WP-Safety

dPlayer – Video Player for WordPress Security & Risk Analysis

wordpress.org/plugins/dplayer

A nice video player plugin. This video player support various video file type, It support logo overlay and call to action button on the video player.

40 active installs v1.0.0 PHP + WP 4.0+ Updated Jul 8, 2024
html5-playermedia-playermp4-playerpm4video-player
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is dPlayer – Video Player for WordPress Safe to Use in 2026?

Generally Safe

Score 92/100

dPlayer – Video Player for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The dplayer plugin v1.0.0 exhibits a generally strong security posture, with no recorded vulnerabilities or critical findings in the static and taint analysis. The code demonstrates good practices such as using prepared statements for all SQL queries and performing a significant number of nonce and capability checks. Notably, there are no external HTTP requests or file operations, reducing potential attack vectors.

However, a significant concern is the 31% of output that is not properly escaped. While there are no immediate indicators of exploitation in the provided taint analysis, unsanitized output can lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before rendering. The presence of AJAX handlers, while protected by nonce and capability checks, still represents an attack surface, and any future development introducing unprotected entry points would significantly increase risk.

Given the clean vulnerability history and the presence of security measures like prepared statements and checks, the plugin appears to be developed with security in mind. The primary area for improvement lies in ensuring comprehensive output escaping to mitigate potential XSS flaws. The overall risk is currently low, but the unescaped output warrants attention.

Key Concerns

  • Significant unescaped output
Vulnerabilities
None known

dPlayer – Video Player for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

dPlayer – Video Player for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
223
488 escaped
Nonce Checks
12
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

69% escaped711 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
csf_export (inc\codestar-framework\functions\actions.php:62)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

dPlayer – Video Player for WordPress Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 5

authwp_ajax_csf-get-iconsinc\codestar-framework\functions\actions.php:50
authwp_ajax_csf-exportinc\codestar-framework\functions\actions.php:87
authwp_ajax_csf-importinc\codestar-framework\functions\actions.php:123
authwp_ajax_csf-resetinc\codestar-framework\functions\actions.php:150
authwp_ajax_csf-choseninc\codestar-framework\functions\actions.php:189

Shortcodes 1

[dplayer] dplayer.php:54
WordPress Hooks 54
actionplugin_loadeddplayer.php:19
actionwp_enqueue_scriptsdplayer.php:29
actioninitdplayer.php:87
filterpost_row_actionsdplayer.php:106
actionadmin_head-post.phpdplayer.php:123
actionadmin_head-post-new.phpdplayer.php:124
filterpost_updated_messagesdplayer.php:134
filtergettextdplayer.php:139
filtermanage_iodp_player_posts_columnsdplayer.php:148
actionmanage_iodp_player_posts_custom_columndplayer.php:149
actionedit_form_after_titledplayer.php:165
actionwp_enqueue_scriptsinc\codestar-framework\classes\abstract.class.php:20
actionadmin_menuinc\codestar-framework\classes\admin-options.class.php:106
actionadmin_bar_menuinc\codestar-framework\classes\admin-options.class.php:107
actionnetwork_admin_menuinc\codestar-framework\classes\admin-options.class.php:111
filteradmin_footer_textinc\codestar-framework\classes\admin-options.class.php:487
actionadd_meta_boxes_commentinc\codestar-framework\classes\comment-options.class.php:38
actionedit_commentinc\codestar-framework\classes\comment-options.class.php:39
actioncustomize_registerinc\codestar-framework\classes\customize-options.class.php:43
actioncustomize_save_afterinc\codestar-framework\classes\customize-options.class.php:44
actionwp_enqueue_scriptsinc\codestar-framework\classes\customize-options.class.php:48
actionadd_meta_boxesinc\codestar-framework\classes\metabox-options.class.php:50
actionsave_postinc\codestar-framework\classes\metabox-options.class.php:51
actionedit_attachmentinc\codestar-framework\classes\metabox-options.class.php:52
actionwp_nav_menu_item_custom_fieldsinc\codestar-framework\classes\nav-menu-options.class.php:30
actionwp_update_nav_menu_iteminc\codestar-framework\classes\nav-menu-options.class.php:31
filterwp_edit_nav_menu_walkerinc\codestar-framework\classes\nav-menu-options.class.php:33
actionadmin_initinc\codestar-framework\classes\profile-options.class.php:30
actionshow_user_profileinc\codestar-framework\classes\profile-options.class.php:42
actionedit_user_profileinc\codestar-framework\classes\profile-options.class.php:43
actionpersonal_options_updateinc\codestar-framework\classes\profile-options.class.php:45
actionedit_user_profile_updateinc\codestar-framework\classes\profile-options.class.php:46
actionafter_setup_themeinc\codestar-framework\classes\setup.class.php:53
actioninitinc\codestar-framework\classes\setup.class.php:54
actionswitch_themeinc\codestar-framework\classes\setup.class.php:55
actionadmin_enqueue_scriptsinc\codestar-framework\classes\setup.class.php:56
actionwp_enqueue_scriptsinc\codestar-framework\classes\setup.class.php:57
actionwp_headinc\codestar-framework\classes\setup.class.php:58
filteradmin_body_classinc\codestar-framework\classes\setup.class.php:59
actionadmin_footerinc\codestar-framework\classes\shortcode-options.class.php:47
actioncustomize_controls_print_footer_scriptsinc\codestar-framework\classes\shortcode-options.class.php:48
actionelementor/editor/before_enqueue_scriptsinc\codestar-framework\classes\shortcode-options.class.php:57
actionelementor/editor/footerinc\codestar-framework\classes\shortcode-options.class.php:58
actionelementor/editor/footerinc\codestar-framework\classes\shortcode-options.class.php:59
actionenqueue_block_editor_assetsinc\codestar-framework\classes\shortcode-options.class.php:299
actionmedia_buttonsinc\codestar-framework\classes\shortcode-options.class.php:303
actionadmin_initinc\codestar-framework\classes\taxonomy-options.class.php:41
actionadmin_footerinc\codestar-framework\fields\icon\icon.php:41
actioncustomize_controls_print_footer_scriptsinc\codestar-framework\fields\icon\icon.php:42
actionadmin_print_footer_scriptsinc\codestar-framework\fields\link\link.php:65
actionprint_default_editor_scriptsinc\codestar-framework\fields\wp_editor\wp_editor.php:62
actionadmin_menuinc\codestar-framework\views\welcome.php:19
filterplugin_action_linksinc\codestar-framework\views\welcome.php:20
filterplugin_row_metainc\codestar-framework\views\welcome.php:21
Maintenance & Trust

