[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-UdYCDpAheAIIH7wfRueUp1K9HQL7uKQCL63JSALpGI":3,"$f9rZBxdEDdHtWdvf0Ab2TyuSKUwWgUiwUE2UOJe5-914":383,"$fMeDQ4YWcTAgQGx39WDC7tLvV_eN8gWT-qA274ftmuLE":388},{"slug":4,"name":4,"version":5,"author":6,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":12,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":12,"unpatched_count":12,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":142,"fingerprints":348},"flowplayer-wrapper","1.1.5","Jeannot Muller","https:\u002F\u002Fprofiles.wordpress.org\u002Fjeannotmuller\u002F","\u003Cp>Including flowplayer (flowplayer.org). Call FPW (flowplayer-wrapper) by adding [fpw width=x height=x splash=pathtosplashimg.jpg]path_to_your_video[\u002Ffpw] to your content. A couple of options can be customized in the settings session. If you want to embed flickr.com slideshows, please have a look at http:\u002F\u002Fwww.ramgad.com\u002Fboard\u002Ftopic\u002F37-plugins-fssw-fpw-hfw\u002F. This version has only be tested with the commercial version of flowplayer, but shall work as well with the light version.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>Written by Jeannot Muller, please feel free to contact me: \u003Ca href=\"http:\u002F\u002Fwww.ramgad.com\u002Fsoftware\u002Fwordpress\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.ramgad.com\u002Fsoftware\u002Fwordpress\u002Fwordpress-plugins\u002F\u003C\u002Fa>\u003C\u002Fp>\n","Including standard videos via flowplayer into your blog. Version 1.1.2 or higher are requiring PHP5.",10,3578,0,"2011-04-24T15:04:00.000Z","3.1.4","2.5.0","",[18,19,20,21,22],"embedded-video","flowplayer","inline","video","wrapper","http:\u002F\u002Fwww.ramgad.com\u002Fsoftware\u002Fwordpress\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflowplayer-wrapper.1.1.5.zip",85,null,"2026-03-15T15:16:48.613Z","no_bundle",[],{"slug":31,"display_name":6,"profile_url":7,"plugin_count":32,"total_installs":10,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"jeannotmuller",1,30,84,"2026-05-20T01:34:32.297Z",[37,63,85,106,124],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":16,"tags":52,"homepage":57,"download_link":58,"security_score":59,"vuln_count":60,"unpatched_count":12,"last_vuln_date":61,"fetched_at":62},"fv-wordpress-flowplayer","FV Flowplayer Video Player","7.5.49.7212","FolioVision","https:\u002F\u002Fprofiles.wordpress.org\u002Ffoliovision\u002F","\u003Cp>For latest updates and fixes, please use the FV Player 8 plugin from WordPress.org:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffv-player\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffv-player\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Additional Technical information\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Core video engine: open source Flowplayer 7.\u003C\u002Fli>\n\u003Cli>Supported video formats are MP4, WebM and OGV (\u003Ca href=\"https:\u002F\u002Ffoliovision.com\u002Fplayer\u002Fencoding\" rel=\"nofollow ugc\">read about HTML5 video formats\u003C\u002Fa>).\u003C\u002Fli>\n\u003Cli>Supported video streaming formats are HLS (Flash and JavaScript fallback available for incompatible devices), MPEG DASH and RTMP.\u003C\u002Fli>\n\u003Cli>Default options for all the embedded videos can be set in comprehensive administration menu.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>In comparison with WordPress Flowplayer plugin, there are several improvements:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Allows user to display clickable splash screen at the beginning of video (which not only looks good, but improves the performance significantly).\u003C\u002Fli>\n\u003Cli>Allows user to display popup box after the video ends, with any HTML content (clickable links, images, styling, etc.)\u003C\u002Fli>\n\u003Cli>Does not use configuration file, but WordPress Options\u003C\u002Fli>\n\u003Cli>Does not drive you to use an in-house proprietary CDN but supports all CDN.\u003C\u002Fli>\n\u003Cli>Includes advanced built-in social sharing.\u003C\u002Fli>\n\u003Cli>Inexpensive \u003Ca href=\"https:\u002F\u002Ffoliovision.com\u002Fpro-support\" rel=\"nofollow ugc\">pro support\u003C\u002Fa> available.\u003C\u002Fli>\n\u003Cli>Includes an advanced built-in video encoding and theme checker to make sure your videos are encoded properly and your site is set up for video playback.