Does Fluid Player have any unpatched vulnerabilities?

No. All known vulnerabilities in Fluid Player have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Fluid Player compatible with WordPress 6.3.8?

According to WordPress.org data, Fluid Player 3.0.0 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is Fluid Player compatible with PHP 5.4+?

Fluid Player requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Fluid Player updated?

Fluid Player was last updated on Oct 18, 2023. Frequent updates are generally a positive security signal.

What is Fluid Player's security score?

Fluid Player has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Fluid Player Security & Risk Analysis

wordpress.org/plugins/fluid-player

The plugin makes it easy to embed the VAST ready Fluid Player video player.

400 active installs v3.0.0 PHP 5.4+ WP 4.6+ Updated Oct 18, 2023

fluid-playerhtml5-video-playerthumbnailsvast

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Fluid Player Safe to Use in 2026?

Generally Safe

Score 85/100

Fluid Player has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The Fluid Player plugin v3.0.0 exhibits a strong security posture based on the provided static analysis. The absence of dangerous functions, the consistent use of prepared statements for all SQL queries, and the proper escaping of all outputs indicate a commitment to secure coding practices. Furthermore, the lack of file operations, external HTTP requests, and any taint analysis findings further bolster its security. The plugin also has a clean vulnerability history with no recorded CVEs, suggesting a history of stable and secure development.

However, the analysis does highlight a potential area for concern: the complete lack of nonce checks and capability checks. While the current entry points (shortcodes) may not inherently require these, this absence represents a gap in defensive mechanisms that could be exploited if new functionalities are introduced or if existing ones are modified without proper security considerations. The attack surface is entirely composed of shortcodes, and while there are no unprotected entry points identified, the lack of specific authorization checks on these shortcodes could be a weakness if they handle user-supplied data in sensitive ways.

In conclusion, Fluid Player v3.0.0 appears to be a securely developed plugin with excellent handling of data and queries. Its vulnerability history is commendable. The primary weakness lies in the absence of nonce and capability checks, which, while not currently manifesting as a critical issue, represents a missed opportunity for robust security and a potential future risk.

Key Concerns

Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Fluid Player Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Fluid Player Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

Fluid Player Attack Surface

Entry Points6

Unprotected0

Shortcodes 6

[fluid-player] FluidPlayerPlugin.php:22

[fluid-player-extended] FluidPlayerPlugin.php:23

[fluid-player-html-block] FluidPlayerPlugin.php:24

[fluid-player-multi-res-video] FluidPlayerPlugin.php:25

[fluid-player-options] FluidPlayerPlugin.php:26

[fluid-player-ad-list] FluidPlayerPlugin.php:27

WordPress Hooks 2

actionwp_enqueue_scriptsFluidPlayerPlugin.php:19

filterno_texturize_shortcodesFluidPlayerPlugin.php:30

Maintenance & Trust

Fluid Player Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedOct 18, 2023

PHP min version5.4

Downloads61K

Community Trust

Rating92/100

Number of ratings5

Active installs400

Alternatives

Fluid Player Alternatives

Regenerate Thumbnails

regenerate-thumbnails

100

Regenerate the thumbnails for one or more of your image uploads. Useful when changing their sizes or your theme.

1.0M No CVEs

Force Regenerate Thumbnails

force-regenerate-thumbnails

100

Delete and REALLY force thumbnail regeneration.

200K No CVEs

reGenerate Thumbnails Advanced

regenerate-thumbnails-advanced

100

Regenerate thumbnails quickly and easily, including forced regeneration; very useful when changing a theme or adding new thumbnail sizes.

70K No CVEs

Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF

wp-retina-2x

Optimize image sizes, regenerate thumbnails, enable retina, convert to WebP/AVIF, or use cloud optimization. An essential image toolkit.

70K 3 CVEs

Developer Profile

Fluid Player Developer Profile

fluidplayer

1 plugin · 400 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Fluid Player

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fluid-player/fluidplayer.min.js

Script Paths

fluidplayer.min.js

HTML / DOM Fingerprints

CSS Classes

fluid-playerfp-wrapper

Data Attributes

data-video-srcdata-player-div

JS Globals

fluidPlayer

Shortcode Output

[fluid-player][fluid-player-extended][fluid-player-html-block][fluid-player-multi-res-video]

FAQ