[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fBK7KNZd8aza5e9wrBNtiB9Mh3ghMzTXaYH8FzLlAYGM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":51,"analysis":148,"fingerprints":196},"easy-flash-embed","Easy Flash Embed","1.0","Vincent Boiardt","https:\u002F\u002Fprofiles.wordpress.org\u002Fvincent-boiardt\u002F","\u003Cp>Embed Flash easily and standard compliant with SWFObject using only a [swf] shortcode!\u003C\u002Fp>\n\u003Cp>In the text editor simply write something like:\u003C\u002Fp>\n\u003Cp>[swf src=”http:\u002F\u002Fwww.example.com\u002Fmy-flash-file.swf” width=300 height=100]\u003C\u002Fp>\n\u003Cp>The attributes \u003Cem>src\u003C\u002Fem>, \u003Cem>width\u003C\u002Fem> and \u003Cem>height\u003C\u002Fem> are \u003Cstrong>required\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Additional attributes includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>params\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cem>flashvars\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cem>version\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The attributes \u003Cem>params\u003C\u002Fem>, and \u003Cem>flashvars\u003C\u002Fem> should be written like “flashvar1=value&flashvar2=value” to function properly. If you want to specify a Flash version use \u003Cem>version\u003C\u002Fem> attribute. \u003Cstrong>Default is 9\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>To provide alternative content for people without Flash, simply put some text between the [swf] brackets, e.g.\u003C\u002Fp>\n\u003Cp>[swf src=”http:\u002F\u002Fwww.example.com\u002Fmy-flash-file.swf” width=300 height=100]You must have Flash to view this file[\u002Fswf]\u003C\u002Fp>\n","Embed Flash easily and standard compliant with SWFObject using only a [swf] shortcode!",900,54934,80,4,"2017-11-28T21:45:00.000Z","2.9.2","2.9","",[20,21,22,23,24],"embed","embedding","flash","swf","swfobject","http:\u002F\u002Fwpquicktips.wordpress.com\u002Feasy-flash-embedding","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-flash-embed.1.0.zip",63,1,"2025-09-02 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-48105","easy-flash-embed-authenticated-contributor-stored-cross-site-scripting","Easy Flash Embed \u003C= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Easy Flash Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-09 22:38:09",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb79ade88-335b-40ac-a20f-d73823eabbf4?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":48,"trust_score":49,"computed_at":50},"vincent-boiardt",30,68,"2026-04-04T10:45:16.791Z",[52,74,91,109,124],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":18,"tags":67,"homepage":70,"download_link":71,"security_score":72,"vuln_count":73,"unpatched_count":73,"last_vuln_date":37,"fetched_at":30},"wp-swfobject","WP-SWFObject","2.4","Kodetop","https:\u002F\u002Fprofiles.wordpress.org\u002Funijimpe\u002F","\u003Cp>This plugin enable insert flash movies into WordPress using \u003Cstrong>SWFObject\u003C\u002Fstrong> with simple quicktag \u003Ccode>[swf][\u002Fswf]\u003C\u002Fcode> .\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easy install and easy use on content and widgets\u003C\u002Fli>\n\u003Cli>Insert Flash movie with simple shortcode\u003C\u002Fli>\n\u003Cli>Panel for easy configuration\u003C\u002Fli>\n\u003Cli>Allow config flash player version required\u003C\u002Fli>\n\u003Cli>Allow config message for iPhone Browser\u003C\u002Fli>\n\u003Cli>Support FlashVars param\u003C\u002Fli>\n\u003Cli>Support FullScreen param\u003C\u002Fli>\n\u003Cli>Generate \u003Ccode>\u003Cobject>\u003C\u002Fcode> code for RSS and iPhone compatibility   \u003C\u002Fli>\n\u003Cli>Select version of SWFObject (1.5 or 2.0)\u003C\u002Fli>\n\u003Cli>Allow insert SWFObject from Google AJAX Libraries API\u003C\u002Fli>\n\u003Cli>Detect iPhone Browser to show message o link for Youtube Videos\u003C\u002Fli>\n\u003Cli>Easy integration with Youtube videos\u003C\u002Fli>\n\u003Cli>Support for show Loading image\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To insert swf into post content or text widget use:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[swf]movie.swf, width, heigth[\u002Fswf]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>To insert swf with flashvars use:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[swf]movie.swf, width, heigth, var1=val1&var2=val2[\u002Fswf]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>To