Does Disable Embeds have any unpatched vulnerabilities?

No. All known vulnerabilities in Disable Embeds have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Disable Embeds compatible with WordPress 6.8.5?

According to WordPress.org data, Disable Embeds 1.5.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Disable Embeds updated?

Disable Embeds was last updated on Apr 8, 2025. Frequent updates are generally a positive security signal.

What is Disable Embeds's security score?

Disable Embeds has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Disable Embeds Security & Risk Analysis

wordpress.org/plugins/disable-embeds

Don’t like the enhanced embeds in WordPress 4.4? Easily disable the feature using this plugin.

10K active installs v1.5.0 PHP + WP 4.4+ Updated Apr 8, 2025

embedembedsoembed

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Disable Embeds Safe to Use in 2026?

Generally Safe

Score 100/100

Disable Embeds has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12mo ago

Risk Assessment

The "disable-embeds" v1.5.0 plugin exhibits a very strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface. Furthermore, the code signals indicate robust security practices, with no dangerous functions, all SQL queries using prepared statements, and all outputs being properly escaped. The plugin also avoids file operations and external HTTP requests. The lack of any recorded vulnerabilities, including critical or high severity issues, and the absence of common vulnerability types in its history, further reinforce this positive assessment.

Despite the excellent static analysis and vulnerability history, the total absence of nonce checks and capability checks in the code is a minor concern. While the plugin currently has no exposed entry points that would necessitate these checks, future updates or changes could inadvertently introduce vulnerabilities if these checks are not implemented as a general security practice. Overall, "disable-embeds" v1.5.0 appears to be a highly secure plugin, with its strengths far outweighing any potential weaknesses suggested by the analysis.

Key Concerns

No nonce checks present
No capability checks present

Vulnerabilities

None known

Disable Embeds Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Disable Embeds Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

Disable Embeds Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

filterrest_endpointsdisable-embeds.php:33

filteroembed_response_datadisable-embeds.php:36

filterembed_oembed_discoverdisable-embeds.php:39

filtertiny_mce_pluginsdisable-embeds.php:49

filterrewrite_rules_arraydisable-embeds.php:52

actionenqueue_block_editor_assetsdisable-embeds.php:58

actionwp_default_scriptsdisable-embeds.php:61

actioninitdisable-embeds.php:64

filterrewrite_rules_arraydisable-embeds.php:102

Maintenance & Trust

Disable Embeds Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 8, 2025

PHP min version

Downloads271K

Community Trust

Rating86/100

Number of ratings20

Active installs10K

Alternatives

Disable Embeds Alternatives

Haiku Deck for WordPress

haiku-deck-oembed

10 No CVEs

GeniiPress Disable Embeds

geniipress-disable-embeds

Disables the oEmbed feature from core, for a performance gain.

0 No CVEs

Embed Optimizer

embed-optimizer

100

Optimizes the performance of embeds through lazy-loading, adding dns-prefetch links, and reserving space to reduce layout shifts.

60K No CVEs

Embed PDF Viewer

embed-pdf-viewer

Embed a PDF from the Media Library or elsewhere via oEmbed or as a block into an iframe tag.

20K 2 CVEs

Embed Privacy

embed-privacy

100

Embed Privacy prevents the loading of embedded external content and allows your site visitors to opt-in.

10K 1 CVE

Developer Profile

Disable Embeds Developer Profile

Pascal Birchler

4 plugins · 53K total installs

100

trust score

Avg Security Score

100/100

Avg Patch Time

7 days

View full developer profile

Detection Fingerprints

How We Detect Disable Embeds

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/disable-embeds/build/index.js

Script Paths