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Additional Documentation at Foliovision.com\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffoliovision.com\u002Fsupport\u002Ffv-wordpress-flowplayer\u002F\" rel=\"nofollow ugc\">Support\u003C\u002Fa> |\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Ffoliovision.com\u002Fplayer\u002Fchangelog\" rel=\"nofollow ugc\">Change Log\u003C\u002Fa> |\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Ffoliovision.com\u002Fplayer\u002Finstallation\" rel=\"nofollow ugc\">Installation\u003C\u002Fa>|\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Ffoliovision.com\u002Fplayer\u002Fuser-guide\" rel=\"nofollow ugc\">User Guide\u003C\u002Fa> |\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Ffoliovision.com\u002Fplayer\u002Ffaq\" rel=\"nofollow ugc\">Detailed FAQ\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cp>This new version uses Flowplayer 5 running on HTML5, so we recommend you read first two questions of FAQ first.\u003C\u002Fp>\n\u003Cp>Once the plugin is uploaded and activated, there will be a submenu of settings menu called FV Player. In that submenu, you can modify following settings:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>AutoPlay – decides whether the video starts playing automatically, when the page\u002Fpost is displayed.\u003C\u002Fli>\n\u003Cli>AutoBuffering – decides whether the video starts buffering automatically, when the page\u002Fpost is displayed. If AutoPlay is set to true, you can ignore this setting.\u003C\u002Fli>\n\u003Cli>Popup Box – decides whether a popup box with “replay” and “share” buttons will be displayed when video ends.\u003C\u002Fli>\n\u003Cli>Enable Full-screen Mode – select false if you do not wish the fullscreen option to be displayed.\u003C\u002Fli>\n\u003Cli>Allow User Uploads – select true if you like to upload new videos via Media Library.\u003C\u002Fli>\n\u003Cli>Enable Post Thumbnail – select true if you wish the screen shot appear as post thumbnail. Works only when uploading new splash image via Media Library.\u003C\u002Fli>\n\u003Cli>Convert old shortcodes with commas – older versions of this plugin used commas to separate shortcode parameters. This option will make sure it works with current version.\u003C\u002Fli>\n\u003Cli>Commercial Licence Key – enter your licence key here to get the completely unbranded version of the player\u003C\u002Fli>\n\u003Cli>Colors of all the parts of flowplayer instances on page\u002Fpost (controlbar, canvas, sliders, buttons, mouseover buttons, time and total time, progress and buffer sliders).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>On the right side of this screen, you can see the current visual configuration of flowplayer. If you click Apply Changes button, this player’s looks refreshes.\u003C\u002Fp>\n","WordPress's most reliable, easy to use and feature-rich video player. Supports responsive design, HTML5, playlists, ads, stats, Vimeo and YouTube.",20000,2375707,88,90,"2026-03-10T08:28:00.000Z","6.6.5","3.5",[19,53,54,55,56],"html5-video","mobile-video","video-player","vimeo","http:\u002F\u002Ffoliovision.com\u002Fwordpress\u002Fplugins\u002Ffv-wordpress-flowplayer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffv-wordpress-flowplayer.zip",87,23,"2024-07-18 19:26:14","2026-04-16T10:56:18.058Z",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":73,"num_ratings":74,"last_updated":75,"tested_up_to":76,"requires_at_least":77,"requires_php":16,"tags":78,"homepage":82,"download_link":83,"security_score":25,"vuln_count":32,"unpatched_count":12,"last_vuln_date":84,"fetched_at":62},"flowplayer6-video-player","Flowplayer Video Player","1.0.5","Noor Alam","https:\u002F\u002Fprofiles.wordpress.org\u002Fnaa986\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwphowto.net\u002Fflowplayer-6-video-player-for-wordpress-813\" rel=\"nofollow ugc\">Flowplayer Video Player\u003C\u002Fa> adds a video shortcode to your WordPress site. This shortcode allows you to embed a video file and play it back using the Flowplayer HTML5 player.