Does Embed Tidal have any unpatched vulnerabilities?

No. All known vulnerabilities in Embed Tidal have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Embed Tidal compatible with WordPress 4.9.29?

According to WordPress.org data, Embed Tidal 0.2.0 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Embed Tidal updated?

Embed Tidal was last updated on Mar 12, 2018. Frequent updates are generally a positive security signal.

What is Embed Tidal's security score?

Embed Tidal has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Embed Tidal Security & Risk Analysis

wordpress.org/plugins/embed-tidal

Embed the Tidal web player via pasting a URL or using a shortcode. Works well with the Shortcake shortcode UI.

40 active installs v0.2.0 PHP + WP 3.6.1+ Updated Mar 12, 2018

embedshortcakeshortcodestreamingtidal

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Embed Tidal Safe to Use in 2026?

Generally Safe

Score 85/100

Embed Tidal has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The 'embed-tidal' v0.2.0 plugin demonstrates a generally strong security posture based on the provided static analysis. It correctly avoids dangerous functions, all SQL queries utilize prepared statements, and all identified outputs are properly escaped. Furthermore, there are no file operations or external HTTP requests, and no known vulnerabilities have been recorded in its history. This indicates a conscientious approach to secure coding practices.

However, there are a few areas that warrant attention. The plugin has no nonce checks and no capability checks implemented. While the attack surface appears small (only one shortcode) and there are no unprotected entry points identified in the static analysis, the absence of these fundamental security mechanisms leaves it vulnerable to potential CSRF (Cross-Site Request Forgery) attacks if the shortcode were to perform any sensitive actions or modify data. The taint analysis showing zero flows is positive, but this is likely due to the limited scope of the analysis or the absence of complex data interactions within the plugin.

In conclusion, the plugin is built on solid foundations with good data handling. The lack of documented vulnerabilities is a significant positive. The primary concern is the missing nonces and capability checks, which are crucial for preventing unauthorized actions. If the shortcode's functionality is purely passive (e.g., just displaying embedded content), the risk might be mitigated. However, for any interactive or data-modifying shortcodes, these checks are essential.

Key Concerns

Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Embed Tidal Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Embed Tidal Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped5 total outputs

Attack Surface

Embed Tidal Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[tidal] class-embed-tidal.php:37

WordPress Hooks 6

actionwp_footerclass-embed-tidal.php:40

actionadmin_enqueue_scriptsclass-embed-tidal.php:41

actionplugins_loadedclass-embed-tidal.php:43

actionenqueue_shortcode_uiclass-embed-tidal.php:52

actionregister_shortcode_uiclass-embed-tidal.php:58

actioninitembed-tidal.php:31

Maintenance & Trust

Embed Tidal Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedMar 12, 2018

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

Embed Tidal Alternatives

Video Embedder for Strimly

video-embedder-for-strimly

100

Easily embed Strimly.io videos with shortcodes and blocks. Features secure API authentication and video library management.

0 No CVEs

Advanced iFrame

advanced-iframe

Include content the way YOU like in an iframe that can hide and modify elements, does auto-height, forward parameters and does many, many more...

40K 1 unpatched

Insert Pages

insert-pages

Insert Pages lets you embed any WordPress content (e.g., pages, posts, custom post types) into other WordPress content using the Shortcode API.

40K 4 CVEs

Spreaker Shortcode

spreaker-shortcode

A simple and easy way to embed Spreaker player into your WordPress blog.

4K No CVEs

Simple YouTube Responsive

simple-youtube-responsive

100

Easily embed responsive YouTube videos using a simple shortcode. Lazy load included.

3K 1 CVE

Developer Profile

Embed Tidal Developer Profile

Bjørn Johansen

7 plugins · 20K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

3065 days

View full developer profile

Detection Fingerprints

How We Detect Embed Tidal

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/embed-tidal/tidal-embed-shortcode-ui.js

Script Paths

https://embed.tidal.com/tidal-embed.js

HTML / DOM Fingerprints

CSS Classes

tidal-embed

HTML Comments

Include a script for working with the shortcode UIDefine the UI for attributes of the shortcode.Type of embed. I.e. album, playlist, track or videoDefine the Shortcode UI arguments.+3 more

Data Attributes

data-typedata-iddata-related-id

Shortcode Output

<div class="tidal-embed" data-type="" data-id=""></div> data-related-id="

FAQ