawk.To Live Chat

tawkto-live-chat

A
99

(OFFICIAL tawk.to plugin) Instantly chat with visitors on your website with the free tawk.to chat widget. Website: http://tawk.to

100K 1 CVE
Developer Profile

Castio.live – Live Streaming Plugin for WordPress (HLS) + Real-Time Chat Developer Profile

proxymis

6 plugins · 150 total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
359 days
View full developer profile
Detection Fingerprints

How We Detect Castio.live – Live Streaming Plugin for WordPress (HLS) + Real-Time Chat

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/castio-live/assets/dist/css/castio-live.css/wp-content/plugins/castio-live/assets/dist/js/castio-live.js/wp-content/plugins/castio-live/assets/dist/js/castio-player.js/wp-content/plugins/castio-live/assets/dist/js/castio-chat.js
Script Paths
/wp-content/plugins/castio-live/assets/dist/js/castio-live.js/wp-content/plugins/castio-live/assets/dist/js/castio-player.js/wp-content/plugins/castio-live/assets/dist/js/castio-chat.js
Version Parameters
castio-live/assets/dist/css/castio-live.css?ver=castio-live/assets/dist/js/castio-live.js?ver=castio-live/assets/dist/js/castio-player.js?ver=castio-live/assets/dist/js/castio-chat.js?ver=

HTML / DOM Fingerprints

CSS Classes
castio-live-chat-widgetcastio-live-playercastio-live-chat-formcastio-live-stream-embed
HTML Comments
Castio.live Live StreamingCastio.live PlayerCastio.live Chat
Data Attributes
data-castio-stream-iddata-castio-player-iddata-castio-chat-id
JS Globals
CastioLiveCastioPlayerCastioChat
REST Endpoints
/wp-json/castio-live/v1/stream/wp-json/castio-live/v1/chat/wp-json/castio-live/v1/purchase
Shortcode Output
[castio_live_stream][castio_live_chat]
FAQ

Frequently Asked Questions about Castio.live – Live Streaming Plugin for WordPress (HLS) + Real-Time Chat