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Embed MP4 videos\u003C\u002Fli>\n\u003Cli>Embed webm videos\u003C\u002Fli>\n\u003Cli>Embed videos which can be viewed from a mobile or tablet device\u003C\u002Fli>\n\u003Cli>Video playback support for iOS (ipad, iphone) and android devices\u003C\u002Fli>\n\u003Cli>Embed HTML5 videos which are playable across all major browsers\u003C\u002Fli>\n\u003Cli>Embed videos with poster images\u003C\u002Fli>\n\u003Cli>Embed videos and allow it to loop to the beginning when finished\u003C\u002Fli>\n\u003Cli>Customize the video player using modifier classes\u003C\u002Fli>\n\u003Cli>Automatically play a video when the page is rendered\u003C\u002Fli>\n\u003Cli>Embed videos using three different skins\u003C\u002Fli>\n\u003Cli>Automatically calculate the height of a video based on its width\u003C\u002Fli>\n\u003Cli>Flexible resizing of a video (true responsiveness)\u003C\u002Fli>\n\u003Cli>Embed a video with various aspect ratios (16:9, 4:3)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>In order to embed a video, create a new post\u002Fpage and use the following shortcode:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[flowplayer src=\"http:\u002F\u002Fexample.com\u002Fwp-content\u002Fuploads\u002Fvideos\u002Ftest.mp4\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>here, src is the actual source of your mp4 video file.\u003C\u002Fp>\n\u003Cp>In addition to the source mp4 video file, you can also specify a webm video file. This step is optional since mp4 video format is supported by almost all major browsers.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[flowplayer src=\"http:\u002F\u002Fexample.com\u002Fwp-content\u002Fuploads\u002Fvideos\u002Ftest.mp4\" webm=\"http:\u002F\u002Fexample.com\u002Fwp-content\u002Fuploads\u002Fvideos\u002Ftest.webm\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Poster Image\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you want to show an image as placeholder before the video plays, you can specify it in the “poster” parameter:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[flowplayer src=\"http:\u002F\u002Fexample.com\u002Fwp-content\u002Fuploads\u002Fvideos\u002Ftest.mp4\" poster=\"http:\u002F\u002Fexample.com\u002Fwp-content\u002Fuploads\u002Fimages\u002Fposter.jpg\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Autoplay Video\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you want a particular video to start playing when the page loads you can set the “autoplay” option to “true”:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[flowplayer src=\"http:\u002F\u002Fexample.com\u002Fwp-content\u002Fuploads\u002Fvideos\u002Ftest.mp4\" autoplay=\"true\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Player Size\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>By default, the player takes up the full width of the content area. You can easily control the size by specifying a width for it:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[flowplayer src=\"http:\u002F\u002Fexample.com\u002Fwp-content\u002Fuploads\u002Fvideos\u002Ftest.mp4\" width=\"500\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The height will be automatically determined based on the ratio (please see the “Control Player Ratio section” for details).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Player Ratio\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The player ratio is set to “0.417” by default. But you can override it by specifying a different ratio in the shortcode:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[flowplayer src=\"http:\u002F\u002Fexample.com\u002Fwp-content\u002Fuploads\u002Fvideos\u002Ftest.mp4\" ratio=\"0.345\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Loop Video\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you want a particular video to start playing again when it ends you can set the “loop” option to “true”:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[flowplayer src=\"http:\u002F\u002Fexample.com\u002Fwp-content\u002Fuploads\u002Fvideos\u002Ftest.mp4\" loop=\"true\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>For documentation please visit the \u003Ca href=\"https:\u002F\u002Fwphowto.net\u002Fflowplayer-6-video-player-for-wordpress-813\" rel=\"nofollow ugc\">Flowplayer Video Player\u003C\u002Fa> plugin page\u003C\u002Fp>\n","Add a video file to WordPress with Flowplayer style. Embed a self-hosted, external or HTML5 compatible responsive video into a page with flowplayer.",1000,45807,80,6,"2022-11-14T15:57:00.000Z","6.1.10","4.2",[79,19,80,81,21],"embed","html5","mobile","https:\u002F\u002Fwphowto.net\u002Fflowplayer-6-video-player-for-wordpress-813","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflowplayer6-video-player.zip","2022-11-22 00:00:00",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":95,"num_ratings":32,"last_updated":96,"tested_up_to":97,"requires_at_least":98,"requires_php":16,"tags":99,"homepage":104,"download_link":105,"security_score":25,"vuln_count":12,"unpatched_count":12,"last_vuln_date":26,"fetched_at":62},"inline-video-shortcodes","Inline Video Shortcodes","20171108","brighterlouder","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrighterlouder\u002F","\u003Cp>This plugin extends the WordPress video tag to include the muted and playsinline attributes, which are both required for an autoplay video to correctly function on iPhone.