Does Chromeless YouTube have any unpatched vulnerabilities?

No. All known vulnerabilities in Chromeless YouTube have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Chromeless YouTube compatible with WordPress 3.0.5?

According to WordPress.org data, Chromeless YouTube 1.01 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is Chromeless YouTube updated?

Chromeless YouTube was last updated on Aug 20, 2010. Frequent updates are generally a positive security signal.

What is Chromeless YouTube's security score?

Chromeless YouTube has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Chromeless YouTube Security & Risk Analysis

wordpress.org/plugins/chromeless-youtube

This chromeless YouTube player enables you to easily display videos on your site. Each player instance displays a different video and can be resized.

20 active installs v1.01 PHP + WP 2.8+ Updated Aug 20, 2010

chromelessvideovideo-playeryoutubeyoutube-player

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Chromeless YouTube Safe to Use in 2026?

Generally Safe

Score 85/100

Chromeless YouTube has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The "chromeless-youtube" v1.01 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and has no recorded vulnerability history, suggesting a generally stable codebase. It also has a very small attack surface with only one entry point and no known CVEs. However, significant concerns arise from the static analysis. The use of the `create_function` function is a critical red flag, as it can lead to arbitrary code execution if not handled with extreme care. Furthermore, a substantial portion of its output (85%) is not properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The lack of nonce checks and capability checks on its single entry point (the shortcode) is also a significant oversight, potentially allowing unauthorized actions or information disclosure if the shortcode can be exploited.

Key Concerns

Use of dangerous function create_function
High percentage of unescaped output (XSS risk)
Missing nonce checks on entry points
Missing capability checks on entry points

Vulnerabilities

None known

Chromeless YouTube Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Chromeless YouTube Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("Chromeless");'));chromeless.php:212

Output Escaping

15% escaped39 total outputs

Attack Surface

Chromeless YouTube Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[chromeless] chromeless.php:213

WordPress Hooks 1

actionwidgets_initchromeless.php:212

Maintenance & Trust

Chromeless YouTube Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedAug 20, 2010

PHP min version

Downloads10K

Community Trust

Rating60/100

Number of ratings1

Active installs20

Alternatives

Chromeless YouTube Alternatives

Gosign – Youtube Video Player Block

gosign-youtube-video-player-block

Fügen Sie einmal einen Youtube-Videoplayerblock mit benutzerdefiniertem Splash-Bild anstelle des Youtube-Standards hinzu und können Sie auch Optionen …

40 No CVEs

Video Player Pro

video-player-pro

Change all site videos with one click - Has YouTube skin - Create unlimited playlists - Subtitle Support (SRT) - Multi Quality Support - Video Element …

10 No CVEs

AutoCraft Player

autocraft-player

100

AutoCraft Player: The Ultimate Customizable Audio & Video Experience for WordPress

0 No CVEs

All-in-One Video Gallery

all-in-one-video-gallery

The ultimate video player & video gallery plugin for YouTubers, Video Bloggers, Course Creators, Podcasters, and anyone embedding videos on websites.

20K 11 CVEs

Wonder Video Embed

wonderplugin-video-embed

Embed MP4, Youtube, Vimeo, Wistia videos to the sidebar widget, WordPress posts and pages.

5K 2 CVEs

Developer Profile

Chromeless YouTube Developer Profile

Adam Nowak

5 plugins · 70 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Chromeless YouTube

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/chromeless-youtube/chromeless.swf

HTML / DOM Fingerprints

CSS Classes

widget_chromeless

HTML Comments

Title Input FieldVideo Source Input FieldSource Width Input FieldSource Height Input Field+2 more

Data Attributes

dataflashVarsqualitywmodeswfversionexpressinstall+1 more

Shortcode Output

[chromeless id=width=height=autoplay=

FAQ