Does Featured Video Plus have any unpatched vulnerabilities?

No. All known vulnerabilities in Featured Video Plus have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Featured Video Plus compatible with WordPress 4.7.32?

According to WordPress.org data, Featured Video Plus 2.3.3 has been tested up to WordPress 4.7.32. Check the plugin's changelog for the latest compatibility information.

How often is Featured Video Plus updated?

Featured Video Plus was last updated on Nov 28, 2017. Frequent updates are generally a positive security signal.

What is Featured Video Plus's security score?

Featured Video Plus has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Featured Video Plus Security & Risk Analysis

wordpress.org/plugins/featured-video-plus

Add Featured Videos to your posts and pages. Works like magic with most themes which use Featured Images. Local Media, YouTube, Vimeo and many more.

10K active installs v2.3.3 PHP + WP 3.7+ Updated Nov 28, 2017

featuredimagepostvideovideos

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Featured Video Plus Safe to Use in 2026?

Generally Safe

Score 85/100

Featured Video Plus has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "featured-video-plus" plugin v2.3.3 presents a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for its SQL queries and has no recorded vulnerabilities (CVEs). This lack of historical issues suggests a generally well-maintained codebase. However, the static analysis reveals significant areas of concern regarding its attack surface and input sanitization.

Specifically, the presence of two AJAX handlers without authentication checks represents a direct entry point for potential attackers to interact with the plugin's backend functionality without proper authorization. Additionally, while the taint analysis shows no critical or high-severity unsanitized flows, the identification of one flow with an unsanitized path is a red flag, even if its severity wasn't categorized as critical. The limited output escaping (43% properly escaped) further increases the risk of cross-site scripting (XSS) vulnerabilities, as user-supplied data might be rendered directly into the page without adequate sanitization.

In conclusion, while the plugin benefits from a clean vulnerability history and secure SQL practices, the unprotected AJAX endpoints and potential for unsanitized input paths, coupled with inadequate output escaping, create notable security risks. The developer should prioritize addressing these entry points and sanitization issues to improve the overall security posture.

Key Concerns

AJAX handlers without auth checks
Unsanitized paths in taint flow
Low percentage of properly escaped output
Limited nonce checks

Vulnerabilities

None known

Featured Video Plus Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Featured Video Plus Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

13 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared8 total queries

Output Escaping

43% escaped30 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

metabox_content (php\class-backend.php:137)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Featured Video Plus Attack Surface

Entry Points5

Unprotected2

AJAX Handlers 4

authwp_ajax_fvp_savephp\class-backend.php:39

authwp_ajax_fvp_remove_imgphp\class-backend.php:40

authwp_ajax_fvp_get_embedphp\class-backend.php:41

noprivwp_ajax_fvp_get_embedphp\class-backend.php:42

Shortcodes 1

[featured-video-plus] php\class-main.php:22

WordPress Hooks 17

actionadmin_initphp\class-backend.php:24

actionadmin_enqueue_scriptsphp\class-backend.php:26

actionadmin_menuphp\class-backend.php:27

actionsave_postphp\class-backend.php:28

filterfvphtml_pointersphp\class-backend.php:30

filterplugin_action_linksphp\class-backend.php:31

filteradmin_post_thumbnail_htmlphp\class-backend.php:34

actionwp_enqueue_scriptsphp\class-frontend.php:23

actionload-options-media.phpphp\class-help.php:12

actionload-options-media.phpphp\class-help.php:13

actionload-post.phpphp\class-help.php:14

actionadmin_enqueue_scriptsphp\class-html.php:13

actionplugins_loadedphp\class-main.php:20

filterpost_thumbnail_htmlphp\class-main.php:26

filterpost_classphp\class-main.php:27

filteroembed_fetch_urlphp\class-oembed.php:22

actionadmin_initphp\class-settings.php:22

Maintenance & Trust

Featured Video Plus Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32

Last updatedNov 28, 2017

PHP min version

Downloads315K

Community Trust

Rating96/100

Number of ratings80

Active installs10K

Alternatives

Featured Video Plus Alternatives

Really Simple Featured Image: Automatic Featured Images

really-simple-featured-image

100

Automatically generate missing featured images from video or image inside content for Posts, Pages and CPTs.

0 No CVEs

Simple Post Slider Tool

simple-post-slider-tool

100

A flexible slider plugin to create multiple sliders with featured videos or images, custom settings, and shortcode support.

0 No CVEs

Video Metabox AOC

video-metabox-aoc

Video Metabox AOC allows you to upload a video as a post meta.

0 No CVEs

Featured Image from URL (FIFU)

featured-image-from-url

Use remote media as the featured image and beyond.

70K 13 CVEs

Auto Featured Image (Auto Post Thumbnail)

auto-post-thumbnail

Automatically generate, assign, and manage featured images in bulk so every post on your site has a featured image.

50K 6 CVEs

Developer Profile

Featured Video Plus Developer Profile

Alex

4 plugins · 10K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Featured Video Plus

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/featured-video-plus/js/jquery.autosize.min.js/wp-content/plugins/featured-video-plus/js/post.min.js/wp-content/plugins/featured-video-plus/styles/backend.css

Version Parameters

featured-video-plus/js/jquery.autosize.min.js?ver=featured-video-plus/js/post.min.js?ver=featured-video-plus/styles/backend.css?ver=

HTML / DOM Fingerprints

CSS Classes

fvp-current-videofvp-input-wrapperfvp-videofvp-video-choosefvp-media-iconfvp-notice-invalidfvp-notice-theme

Data Attributes

data-target=".fvp-video"data-titledata-button

JS Globals

fvpPost

FAQ

Featured Video Plus Security & Risk Analysis

Is Featured Video Plus Safe to Use in 2026?

Generally Safe

Key Concerns

Featured Video Plus Security Vulnerabilities

Featured Video Plus Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

Featured Video Plus Attack Surface

AJAX Handlers 4

Shortcodes 1

Featured Video Plus Maintenance & Trust

Maintenance Signals

Community Trust

Featured Video Plus Alternatives

Really Simple Featured Image: Automatic Featured Images

Simple Post Slider Tool

Video Metabox AOC

Featured Image from URL (FIFU)

Auto Featured Image (Auto Post Thumbnail)

Featured Video Plus Developer Profile

How We Detect Featured Video Plus

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Featured Video Plus