\u003C\u002Fp>\n","Extends the built-in Wordpress video shortcode with 'muted' and 'playsinline' attributes to enabline inline and automatic html5 vi &hellip;",40,1965,100,"2017-11-12T08:14:00.000Z","4.8.28","4.4.0",[100,101,20,102,103],"autoplay","embed-video","iphone","shortcode","https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fthe-basics\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finline-video-shortcodes.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":12,"num_ratings":12,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":16,"tags":119,"homepage":16,"download_link":123,"security_score":25,"vuln_count":12,"unpatched_count":12,"last_vuln_date":26,"fetched_at":62},"flowplayer-platform-embed","Flowplayer Platform Embed","0.3.0","flowplayer.com","https:\u002F\u002Fprofiles.wordpress.org\u002Fflowplayerorg\u002F","\u003Cp>Flowplayer\u002FWordPress plugin is an extremely simple tool to embed videos on your WP site. The videos are embedded directly on your pages without leaving WordPress and without writing any HTML code. The plugin works seamlessly with both Gutenberg and the classic editor.\u003C\u002Fp>\n\u003Cp>Your videos are played with the best possible quality and speed regardless of the end-user device and the quality is automatically switched when the connection speed changes. The player design is highly customizable and minimalistic so that the video is the start of the show — not the player.\u003C\u002Fp>\n","Flowplayer\u002FWordPress plugin is an extremely simple tool to embed videos on your WP site.",20,2727,"2020-08-31T17:24:00.000Z","5.5.18","4.7",[19,120,121,21,122],"hsl","mp4","webm","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflowplayer-platform-embed.0.3.0.zip",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":10,"downloaded":132,"rating":95,"num_ratings":133,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":16,"tags":137,"homepage":140,"download_link":141,"security_score":25,"vuln_count":12,"unpatched_count":12,"last_vuln_date":26,"fetched_at":62},"flowplayer-playlist","Flowplayer Playlist","0.2","eye8","https:\u002F\u002Fprofiles.wordpress.org\u002Feye8\u002F","\u003Cp>Flowplayer Playlist is a free plugin to embed video playlist in WordPress.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Uses the open-source web video player Flowplayer (latest Flash-based version). Flowplayer package is upgradable when a new version is available.\u003C\u002Fli>\n\u003Cli>Supports FLV, MP4, and F4V video formats (all those supported by Flowplayer).\u003C\u002Fli>\n\u003Cli>Mix up Youtube videos with regular videos in the same playlist.\u003C\u002Fli>\n\u003Cli>Provide your Flowlayer license to use the Flowplayer commercial version. If no license key is provided, it will use the free version bearing the Flowplayer trademark.\u003C\u002Fli>\n\u003Cli>Flowplayer license supports multisite. Subdomains automatically inherit the license key from the main blog (if any). License key specified in the subdomain will overwrite the key from the main blog, allowing flexibility in larger WordPress blog network.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Right now you have to upload your videos to somewhere over the web with public access (e.g. the ‘Public’ folder in your Dropbox account) and use the public URLs to embed. But I am considering future features such as integrating the media library in WordPress or a Content Delivery Network (CDN) such as Dropbox or Box.net. Some other features in consideration:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>More Flowplayer configuration parameters such as background color, controlbar color, splash image, custom branding.\u003C\u002Fli>\n\u003Cli>Advertisement mode (repeated playback without controlbar).