WP-Safety

Embed Video Thumbnail Security & Risk Analysis

wordpress.org/plugins/embed-video-thumbnail

Automatically replace embed videos everywhere with their thumbnail to reduce page load time and improve your GTmetrix score.

300 active installs v2.0.3 PHP + WP 4.5+ Updated May 2, 2020
embedthumbnailvideovimeoyoutube
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Embed Video Thumbnail Safe to Use in 2026?

Generally Safe

Score 85/100

Embed Video Thumbnail has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The 'embed-video-thumbnail' plugin version 2.0.3 exhibits a generally good security posture, with no known past vulnerabilities and strong adherence to secure coding practices like using prepared statements for all SQL queries and incorporating a significant number of nonce and capability checks. The static analysis reveals a relatively small attack surface, and importantly, all identified entry points have authentication checks. This indicates proactive security measures by the developers.

However, the presence of the `unserialize` function is a significant concern. While the taint analysis did not reveal any critical or high-severity issues stemming from this function in the current version, `unserialize` is inherently dangerous as it can lead to remote code execution if it processes untrusted data. The four identified taint flows with unsanitized paths, though not classified as critical or high, warrant careful investigation. Additionally, a substantial portion (52%) of output is not properly escaped, posing a risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is directly outputted without sanitization.

Despite the lack of historical vulnerabilities, the identified code signals and taint analysis findings point to areas that require attention. The plugin's strengths lie in its SQL handling and robust authentication checks. The weaknesses are primarily concentrated around the potential risks associated with `unserialize` and unescaped output, which could be exploited in conjunction with other vulnerabilities or in future updates. A balanced conclusion is that the plugin is relatively secure in its current state, but the identified code signals indicate potential future risks or vulnerabilities that need mitigation.

Key Concerns

  • Presence of unserialize function
  • Flows with unsanitized paths found
  • High percentage of unescaped output
Vulnerabilities
None known

Embed Video Thumbnail Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Embed Video Thumbnail Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
6 prepared
Unescaped Output
433
403 escaped
Nonce Checks
7
Capability Checks
1
File Operations
20
External Requests
16
Bundled Libraries
0

Dangerous Functions Found

unserializereturn unserialize(file_get_contents($this->api . $id . '.php'));src\Provider\Vimeo.php:31

SQL Query Safety

100% prepared6 total queries

Output Escaping

48% escaped836 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

7 flows4 with unsanitized paths
save_network_page (admin\redux-framework\framework.php:594)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Embed Video Thumbnail Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 5