insert swf on template, use the php code:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php wp_swfobject_echo(\"movie.swf\", \"width\", \"heigth\"); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>To insert swf with flashvars on template, use the php code:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php wp_swfobject_echo(\"movie.swf\", \"width\", \"heigth\", \"var1=val1&var2=val2\"); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>For more information visit \u003Ca href=\"http:\u002F\u002Fblog.unijimpe.net\u002Fwp-swfobject\u002F\" title=\"plugin website\" rel=\"nofollow ugc\">plugin website\u003C\u002Fa>\u003C\u002Fp>\n","Insert Flash Movies into WordPress.",1000,148800,100,3,"2017-11-28T16:58:00.000Z","3.2.1","1.5",[22,68,23,24,69],"flv","video","http:\u002F\u002Fblog.unijimpe.net\u002Fwp-swfobject\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-swfobject.2.4.zip",85,0,{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":18,"short_description":80,"active_installs":81,"downloaded":82,"rating":73,"num_ratings":73,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":18,"tags":86,"homepage":89,"download_link":90,"security_score":72,"vuln_count":73,"unpatched_count":73,"last_vuln_date":37,"fetched_at":30},"billybenswf","BillyBenSWF","1.1.0","Billyben","https:\u002F\u002Fprofiles.wordpress.org\u002Fbillyben\u002F","Simple shortcode for swf\u002Fflash embedding. Autodetect original size. Can set size, object id+class, flashvar, attributes and parameter.",10,5606,"2011-09-15T16:16:00.000Z","3.1.4","2.8.1",[20,22,87,88,23],"flashvar","include","http:\u002F\u002Fwww.etherocliquecite.eu","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbillybenswf.1.1.0.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":81,"downloaded":99,"rating":73,"num_ratings":73,"last_updated":100,"tested_up_to":101,"requires_at_least":102,"requires_php":18,"tags":103,"homepage":107,"download_link":108,"security_score":72,"vuln_count":73,"unpatched_count":73,"last_vuln_date":37,"fetched_at":30},"flash-feed-scroll-reader","Flash Feed Scroll Reader","1.2.0","gfazioli","https:\u002F\u002Fprofiles.wordpress.org\u002Fgfazioli\u002F","\u003Cp>Flash Feed Scroll Reader is a Adobe Flash Feed Reader with horizontal scrolling.\u003Cbr \u002F>\nYou can set one or more feed to fetch. The scroll rendering is in HTML Adobe Flash, so you can edit style.css file for change color, fonts and rendering.\u003C\u002Fp>\n\u003Cp>In this version you can set options and call php function:\n    \u003C\u002Fp>\n\u003Cp>for show flash scroll feed.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FEATURES\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Single Feed Reader\u003C\u002Fli>\n\u003Cli>Multiple\u002Faggregator Feed Reader\u003C\u002Fli>\n\u003Cli>Customize Adobe Flash Scroll Reader\u003C\u002Fli>\n\u003Cli>Simple and Fast\u003C\u002Fli>\n\u003Cli>English\u002FItalian Localizzation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>LAST IMPROVE\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Localizzation Italian\u003C\u002Fli>\n\u003Cli>Rev User Interface\u003C\u002Fli>\n\u003Cli>\u003Ccode>stringcutend\u003C\u002Fcode> param: String to append when the description is cutted, default \u003Ccode>\"[...]\"\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>target\u003C\u002Fcode> param: Window target on click feed title link, default \u003Ccode>\"_blank\"\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>HOW TO\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Usage:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>* width:          Flash movie width. This value can be in pixel or percent\n* height:         Flash movie height. This value can be in pixel or percent\n* feedurl:        URL address of feed rss to show\n* scrollspeed:    Scroll speed in millisecond\n* separator:      HTML text between feed title\n* description:    Set to \"1\" for show description content. \"0\" for none\n* stringcut:      If description is set to \"1\" this is the number of chars to show\n* stringcutend:   String to append when the description is cutted, default \"[...]