WP-Safety

Castio.live – WordPress Live Streaming (HLS) + Real‑Time Chat Security & Risk Analysis

wordpress.org/plugins/castio-live

WordPress live streaming via browser-based HLS. Go live from the admin—no OBS, no RTMP, no external services. Auto viewer page with HLS player and bui …

20 active installs v1.1.0 PHP 7.3+ WP 6.2+ Updated Feb 25, 2026
hlslive-streaminglive-videolivestreamvideo-player
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Castio.live – WordPress Live Streaming (HLS) + Real‑Time Chat Safe to Use in 2026?

Generally Safe

Score 100/100

Castio.live – WordPress Live Streaming (HLS) + Real‑Time Chat has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The castio-live plugin v1.1.0 demonstrates a generally good security posture based on the provided static analysis. A significant number of entry points (30) are present, but all are reported as protected by authentication checks, which is a strong positive indicator. The plugin also adheres to secure coding practices by utilizing prepared statements for all SQL queries, a healthy 83% of output is properly escaped, and a substantial number of capability checks are implemented. The absence of known CVEs and a clean vulnerability history further contribute to a positive security assessment.

Key Concerns

  • Flows with unsanitized paths
  • Unescaped output
Vulnerabilities
None known

Castio.live – WordPress Live Streaming (HLS) + Real‑Time Chat Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Castio.live – WordPress Live Streaming (HLS) + Real‑Time Chat Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
6 prepared
Unescaped Output
72
354 escaped
Nonce Checks
10
Capability Checks
31
File Operations
3
External Requests
7
Bundled Libraries
0

SQL Query Safety

100% prepared6 total queries

Output Escaping

83% escaped426 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

8 flows4 with unsanitized paths
filter_stream_post_content (castio-live.php:1862)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Castio.live – WordPress Live Streaming (HLS) + Real‑Time Chat Attack Surface

Entry Points30
Unprotected0

AJAX Handlers 22

authwp_ajax_castio_create_streamcastio-live.php:259
authwp_ajax_castio_create_streamcastio-live.php:260
authwp_ajax_castio_create_viewer_pagecastio-live.php:261
authwp_ajax_castio_create_viewer_pagecastio-live.php:262
authwp_ajax_castio_rename_streamcastio-live.php:263
authwp_ajax_castio_rename_streamcastio-live.php:264
authwp_ajax_castio_rec_renamecastio-live.php:265
authwp_ajax_castio_rec_renamecastio-live.php:266
authwp_ajax_castio_save_accesscastio-live.php:267
authwp_ajax_castio_save_accesscastio-live.php:268
authwp_ajax_castio_get_accesscastio-live.php:269
authwp_ajax_castio_get_accesscastio-live.php:270
authwp_ajax_castio_save_descriptioncastio-live.php:271
authwp_ajax_castio_save_descriptioncastio-live.php:272
authwp_ajax_castio_get_descriptioncastio-live.php:273
authwp_ajax_castio_get_descriptioncastio-live.php:274
authwp_ajax_castio_list_userscastio-live.php:276
authwp_ajax_castio_list_userscastio-live.php:277
authwp_ajax_castio_send_invite_previewcastio-live.php:278
authwp_ajax_castio_send_invite_previewcastio-live.php:279
authwp_ajax_castio_send_invitescastio-live.php:280
authwp_ajax_castio_send_invitescastio-live.php:281