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please make feature requests in the support section. I will decide which ones to implement first based the feedback.\u003C\u002Fp>\n","Flowplayer Playlist is a free plugin to embed video playlist in WordPress.",5097,2,"2013-06-07T21:27:00.000Z","3.5.2","3.2",[19,138,21,139],"playlist","youtube","http:\u002F\u002Feye8.me\u002Fflplaylist","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflowplayer-playlist.0.25.zip",{"attackSurface":143,"codeSignals":163,"taintFlows":209,"riskAssessment":334,"analyzedAt":347},{"hooks":144,"ajaxHandlers":155,"restRoutes":156,"shortcodes":157,"cronEvents":162,"entryPointCount":32,"unprotectedCount":12},[145,151],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","admin_menu","fpw_description_add_menu","flowplayer-wrapper.php",44,{"type":146,"name":152,"callback":153,"file":149,"line":154},"wp_head","fpw_add_head_content",45,[],[],[158],{"tag":159,"callback":160,"file":149,"line":161},"fpw","get_flowplayer_data_parsed",47,[],{"dangerousFunctions":164,"sqlUsage":165,"outputEscaping":167,"fileOperations":12,"externalRequests":12,"nonceChecks":12,"capabilityChecks":12,"bundledLibraries":208},[],{"prepared":12,"raw":12,"locations":166},[],{"escaped":133,"rawEcho":114,"locations":168},[169,172,174,176,178,180,182,184,186,187,189,190,192,194,196,198,200,202,204,206],{"file":149,"line":170,"context":171},60,"raw output",{"file":149,"line":173,"context":171},66,{"file":149,"line":175,"context":171},67,{"file":149,"line":177,"context":171},71,{"file":149,"line":179,"context":171},72,{"file":149,"line":181,"context":171},75,{"file":149,"line":183,"context":171},78,{"file":149,"line":185,"context":171},81,{"file":149,"line":25,"context":171},{"file":149,"line":188,"context":171},86,{"file":149,"line":48,"context":171},{"file":149,"line":191,"context":171},91,{"file":149,"line":193,"context":171},95,{"file":149,"line":195,"context":171},96,{"file":149,"line":197,"context":171},99,{"file":149,"line":199,"context":171},102,{"file":149,"line":201,"context":171},105,{"file":149,"line":203,"context":171},108,{"file":149,"line":205,"context":171},111,{"file":149,"line":207,"context":171},147,[],[210,227],{"entryPoint":211,"graph":212,"unsanitizedCount":32,"severity":226},"fpw_description_option_page (flowplayer-wrapper.php:53)",{"nodes":213,"edges":223},[214,218],{"id":215,"type":216,"label":217,"file":149,"line":170},"n0","source","$_SERVER['REQUEST_URI']",{"id":219,"type":220,"label":221,"file":149,"line":170,"wp_function":222},"n1","sink","echo() [XSS]","echo",[224],{"from":215,"to":219,"sanitized":225},false,"medium",{"entryPoint":228,"graph":229,"unsanitizedCount":233,"severity":333},"\u003Cflowplayer-wrapper> (flowplayer-wrapper.php:0)",{"nodes":230,"edges":317},[231,234,237,241,243,247,249,253,255,259,261,264,266,270,272,276,278,281,283,287,289,293,295,299,301,305,307,311,313,315],{"id":215,"type":216,"label":232,"file":149,"line":233},"$_POST['fpw_use_js']",15,{"id":219,"type":220,"label":235,"file":149,"line":233,"wp_function":236},"update_option() [Settings Manipulation]","update_option",{"id":238,"type":216,"label":239,"file":149,"line":240},"n2","$_POST['fpw_use_streaming']",16,{"id":242,"type":220,"label":235,"file":149,"line":240,"wp_function":236},"n3",{"id":244,"type":216,"label":245,"file":149,"line":246},"n4","$_POST['fpw_width']",17,{"id":248,"type":220,"label":235,"file":149,"line":246,"wp_function":236},"n5",{"id":250,"type":216,"label":251,"file":149,"line":252},"n6","$_POST['fpw_height']",18,{"id":254,"type":220,"label":235,"file":149,"line":252,"wp_function":236},"n7",{"id":256,"type":216,"label":257,"file":149,"line":258},"n8","$_POST['fpw_license']",19,{"id":260,"type":220,"label":235,"file":149,"line":258,"wp_function":236},"n9",{"id":262,"type":216,"label":263,"file":149,"line":114},"n10","$_POST['fpw_autoplay']",{"id":265,"type":220,"label":235,"file":149,"line":114,"wp_function":236},"n11",{"id":267,"type":216,"label":268,"file":149,"line":269},"n12","$_POST['fpw_autobuffer']",21,{"id":271,"type":220,"label":235,"file":149,"line":269,"wp_function":236},"n13",{"id":273,"type":216,"label":274,"file":149,"line":275},"n14","$_POST['fpw_allowfs']",22,{"id":277,"type":220,"label":235,"file":149,"line":275,"wp_function":236},"n15",{"id":279,"type":216,"label":280,"file":149,"line":60},"n16","$_POST['fpw_bgcolor']",{"id":282,"type":220,"label":235,"file":149,"line":60,"wp_function":236},"n17",{"id":284,"type