noprivwp_ajax_redux_padmin\redux-framework\inc\class.p.php:7
authwp_ajax_redux_padmin\redux-framework\inc\class.p.php:8
authwp_ajax_redux_hide_admin_noticeadmin\redux-framework\inc\class.redux_admin_notices.php:30
authwp_ajax_redux_allow_trackingadmin\redux-framework\inc\tracking.php:509
authwp_ajax_redux_support_hashadmin\redux-framework\inc\welcome\welcome.php:24
WordPress Hooks 59
actionwp_dashboard_setupadmin\redux-framework\core\dashboard.php:14
actionredux/initadmin\redux-framework\framework.php:28
actionadmin_menuadmin\redux-framework\framework.php:353
actionnetwork_admin_menuadmin\redux-framework\framework.php:357
actionadmin_bar_menuadmin\redux-framework\framework.php:361
actionadmin_initadmin\redux-framework\framework.php:367
actionadmin_initadmin\redux-framework\framework.php:372
actionadmin_noticesadmin\redux-framework\framework.php:377
actionadmin_initadmin\redux-framework\framework.php:380
actionadmin_enqueue_scriptsadmin\redux-framework\framework.php:384
actionwp_headadmin\redux-framework\framework.php:390
actionwp_enqueue_scriptsadmin\redux-framework\framework.php:391
actionlogin_headadmin\redux-framework\framework.php:396
actionlogin_enqueue_scriptsadmin\redux-framework\framework.php:397
actionadmin_headadmin\redux-framework\framework.php:402
actionadmin_enqueue_scriptsadmin\redux-framework\framework.php:403
actionwp_print_scriptsadmin\redux-framework\framework.php:406
actionadmin_enqueue_scriptsadmin\redux-framework\framework.php:407
actionadmin_bar_menuadmin\redux-framework\framework.php:414
actionadmin_headadmin\redux-framework\framework.php:1743
filteradmin_footer_textadmin\redux-framework\framework.php:1746
actionafter_setup_themeadmin\redux-framework\inc\class.redux_api.php:47
actioninitadmin\redux-framework\inc\class.redux_api.php:48
actionswitch_themeadmin\redux-framework\inc\class.redux_api.php:49
actionReduxFrameworkPlugin_admin_noticeadmin\redux-framework\inc\class.redux_api.php:579
actionredux_framework_plugin_admin_noticeadmin\redux-framework\inc\class.redux_api.php:580
actionredux/constructadmin\redux-framework\inc\class.redux_instances.php:63
actioncustomize_registeradmin\redux-framework\inc\extensions\customizer\extension_customizer.php:113
actionwp_headadmin\redux-framework\inc\extensions\customizer\extension_customizer.php:118
actioncustomize_save_afteradmin\redux-framework\inc\extensions\customizer\extension_customizer.php:121
actioncustomize_controls_print_scriptsadmin\redux-framework\inc\extensions\customizer\extension_customizer.php:124
actioncustomize_controls_initadmin\redux-framework\inc\extensions\customizer\extension_customizer.php:126
filterupload_mimesadmin\redux-framework\inc\extensions\import_export\extension_import_export.php:95
filterredux/font-iconsadmin\redux-framework\inc\fields\select\elusive-icons.php:313
actionadmin_enqueue_scriptsadmin\redux-framework\inc\themecheck\class.redux_themecheck.php:80
actionadmin_enqueue_scriptsadmin\redux-framework\inc\themecheck\class.redux_themecheck.php:81
actionthemecheck_checks_loadedadmin\redux-framework\inc\themecheck\class.redux_themecheck.php:83
actionthemecheck_checks_loadedadmin\redux-framework\inc\themecheck\class.redux_themecheck.php:84
actionadmin_enqueue_scriptsadmin\redux-framework\inc\tracking.php:75
actionadmin_enqueue_scriptsadmin\redux-framework\inc\tracking.php:77
actionredux_trackingadmin\redux-framework\inc\tracking.php:94
actionadmin_print_footer_scriptsadmin\redux-framework\inc\tracking.php:105
actionadmin_print_footer_scriptsadmin\redux-framework\inc\tracking.php:115
filterredux/tracking/optionsadmin\redux-framework\inc\tracking.php:485
actioninitadmin\redux-framework\inc\validation\unique_slug\validation_unique_slug.php:66
actionredux/loadedadmin\redux-framework\inc\welcome\welcome.php:22
actionadmin_menuadmin\redux-framework\inc\welcome\welcome.php:33
filteradmin_footer_textadmin\redux-framework\inc\welcome\welcome.php:39
actionadmin_headadmin\redux-framework\inc\welcome\welcome.php:40
actioninitadmin\redux-framework\inc\welcome\welcome.php:89
actionadmin_noticesembed-video-thumbnail.php:25
actionafter_setup_themesrc\EmbedVideoThumbnail.php:61
actionwp_enqueue_scriptssrc\EmbedVideoThumbnail.php:70
filterthe_contentsrc\EmbedVideoThumbnail.php:71
filterikevt_video_to_thumbnailsrc\EmbedVideoThumbnail.php:72
actionwidgets_initsrc\EmbedVideoThumbnail.php:73
actionadmin_initsrc\PluginReview.php:43
actionadmin_initsrc\PluginReview.php:44
actionadmin_noticessrc\PluginReview.php:60

Scheduled Events 1

redux_tracking
Maintenance & Trust

Embed Video Thumbnail Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedMay 2, 2020
PHP min version
Downloads28K

Community Trust

Rating80/100
Number of ratings13
Active installs300
Alternatives

Embed Video Thumbnail Alternatives

Video Thumbnails Reloaded

Video Thumbnails Reloaded

video-thumbnails-reloaded

A
85

Video Thumbnails simplifies the process of automatically displaying video thumbnails in your WordPress template.

2K No CVEs
video carousel slider with lightbox

video carousel slider with lightbox

wp-responsive-video-gallery-with-lightbox

A
98

This is a beautiful responsive video carousel slider with responsive lightbox for WordPress blogs and sites. Admin can manage any number of videos int …

1K 3 CVEs
Responsive video embed

Responsive video embed

responsive-video-embed

A
99

Enables you three simple ways to embed responsive video into your content.

900 1 CVE
WP Theater

WP Theater

wp-theater

A
85

Shortcodes for YouTube and Vimeo. Includes embeds, "Theater" embed, thumbed previews, playlist, channel, user uploads and groups.

200 No CVEs
Display Embedded Videos by D.Biota

Display Embedded Videos by D.Biota

display-embedded-videos-by-dbiota

A
85

You can display a gallery of the embedded Youtube and Vimeo videos within your site. They can be shown chronologically or as a random selection.

10 No CVEs
Developer Profile

Embed Video Thumbnail Developer Profile

ikanaweb

1 plugin · 300 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Embed Video Thumbnail

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/embed-video-thumbnail/admin/css/custom.css/wp-content/plugins/embed-video-thumbnail/admin/js/custom.js

HTML / DOM Fingerprints

CSS Classes
redux-containerredux-opts-output
Data Attributes
data-redux-framework
JS Globals
redux_vars
FAQ

Frequently Asked Questions about Embed Video Thumbnail