Shortcodes 8

[castio_viewer] castio-live.php:294
[castio_streams] castio-live.php:295
[castio_my_videos] castio-live.php:296
[castio_live] castio-live.php:297
[castio_viewer] castio-live.php:299
[castio_streams] castio-live.php:300
[castio_my_videos] castio-live.php:301
[castio_live] castio-live.php:302
WordPress Hooks 17
actioninitcastio-live.php:252
actionadmin_menucastio-live.php:255
actionadmin_enqueue_scriptscastio-live.php:256
actionwp_enqueue_scriptscastio-live.php:257
actionadmin_post_castio_delete_recordingcastio-live.php:282
actionadmin_post_castio_bulk_deletecastio-live.php:283
actionrest_api_initcastio-live.php:285
actiontemplate_redirectcastio-live.php:286
filterthe_contentcastio-live.php:289
actionbefore_delete_postcastio-live.php:291
actionwp_trash_postcastio-live.php:292
actionadmin_noticescastio-live.php:309
actionadmin_noticescastio-live.php:311
actionadmin_initcastio-live.php:315
actioninitcastio-live.php:317
actionwp_enqueue_scriptscastio-live.php:1908
filterscript_loader_tagcastio-live.php:3552
Maintenance & Trust

Castio.live – WordPress Live Streaming (HLS) + Real‑Time Chat Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 25, 2026
PHP min version7.3
Downloads232

Community Trust

Rating100/100
Number of ratings2
Active installs20
Alternatives

Castio.live – WordPress Live Streaming (HLS) + Real‑Time Chat Alternatives

ZW Player Video Embed

ZW Player Video Embed

zw-player-video-embed

A
100

Professional HTML5 video player supporting HLS, DASH, FLV, MP4, local file with screenshot, recording, PIP and live streaming features.

0 No CVEs
WpStream – Live Streaming, Video on Demand, Pay Per View

WpStream – Live Streaming, Video on Demand, Pay Per View

wpstream

A
95

WpStream is a Video Streaming Plugin that lets you broadcast live events and helps you sell tickets or recordings via WooCommerce.

4K 4 CVEs
PlayerJS

PlayerJS

playerjs

C
69

The official plugin for PlayerJS.com - video & audio player builder. Make an awesome player for your website for free.

1K 1 unpatched
HLS Player

HLS Player

hls-player

A
91

HLS Player is a lightweight HTTP Live Streaming player for WordPress, using video.js for easy embedding HLS videos into posts and pages.

600 1 CVE
SaleAssist Live Video Engagements

SaleAssist Live Video Engagements

saleassist

A
85

The best Live Video Engagement solution for your website. The most trusted Live Video solution for WordPress and WooCommerce.

0 No CVEs
Developer Profile

Castio.live – WordPress Live Streaming (HLS) + Real‑Time Chat Developer Profile

proxymis

5 plugins · 150 total installs

71
trust score
Avg Security Score
89/100
Avg Patch Time
359 days
View full developer profile
Detection Fingerprints

How We Detect Castio.live – WordPress Live Streaming (HLS) + Real‑Time Chat

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/castio-live/assets/dist/css/castio-live.css/wp-content/plugins/castio-live/assets/dist/js/castio-live.js/wp-content/plugins/castio-live/assets/dist/js/castio-player.js/wp-content/plugins/castio-live/assets/dist/js/castio-chat.js
Script Paths
/wp-content/plugins/castio-live/assets/dist/js/castio-live.js/wp-content/plugins/castio-live/assets/dist/js/castio-player.js/wp-content/plugins/castio-live/assets/dist/js/castio-chat.js
Version Parameters
castio-live/assets/dist/css/castio-live.css?ver=castio-live/assets/dist/js/castio-live.js?ver=castio-live/assets/dist/js/castio-player.js?ver=castio-live/assets/dist/js/castio-chat.js?ver=

HTML / DOM Fingerprints

CSS Classes
castio-live-chat-widgetcastio-live-playercastio-live-chat-formcastio-live-stream-embed
HTML Comments
Castio.live Live StreamingCastio.live PlayerCastio.live Chat
Data Attributes
data-castio-stream-iddata-castio-player-iddata-castio-chat-id
JS Globals
CastioLiveCastioPlayerCastioChat
REST Endpoints
/wp-json/castio-live/v1/stream/wp-json/castio-live/v1/chat/wp-json/castio-live/v1/purchase
Shortcode Output
[castio_live_stream][castio_live_chat]
FAQ

Frequently Asked Questions about Castio.live – WordPress Live Streaming (HLS) + Real‑Time Chat