\"\n* stylesheet:     StyleSheet URL address\n* bgcolor:        Background color for Flash Movie in #RRGGBB value\n* wmode:          Window Mode for Flash Movie: Window, Opaque, Transparent\n* useaggregator:  Set to '1' for use aggregator setting, else '0' default\n* target:         Window target on click feed title link, default \"_blank\"\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Related Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.saidmade.com\u002F\" title=\"Saidmade\" rel=\"nofollow ugc\">Author’s Company\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.undolog.com\u002F\" title=\"Undolog\" rel=\"nofollow ugc\">Author’s Personal Blog\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more information on the roadmap for future improvements please e-mail: g.fazioli@saidmade.com\u003C\u002Fp>\n\u003Ch3>Thanks\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fsimplepie.org\u002Fdownloads\u002F\" title=\"SimplePie\" rel=\"nofollow ugc\">SimplePie\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Flash Feed Scroll Reader WordPress Plugin use SWFObject (from Google Ajax API) and SimplePie\u003C\u002Fli>\n\u003Cli>Chris for beta testing\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002F247145\" rel=\"ugc\">godai\u003C\u002Fa> for some usefull suggest\u003C\u002Fli>\n\u003C\u002Ful>\n","Flash Feed Scroll Reader is a Adobe Flash Feed Reader with horizontal scrolling.",18945,"2010-07-19T16:18:00.000Z","2.7.1","2.7",[104,105,22,106,24],"feed-reader","feed-rss","scroll","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fflash-feed-scroll-reader\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflash-feed-scroll-reader.1.2.0.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":81,"downloaded":117,"rating":73,"num_ratings":73,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":18,"tags":121,"homepage":18,"download_link":123,"security_score":72,"vuln_count":73,"unpatched_count":73,"last_vuln_date":37,"fetched_at":30},"swfobjectjquery","SWFObject jQuery","1.0.0","CJ_Jackson","https:\u002F\u002Fprofiles.wordpress.org\u002Fcj_jackson\u002F","\u003Cp>A simple plugins that uses jQuery and SWFObject that included with WordPress,\u003Cbr \u002F>\njQuery is used to analyse every html object element, if a object element is\u003Cbr \u002F>\nverified as a Flash object it will automatically register that Flash object\u003Cbr \u002F>\nwith SWFObject.\u003C\u002Fp>\n","A simple plugins that uses jQuery and SWFObject!",2519,"2010-09-16T23:36:00.000Z","3.0.5","2.6",[22,122,24],"jquery","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fswfobjectjquery.1.0.0.zip",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":62,"num_ratings":28,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":144,"download_link":145,"security_score":146,"vuln_count":28,"unpatched_count":73,"last_vuln_date":147,"fetched_at":30},"hls-player","HLS Player","1.0.11","ROOT SECTOR","https:\u002F\u002Fprofiles.wordpress.org\u002Fr00tsector\u002F","\u003Cp>HLS Player Video Plugin: Streamline your WordPress with the definitive HLS video embedding solution. Powered by the acclaimed Video.js player, this plugin guarantees an exceptional viewing experience.\u003C\u002Fp>\n\u003Cp>Key Features:\u003Cbr \u002F>\n* \u003Cstrong>Effortless Integration\u003C\u002Fstrong>: Embed HLS videos anywhere on your site with ease.\u003Cbr \u002F>\n* \u003Cstrong>Adaptive Design\u003C\u002Fstrong>: Provides a seamless viewing experience on all devices.\u003Cbr \u002F>\n* \u003Cstrong>Universal Compatibility\u003C\u002Fstrong>: Ensures full HTML5 support across all browsers.\u003Cbr \u002F>\n* \u003Cstrong>Visual Appeal:\u003C\u002Fstrong> Customize with video posters for an engaging look.\u003Cbr \u002F>\n* \u003Cstrong>Instant Play\u003C\u002Fstrong>: Auto-playback for immediate engagement.\u003Cbr \u002F>\n* \u003Cstrong>Backup Options\u003C\u002Fstrong>: Embed fallback videos directly from your media library.\u003Cbr \u002F>\n* \u003Cstrong>Simple Installation\u003C\u002Fstrong>: Get started quickly without complex configurations.\u003Cbr \u002F>\n* \u003Cstrong>Performance-Focused\u003C\u002Fstrong>: Lightweight build for fast site performance.\u003Cbr \u002F>\n* \u003Cstrong>Modern Interface\u003C\u002Fstrong>: Enjoy a sleek, watermark-free video player.\u003Cbr \u002F>\n* \u003Cstrong>Versatile Playback\u003C\u002Fstrong>: Supports a range of HTML5 video formats.\u003Cbr \u002F>\n* \u003Cstrong>Accessibility Features\u003C\u002Fstrong>: Include captions and subtitles for a wider audience.\u003Cbr \u002F>\n* \u003Cstrong>Multilingual Support\u003C\u002Fstrong>: Offers captions in various languages.