Featured Video Security & Risk Analysis
wordpress.org/plugins/featured-videoFeatured video is exactly the same as a featured image. It allows you to easily link a YouTube or Vimeo video to a post.
Is Featured Video Safe to Use in 2026?
Generally Safe
Score 85/100Featured Video has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "featured-video" plugin v1.5.4 exhibits a mixed security posture. On the positive side, it boasts a small attack surface with only one identified entry point (a shortcode) and no known vulnerabilities in its history. The code also utilizes prepared statements for all SQL queries and includes a nonce check, demonstrating awareness of basic security practices. However, a significant concern arises from the complete lack of output escaping. This means that any data rendered by the plugin, including potentially user-supplied content, is not properly sanitized, leaving it vulnerable to Cross-Site Scripting (XSS) attacks. Additionally, while the taint analysis shows no critical or high severity unsanitized paths, there is one flow with an unsanitized path, which, coupled with the lack of output escaping, warrants attention.
Despite the absence of known CVEs and a clean vulnerability history, the critical flaw in output escaping presents a tangible risk. The plugin's limited attack surface and use of prepared statements are commendable, but the failure to properly escape output is a fundamental security oversight. This makes it susceptible to XSS if malicious data is introduced into the system and subsequently displayed by the plugin. Therefore, while the plugin avoids common pitfalls like unpatched CVEs or raw SQL, the output escaping deficiency is a significant weakness that needs immediate remediation.
Key Concerns
- 0% output escaping
- 1 flow with unsanitized paths
- 0 capability checks on entry points
Featured Video Security Vulnerabilities
Featured Video Release Timeline
Featured Video Code Analysis
Output Escaping
Data Flow Analysis
Featured Video Attack Surface
Shortcodes 1
WordPress Hooks 2
Maintenance & Trust
Featured Video Maintenance & Trust
Maintenance Signals
Community Trust
Featured Video Alternatives
SocialFeeds
socialfeeds
YouTube feeds for WordPress with simple Setup and Settings options.
Automatic Featured Images from Videos
automatic-featured-images-from-videos
If a YouTube or Vimeo video embed exists near the start of a post, we'll automatically set the post's featured image to a thumbnail of the video.
Featured Video for WordPress – VideographyWP
videographywp
WordPress featured video plugin that allows you to create video posts from YouTube videos.
Media Player Addons for Elementor – Audio and Video Widgets for Elementor
media-player-addons-for-elementor
Extend Elementor with powerful, customizable media players for audio, video, streaming & playlists.
Youtube Thumbnail as Featured Image
youtube-thumbnail-to-featured-image
Use a YouTube Thumbnail as a Featured Image for a WordPress Post. You only have to set a YouTue Video URL and the plugin does the rest.
Featured Video Developer Profile
2 plugins · 110 total installs
How We Detect Featured Video
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/featured-video/style.css/wp-content/plugins/featured-video/script.js/wp-content/plugins/featured-video/spinner.gif/wp-content/plugins/featured-video/vimeo.jpg/wp-content/plugins/featured-video/script.jsfeatured-video/style.css?ver=featured-video/script.js?ver=HTML / DOM Fingerprints
featured_video_previewid="fv_textarea"name="fv_video"id="vid_id"name="fv_video_id"id="vid_img"name="fv_video_img"JSvars[featured-video]<iframe src="http://player.vimeo.com/video/http://www.youtube.com/embed/<img src="