Does flowplayer-wrapper have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is flowplayer-wrapper compatible with WordPress 3.1.4?

According to WordPress.org data, flowplayer-wrapper 1.1.5 has been tested up to WordPress 3.1.4. Check the plugin's changelog for the latest compatibility information.

How often is flowplayer-wrapper updated?

flowplayer-wrapper was last updated on Apr 24, 2011. Frequent updates are generally a positive security signal.

What is flowplayer-wrapper's security score?

flowplayer-wrapper has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

flowplayer-wrapper Security & Risk Analysis

wordpress.org/plugins/flowplayer-wrapper

Including standard videos via flowplayer into your blog. Version 1.1.2 or higher are requiring PHP5.

10 active installs v1.1.5 PHP + WP 2.5.0+ Updated Apr 24, 2011

embedded-videoflowplayerinlinevideowrapper

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is flowplayer-wrapper Safe to Use in 2026?

Generally Safe

Score 85/100

flowplayer-wrapper has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The "flowplayer-wrapper" plugin version 1.1.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices by not having any known CVEs and avoiding dangerous functions, file operations, external HTTP requests, and raw SQL queries. The plugin also has a minimal attack surface with only one entry point (a shortcode) and no identified AJAX handlers or REST API routes that are unprotected.

However, several areas raise concerns. The most significant is the output escaping, where only 9% of the 22 outputs are properly escaped, indicating a high potential for Cross-Site Scripting (XSS) vulnerabilities. Additionally, while the taint analysis found no critical or high severity issues, there are two flows with unsanitized paths. Furthermore, the complete lack of nonce checks and capability checks on its single entry point means that any user, regardless of their role, can trigger the shortcode's functionality. This, coupled with the unescaped output, presents a tangible risk.

Given the absence of past vulnerabilities, it's difficult to definitively label the plugin as consistently insecure. However, the current code analysis reveals significant weaknesses in output sanitization and authorization for its shortcode. While the plugin hasn't historically suffered from known vulnerabilities, the identified issues in the current version necessitate attention to prevent potential exploitation.

Key Concerns

Low percentage of properly escaped output
Unsanitized paths in taint flows
Missing nonce checks on entry points
Missing capability checks on entry points

Vulnerabilities

None known

flowplayer-wrapper Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

flowplayer-wrapper Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

flowplayer-wrapper Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

9% escaped22 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

fpw_description_option_page (flowplayer-wrapper.php:53)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

flowplayer-wrapper Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[fpw] flowplayer-wrapper.php:47

WordPress Hooks 2

actionadmin_menuflowplayer-wrapper.php:44

actionwp_headflowplayer-wrapper.php:45

Maintenance & Trust

flowplayer-wrapper Maintenance & Trust

Maintenance Signals

WordPress version tested3.1.4

Last updatedApr 24, 2011

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

flowplayer-wrapper Alternatives

FV Flowplayer Video Player

fv-wordpress-flowplayer

WordPress's most reliable, easy to use and feature-rich video player. Supports responsive design, HTML5, playlists, ads, stats, Vimeo and YouTube.

20K 23 CVEs

Flowplayer Video Player

flowplayer6-video-player

Add a video file to WordPress with Flowplayer style. Embed a self-hosted, external or HTML5 compatible responsive video into a page with flowplayer.

1K 1 CVE

Inline Video Shortcodes

inline-video-shortcodes

Extends the built-in Wordpress video shortcode with 'muted' and 'playsinline' attributes to enabline inline and automatic html5 vi …

40 No CVEs

Flowplayer Platform Embed

flowplayer-platform-embed

Flowplayer/WordPress plugin is an extremely simple tool to embed videos on your WP site.

20 No CVEs

Flowplayer Playlist

flowplayer-playlist

Flowplayer Playlist is a free plugin to embed video playlist in WordPress.

10 No CVEs

Developer Profile

flowplayer-wrapper Developer Profile

Jeannot Muller

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect flowplayer-wrapper

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

/wp-content/flowplayer

HTML / DOM Fingerprints

CSS Classes

submit_fpw

Data Attributes

name="fpw_use_js"name="fpw_use_streaming"name="fpw_width"name="fpw_height"name="fpw_license"name="fpw_autoplay"+12 more

JS Globals

fpw_option_selected

Shortcode Output

[fpw

FAQ