\u003Cbr \u002F>\n* \u003Cstrong>Designed for flexibility\u003C\u002Fstrong>, the WordPress HLS Player Plugin simplifies embedding both local and external .m3u8 or .mpd HLS files. It’s tailored for both responsive and fixed-width layouts, ensuring a straightforward embedding process.\u003C\u002Fp>\n\u003Cp>Elevate your WordPress site with the HLS Player Video Plugin – the pinnacle of professional-grade video streaming.\u003C\u002Fp>\n\u003Ch3>HLS Player Plugin Usage\u003C\u002Fh3>\n\u003Cp>To embed a video, create a new post\u002Fpage and use the following shortcode:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[hls_player url=\"https:\u002F\u002Fexample.com\u002Fpath\u002Fto\u002Fvideo_playlist.m3u8\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Specify the “url” parameter with the location of the HLS video package file. Supported formats include .m3u8 (application\u002Fx-mpegURL), .mpd (application\u002Fdash+xml), and .mp4 (video\u002Fmp4).\u003C\u002Fp>\n\u003Ch4>Video Shortcode Options\u003C\u002Fh4>\n\u003Ch3>General Options\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>class\u003C\u002Fstrong>: Define the Video.js player’s CSS class (Default: video-js). Additional classes listed at https:\u002F\u002Fvideojs.com\u002Fguides\u002Flayout\u002F#classes\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[hls_player url=\"https:\u002F\u002Fexample.com\u002Fpath\u002Fto\u002Fvideo_playlist.m3u8\" class=\"video-js vjs-fluid vjs-16-9\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>width\u003C\u002Fstrong>: Defines the width of the video file.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[hls_player url=\"https:\u002F\u002Fexample.com\u002Fpath\u002Fto\u002Fvideo_playlist.m3u8\" width=\"480\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>height\u003C\u002Fstrong>: Defines the height of the video file.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[hls_player url=\"https:\u002F\u002Fexample.com\u002Fpath\u002Fto\u002Fvideo_playlist.m3u8\" height=\"264\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>controls\u003C\u002Fstrong>: Specify whether video controls should be displayed (Default: “true”). Use “false” to hide controls. When you disable controls users will not be able to interact with your videos. So It is recommended that you enable autoplay for a video with no controls.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[hls_player url=\"https:\u002F\u002Fexample.com\u002Fpath\u002Fto\u002Fvideo_playlist.m3u8\" controls=\"false\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>preload\u003C\u002Fstrong>: Specify how the video should be loaded when the page loads (Default: “auto”). Options include “metadata,” “none,” and “auto.”\u003Cbr \u002F>\n“metadata” – Load only the meta data of the video, which includes information like the duration and dimensions of the video. Sometimes, the meta data will be loaded by downloading a few frames of video.\u003Cbr \u002F>\n“none” – Don’t preload any data. The browser will wait until the user hits “play” to begin downloading.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[hls_player url=\"https:\u002F\u002Fexample.com\u002Fpath\u002Fto\u002Fvideo_playlist.m3u8\" preload=\"metadata\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>autoplay\u003C\u002Fstrong>: Cause the video to play automatically when the page loads. Instead of using the autoplay attribute you maybe need to pass an autoplay option to videojs_custom_options_json. https:\u002F\u002Fvideojs.com\u002Fguides\u002Foptions\u002F#autoplay\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[hls_player url=\"https:\u002F\u002Fexample.com\u002Fpath\u002Fto\u002Fvideo_playlist.m3u8\" autoplay=\"true\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>loop\u003C\u002Fstrong>: Make the video loop to the beginning when finished and automatically continue playing.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[hls_player url=\"https:\u002F\u002Fexample.com\u002Fpath\u002Fto\u002Fvideo_playlist.m3u8\" loop=\"true\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>poster\u003C\u002Fstrong>: Define an image as a placeholder before the video plays.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[hls_player url=\"https:\u002F\u002Fexample.com\u002Fpath\u002Fto\u002Fvideo_playlist.m3u8\" poster=\"http:\u002F\u002Fexample.com\u002Fwp-content\u002Fuploads\u002Fposter.jpg\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>muted\u003C\u002Fstrong>: Specify that the audio output of the video should be muted.