dPlayer – Video Player for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedJul 8, 2024
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs40
Alternatives

dPlayer – Video Player for WordPress Alternatives

IV Player

IV Player

ivplayer

A
85

IV Player is an interactive video player, if you are a teacher/educator/guru who wants to provide video content to your students/learners, then IV Pla …

10 No CVEs
HTML5 Video Player – Embed and Play Videos in Custom Player

HTML5 Video Player – Embed and Play Videos in Custom Player

html5-video-player

A
94

HTML5 Video Player Plugin lets you embed responsive videos in WordPress. It’s easy to use, fast, and supports MP4, WebM, OGG, FLV, Youtube and Vimeo.

20K 8 CVEs
Lean Player – Video and Audio Player for WordPress, Elementor, Block Editor and Classic Editor

Lean Player – Video and Audio Player for WordPress, Elementor, Block Editor and Classic Editor

az-video-and-audio-player-addon-for-elementor

A
100

WordPress Video Player & Audio Player plugin - simple, lightweight and customizable HTML5, YouTube, Vimeo & mp3 media player that supports all devices

3K No CVEs
Super Video player – Fully Customizable Video Player with Playlist

Super Video player – Fully Customizable Video Player with Playlist

super-video-player

A
100

Improve WordPress user experience with Super Video Player plugin. Self-hosted, supports mp4/OGG, captions, and subtitle for engagement.

2K No CVEs
FV Player 8

FV Player 8

fv-player

A
100

WordPress's most reliable, easy to use and feature-rich video player. Supports playlists, ads, stats and user video position saving.

1K No CVEs
Developer Profile

dPlayer – Video Player for WordPress Developer Profile

indionetech

1 plugin · 40 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect dPlayer – Video Player for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/dplayer/assets/js/dplayer.min.js/wp-content/plugins/dplayer/assets/js/main.js
Script Paths
/wp-content/plugins/dplayer/assets/js/dplayer.min.js/wp-content/plugins/dplayer/assets/js/main.js
Version Parameters
dplayer/assets/js/dplayer.min.js?ver=dplayer/assets/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
dplayer
Data Attributes
data-settings
Shortcode Output
[dplayer id=
FAQ

Frequently Asked Questions about dPlayer – Video Player for WordPress