CW Easy Video Player Security & Risk Analysis
wordpress.org/plugins/cw-easy-video-playerEasy way to include videos from the Easy Video Player to your posts and pages.
Is CW Easy Video Player Safe to Use in 2026?
Generally Safe
Score 85/100CW Easy Video Player has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "cw-easy-video-player" plugin v1.1 exhibits a generally strong security posture based on the provided static analysis. The absence of any identified entry points like AJAX handlers, REST API routes, or shortcodes significantly limits the potential attack surface. Furthermore, the code signals indicate good practices such as the absence of dangerous functions and the exclusive use of prepared statements for SQL queries. The lack of file operations and external HTTP requests also reduces common vulnerability vectors.
However, a notable concern is the very low percentage (33%) of properly escaped outputs, with 3 total outputs analyzed. This suggests that some user-supplied data might be rendered directly into the HTML without adequate sanitization, potentially leading to Cross-Site Scripting (XSS) vulnerabilities if user input reaches these unescaped outputs. The absence of nonce and capability checks, while less critical given the limited attack surface, is a missed opportunity for defense-in-depth.
The plugin's vulnerability history is clean, with no recorded CVEs. This, combined with the absence of taint analysis findings and the limited attack surface, suggests that the plugin has historically been maintained with security in mind or has not been a significant target. The overall security is good due to the limited attack surface and secure SQL practices, but the unescaped output is a specific area that requires attention to mitigate potential XSS risks.
Key Concerns
- Low percentage of properly escaped outputs
- No nonce checks
- No capability checks
CW Easy Video Player Security Vulnerabilities
CW Easy Video Player Release Timeline
CW Easy Video Player Code Analysis
Output Escaping
CW Easy Video Player Attack Surface
WordPress Hooks 2
Maintenance & Trust
CW Easy Video Player Maintenance & Trust
Maintenance Signals
Community Trust
CW Easy Video Player Alternatives
All-in-One Video Gallery
all-in-one-video-gallery
The ultimate video player & video gallery plugin for YouTubers, Video Bloggers, Course Creators, Podcasters, and anyone embedding videos on websites.
FV Flowplayer Video Player
fv-wordpress-flowplayer
WordPress's most reliable, easy to use and feature-rich video player. Supports responsive design, HTML5, playlists, ads, stats, Vimeo and YouTube.
HTML5 Video Player – Embed and Play Videos in Custom Player
html5-video-player
HTML5 Video Player Plugin lets you embed responsive videos in WordPress. It’s easy to use, fast, and supports MP4, WebM, OGG, FLV, Youtube and Vimeo.
Videopack
video-embed-thumbnail-generator
Makes video thumbnails, allows resolution switching, and embeds responsive self-hosted videos and galleries.
Jetpack VideoPress
jetpack-videopress
The finest video hosting for WordPress. Drag and drop videos through the WordPress editor and keep the focus on your content, not the ads.
CW Easy Video Player Developer Profile
3 plugins · 120 total installs
How We Detect CW Easy Video Player
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/cw-easy-video-player/languageshttp://evp.christian-wenzl.de/framework.phpHTML / DOM Fingerprints
evp-video-wrap<!-- CW Easy Video Player Plugin Begin --><!-- CW Easy Video Player Plugin End -->id="cwevp_host"name="cwevp_host"_evpInit<div id="\3-wrap" class="evp-video-wrap"><span id="cwhinweis"><strong>Loading video, please wait a few seconds...</strong></span></div><script type="text/javascript" src="https://evp.christian-wenzl.de/framework.php?div_id=\3&id=\1%3D%3D&v=_evpInit('\1\2[\3]');