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[hls_player url=\"https:\u002F\u002Fexample.com\u002Fpath\u002Fto\u002Fvideo_playlist.m3u8\" muted=\"true\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>captions\u003C\u002Fstrong>: Add captions or subtitles to the video in multiple languages. Provide the captions in the format:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\"path\u002Fto\u002Fcaptions1.vtt|lang1|label1|default,path\u002Fto\u002Fcaptions2.vtt|lang2|label2\"\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>path\u002Fto\u002Fcaptions: The URL or path to the VTT file containing the subtitles.\u003Cbr \u002F>\nlang: The two-character language code, followed by a hyphen and an optional country code (e.g., en, de, en-US, de-DE).\u003Cbr \u002F>\nlabel: A user-friendly label for the caption (e.g., “English”, “German”).\u003Cbr \u002F>\ndefault: (Optional) Use this keyword to specify which caption should be enabled by default when the video is loaded.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[hls_player url=\"https:\u002F\u002Fexample.com\u002Fpath\u002Fto\u002Fvideo_playlist.m3u8\" captions=\"https:\u002F\u002Fexample.com\u002Fpath\u002Fto\u002Fcaptions-en.vtt|en-EN|English|default,https:\u002F\u002Fexample.com\u002Fpath\u002Ftopath\u002Fto\u002Fcaptions-de.vtt|de-de|German\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>videojs_custom_options_json\u003C\u002Fstrong>: JSON format string for custom options (https:\u002F\u002Fvideojs.com\u002Fguides\u002Foptions\u002F) for the video.js player.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[hls_player url=\"https:\u002F\u002Fexample.com\u002Fpath\u002Fto\u002Fvideo_playlist.m3u8\" videojs_custom_options_json='{\"autoplay\": \"muted\"}']\nor\n[hls_player url=\"https:\u002F\u002Fexample.com\u002Fpath\u002Fto\u002Fvideo_playlist.m3u8\" videojs_custom_options_json='{\"autoplay\": true,\"liveui\": true,\"liveTracker\": {\"trackingThreshold\": 8}}']\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Get more advanced features with HLS Player PRO\u003C\u002Fh3>\n\u003Ch3>AWS CloudFront Integration\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>=> Global Reach\u003C\u002Fstrong>: Utilize the expansive AWS CloudFront network for low-latency streaming across the globe.\u003Cbr \u002F>\n\u003Cstrong>=> Enhanced Security\u003C\u002Fstrong>: Protect your content with CloudFront Signed Cookies, ensuring that only authorized viewers can access your videos. This feature is particularly useful for preventing unauthorized sharing and downloads, as it ties the video access to specific, signed cookies that are difficult to replicate or redistribute.\u003Cbr \u002F>\n\u003Cstrong>=> Simplified Configuration\u003C\u002Fstrong>: Follow our easy-to-understand instructions to set up CloudFront and implement signed cookies, making your videos secure and your setup hassle-free.\u003C\u002Fp>\n\u003Ch3>AWS Kinesis Video Streams Integration\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>=> Flexible Streaming\u003C\u002Fstrong>: Leverage AWS Kinesis Video Streams for both live and on-demand video streaming.\u003Cbr \u002F>\n\u003Cstrong>=> Direct Downloads\u003C\u002Fstrong>: Enable users to download clips directly from the player, enhancing the viewer experience.\u003C\u002Fp>\n\u003Ch3>Subscription Management\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>=> Integrated Solution\u003C\u002Fstrong>: Combine aMember and WordPress roles for efficient subscription management.\u003Cbr \u002F>\n\u003Cstrong>=> Exclusive Content\u003C\u002Fstrong>: Offer videos exclusively to active subscribers, adding value to your membership packages.\u003C\u002Fp>\n\u003Ch3>Analytics Integration\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>=> In-depth Tracking\u003C\u002Fstrong>: Support for Google Tag Manager and Google Analytics allows you to monitor detailed video statistics.\u003Cbr \u002F>\n\u003Cstrong>=> Viewer Insights\u003C\u002Fstrong>: Gain insights into playback duration and user engagement, helping you to optimize your content strategy.\u003C\u002Fp>\n\u003Ch3>Streaming Optimization\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>=> Effortless Conversion\u003C\u002Fstrong>: Transform .mp4 files into the .m3u8 format with ease, using our tools for Windows or macOS.