Does Embedly have any unpatched vulnerabilities?

No. All known vulnerabilities in Embedly have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Embedly compatible with WordPress 6.9.4?

According to WordPress.org data, Embedly 4.9.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Embedly compatible with PHP 7.4+?

Embedly requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Embedly updated?

Embedly was last updated on Feb 20, 2026. Frequent updates are generally a positive security signal.

What is Embedly's security score?

Embedly has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Embedly Security & Risk Analysis

wordpress.org/plugins/embedly

The Embedly Plugin extends WordPress's auto-embed feature to give your blog more media types and style options.

2K active installs v4.9.3 PHP 7.4+ WP 5.0+ Updated Feb 20, 2026

embedimageoembedpdfvideo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Embedly Safe to Use in 2026?

Generally Safe

Score 100/100

Embedly has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The Embedly plugin version 4.9.3 presents a generally good security posture based on the provided static analysis and vulnerability history. The plugin demonstrates strong adherence to secure coding practices by implementing nonce checks for all identified AJAX handlers and performing capability checks for most interactions. The absence of raw SQL queries, file operations, and critical taint flows further enhances its security. However, a notable concern is the relatively low percentage of properly escaped output (35%). This could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully when displayed. The plugin also makes an external HTTP request, which, while not inherently insecure, can be a vector for other types of attacks if the external service is compromised or if the request is not properly authenticated or validated. The lack of any recorded vulnerabilities in its history is a positive indicator, suggesting a consistent effort towards maintaining security. Overall, while Embedly 4.9.3 is well-protected against common attack vectors like SQL injection and unauthorized access, the unescaped output warrants attention for potential XSS risks.

Key Concerns

Low percentage of properly escaped output
External HTTP request without explicit validation mentioned

Vulnerabilities

None known

Embedly Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Embedly Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

35% escaped17 total outputs

Attack Surface

Embedly Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_embedly_update_optionembedly.php:122

authwp_ajax_embedly_save_accountembedly.php:126

authwp_ajax_embedly_save_api_keyembedly.php:130

WordPress Hooks 6

actioninitembedly.php:83

actionadmin_menuembedly.php:101

actionadmin_enqueue_scriptsembedly.php:106

actionadmin_enqueue_scriptsembedly.php:111

actionplugins_loadedembedly.php:146

filteroembed_providersembedly.php:410

Maintenance & Trust

Embedly Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 20, 2026

PHP min version7.4

Downloads204K

Community Trust

Rating70/100

Number of ratings20

Active installs2K

Alternatives

Embedly Alternatives

Gabfire Media Module

gabfire-media-module

Gabfire Media Module extends the functionality of WordPress Featured Image to support Videos and Default Post Images.

100 No CVEs

Embed PDF Viewer

embed-pdf-viewer

Embed a PDF from the Media Library or elsewhere via oEmbed or as a block into an iframe tag.

20K 2 CVEs

Wistia WordPress Plugin

wistia-wordpress-oembed-plugin

Enables all Wistia embed types to be used in your WordPress blog.

2K No CVEs

Hide Related Video Youtube

hide-related-video-youtube

Hide related video youtube is a plugin remove related video other chanel when you use YouTube oEmbed.

1K No CVEs

Magyar Video Embed

magyar-video-embed

This plugin helps different hungarian online video service provider videos to be embeded just like youtube links. So, this is not intresting to you un …

1K No CVEs

Developer Profile

Embedly Developer Profile

Embedly

1 plugin · 2K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Embedly

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/embedly/js/embedly.js/wp-content/plugins/embedly/css/embedly.css/wp-content/plugins/embedly/js/admin.js/wp-content/plugins/embedly/js/options.js

Script Paths

https://cdn.embedly.com/widgets/platform.js

Version Parameters

embedly/js/embedly.js?ver=embedly/css/embedly.css?ver=embedly/js/admin.js?ver=embedly/js/options.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-embedly-nonce

JS Globals

embedly_platform_options

FAQ