":216,"label":285,"file":149,"line":286},"n18","$_POST['fpw_root_path']",24,{"id":288,"type":220,"label":235,"file":149,"line":286,"wp_function":236},"n19",{"id":290,"type":216,"label":291,"file":149,"line":292},"n20","$_POST['fpw_player']",25,{"id":294,"type":220,"label":235,"file":149,"line":292,"wp_function":236},"n21",{"id":296,"type":216,"label":297,"file":149,"line":298},"n22","$_POST['fpw_streaming']",26,{"id":300,"type":220,"label":235,"file":149,"line":298,"wp_function":236},"n23",{"id":302,"type":216,"label":303,"file":149,"line":304},"n24","$_POST['fpw_js']",27,{"id":306,"type":220,"label":235,"file":149,"line":304,"wp_function":236},"n25",{"id":308,"type":216,"label":309,"file":149,"line":310},"n26","$_POST['fpw_playpicpath']",28,{"id":312,"type":220,"label":235,"file":149,"line":310,"wp_function":236},"n27",{"id":314,"type":216,"label":217,"file":149,"line":170},"n28",{"id":316,"type":220,"label":221,"file":149,"line":170,"wp_function":222},"n29",[318,319,320,321,322,323,324,325,326,327,328,329,330,331,332],{"from":215,"to":219,"sanitized":225},{"from":238,"to":242,"sanitized":225},{"from":244,"to":248,"sanitized":225},{"from":250,"to":254,"sanitized":225},{"from":256,"to":260,"sanitized":225},{"from":262,"to":265,"sanitized":225},{"from":267,"to":271,"sanitized":225},{"from":273,"to":277,"sanitized":225},{"from":279,"to":282,"sanitized":225},{"from":284,"to":288,"sanitized":225},{"from":290,"to":294,"sanitized":225},{"from":296,"to":300,"sanitized":225},{"from":302,"to":306,"sanitized":225},{"from":308,"to":312,"sanitized":225},{"from":314,"to":316,"sanitized":225},"low",{"summary":335,"deductions":336},"The \"flowplayer-wrapper\" plugin version 1.1.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices by not having any known CVEs and avoiding dangerous functions, file operations, external HTTP requests, and raw SQL queries. The plugin also has a minimal attack surface with only one entry point (a shortcode) and no identified AJAX handlers or REST API routes that are unprotected.\n\nHowever, several areas raise concerns. The most significant is the output escaping, where only 9% of the 22 outputs are properly escaped, indicating a high potential for Cross-Site Scripting (XSS) vulnerabilities. Additionally, while the taint analysis found no critical or high severity issues, there are two flows with unsanitized paths. Furthermore, the complete lack of nonce checks and capability checks on its single entry point means that any user, regardless of their role, can trigger the shortcode's functionality. This, coupled with the unescaped output, presents a tangible risk.\n\nGiven the absence of past vulnerabilities, it's difficult to definitively label the plugin as consistently insecure. However, the current code analysis reveals significant weaknesses in output sanitization and authorization for its shortcode. While the plugin hasn't historically suffered from known vulnerabilities, the identified issues in the current version necessitate attention to prevent potential exploitation.",[337,339,342,345],{"reason":338,"points":233},"Low percentage of properly escaped output",{"reason":340,"points":341},"Unsanitized paths in taint flows",7,{"reason":343,"points":344},"Missing nonce checks on entry points",8,{"reason":346,"points":344},"Missing capability checks on entry points","2026-03-17T01:24:34.673Z",{"wat":349,"direct":355},{"assetPaths":350,"generatorPatterns":351,"scriptPaths":352,"versionParams":354},[],[],[353],"\u002Fwp-content\u002Fflowplayer",[],{"cssClasses":356,"htmlComments":358,"htmlAttributes":359,"restEndpoints":378,"jsGlobals":379,"shortcodeOutput":381},[357],"submit_fpw",[],[360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377],"name=\"fpw_use_js\"","name=\"fpw_use_streaming\"","name=\"fpw_width\"","name=\"fpw_height\"","name=\"fpw_license\"","name=\"fpw_autoplay\"","name=\"fpw_autobuffer\"","name=\"fpw_allowfs\"","name=\"fpw_bgcolor\"","name=\"fpw_root_path\"","name=\"fpw_player\"","name=\"fpw_streaming\"","name=\"fpw_js\"","name=\"fpw_playpicpath\"","name=\"submit_fpw\"","name=\"action_fpw\"","value=\"insert\"","id=\"submit_fpw\"",[],[380],"fpw_option_selected",[382],"[fpw",{"error":384,"url":385,"statusCode":386,"statusMessage":387,"message":387},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fflowplayer-wrapper\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":5,"total_versions":12,"versions":389},[]]