\u003Cbr \u002F>\n\u003Cstrong>=> Comprehensive Guides\u003C\u002Fstrong>: Benefit from our in-depth guides for video file conversion, AWS S3 and CloudFront configuration and AWS Kinesis Video Stream integration, ensuring a smooth setup process.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fhls-player-pro.root-sector.com\u002F\" rel=\"nofollow ugc\">Check out HLS Player PRO >\u003C\u002Fa>\u003C\u002Fp>\n","HLS Player is a lightweight HTTP Live Streaming player for WordPress, using video.js for easy embedding HLS videos into posts and pages.",600,6126,"2024-11-26T20:31:00.000Z","6.7.5","6.4","8.1",[139,140,141,142,143],"hls","streaming","video-embedding","video-player","videojs","https:\u002F\u002Fgithub.com\u002Froot-sector\u002Fwordpress-plugin-hls-player-free","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhls-player.1.0.11.zip",91,"2024-11-27 20:29:57",{"attackSurface":149,"codeSignals":175,"taintFlows":185,"riskAssessment":186,"analyzedAt":195},{"hooks":150,"ajaxHandlers":168,"restRoutes":169,"shortcodes":170,"cronEvents":174,"entryPointCount":28,"unprotectedCount":73},[151,157,160,164],{"type":152,"name":153,"callback":154,"priority":28,"file":155,"line":156},"action","plugins_loaded","efe_setup_globals","index.php",22,{"type":152,"name":158,"callback":154,"priority":28,"file":155,"line":159},"admin_menu",23,{"type":152,"name":161,"callback":162,"file":155,"line":163},"init","efe_init",28,{"type":152,"name":165,"callback":166,"file":155,"line":167},"wp_footer","efe_wp_footer",40,[],[],[171],{"tag":23,"callback":172,"file":155,"line":173},"efe_shortcode",71,[],{"dangerousFunctions":176,"sqlUsage":177,"outputEscaping":179,"fileOperations":73,"externalRequests":73,"nonceChecks":73,"capabilityChecks":73,"bundledLibraries":184},[],{"prepared":73,"raw":73,"locations":178},[],{"escaped":73,"rawEcho":28,"locations":180},[181],{"file":155,"line":182,"context":183},35,"raw output",[],[],{"summary":187,"deductions":188},"The plugin \"easy-flash-embed\" v1.0 exhibits a mixed security posture. While it demonstrates good practices by avoiding dangerous functions, file operations, external HTTP requests, and utilizing prepared statements for all SQL queries, significant concerns arise from its handling of output and its vulnerability history. The static analysis reveals that 100% of the identified output points are not properly escaped, which is a critical vulnerability that can lead to Cross-Site Scripting (XSS) attacks.  Despite having only one entry point via a shortcode, the lack of output escaping for this entry point creates a direct risk.\n\nThe plugin's vulnerability history is a major red flag. It has a known medium severity Cross-Site Scripting (XSS) vulnerability that is currently unpatched, dating to September 2, 2025. This indicates a potential pattern of insecure coding practices and a lack of diligent maintenance and patching, even for past issues. The presence of this unpatched vulnerability, combined with the identified output escaping issue, suggests that users of this plugin are at a considerable risk of compromise through web page generation vulnerabilities.\n\nIn conclusion, while \"easy-flash-embed\" v1.0 has some positive security attributes, particularly in its backend query handling, the critical flaw in output escaping and the unpatched XSS vulnerability in its history severely undermine its security. The absence of capability checks or nonce checks on its single entry point, though not directly flagged as a risk in the static analysis given the lack of data, becomes more concerning in light of the overall insecure coding patterns observed. This plugin should be approached with extreme caution, and users should strongly consider alternatives or ensure the vulnerability is patched externally if possible.",[189,192],{"reason":190,"points":191},"Unpatched CVE",15,{"reason":193,"points":194},"Unescaped output",5,"2026-03-16T19:11:22.067Z",{"wat":197,"direct":204},{"assetPaths":198,"generatorPatterns":200,"scriptPaths":201,"versionParams":202},[199],"\u002Fwp-content\u002Fplugins\u002Feasy-flash-embed\u002Fstyle.css",[],[],[203],"easy-flash-embed\u002Fstyle.css?ver=",{"cssClasses":205,"htmlComments":207,"htmlAttributes":209,"restEndpoints":212,"jsGlobals":213,"shortcodeOutput":215},[206],"efe-flash",[208],"\u003C!-- -->",[210,211],"id=\"efe-swf-","class=\"efe-flash\"",[],[214],"var efe =",[216,217],"\u003Cdiv id=\"efe-swf-","\u003C\u002Fdiv>"]