Does Frames Video Player have any unpatched vulnerabilities?

No. All known vulnerabilities in Frames Video Player have been patched as of the latest data update. Always keep the plugin updated to the latest version.

How often is Frames Video Player updated?

Frames Video Player was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Frames Video Player's security score?

Frames Video Player has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Frames Video Player Security & Risk Analysis

wordpress.org/plugins/frames-video-gallery

Donate link: http://plugin.builders/frames/?d=donate Requires at least: 3.5 Tested up to: 4.7.2 Stable tag: 0.2.9.1 License: GPLv2 or later License UR …

20 active installs v0.2.9.1 PHP + WP + Updated Unknown

facebookvideovideo-playervimeoyoutube

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Frames Video Player Safe to Use in 2026?

Generally Safe

Score 100/100

Frames Video Player has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "frames-video-gallery" plugin v0.2.9.1 exhibits a concerning security posture primarily due to a significant number of unprotected entry points. With 16 out of 21 total entry points lacking authentication checks, this plugin presents a wide attack surface that could be exploited by unauthenticated users. The taint analysis further exacerbates these concerns, revealing 3 high-severity flows with unsanitized paths, indicating a strong potential for data manipulation or unauthorized access if these flows are triggered.

While the plugin demonstrates some positive security practices, such as a lack of dangerous functions, file operations, and external HTTP requests, and a reasonable percentage of SQL queries using prepared statements, these strengths are overshadowed by the critical weaknesses. The absence of any known historical vulnerabilities is a positive sign, suggesting the developers may have been diligent in the past or that the plugin has not been extensively targeted. However, the current state of the code, particularly the numerous unprotected AJAX handlers and the high-severity taint flows, demands immediate attention to mitigate the substantial risks.

Key Concerns

Unprotected AJAX handlers
High severity taint flows with unsanitized paths
Limited nonce checks
Limited capability checks
Low percentage of properly escaped output

Vulnerabilities

None known

Frames Video Player Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Frames Video Player Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

23 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

43% prepared14 total queries

Output Escaping

40% escaped58 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

saveSettings (engine\admin-side.php:144)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

16 unprotected

Frames Video Player Attack Surface

Entry Points21

Unprotected16

AJAX Handlers 20

authwp_ajax_frames_admin_get_videosengine\admin-side.php:22

authwp_ajax_frames_admin_get_playlistsengine\admin-side.php:23

authwp_ajax_frames_admin_get_themesengine\admin-side.php:24

authwp_ajax_frames_admin_get_sourcesengine\admin-side.php:25

authwp_ajax_frames_admin_get_settingsengine\admin-side.php:26

authwp_ajax_frames_save_videoengine\admin-side.php:28

authwp_ajax_frames_save_playlistengine\admin-side.php:29

authwp_ajax_frames_save_themeengine\admin-side.php:30

authwp_ajax_frames_save_settingsengine\admin-side.php:31

authwp_ajax_frames_del_themeengine\admin-side.php:33

authwp_ajax_frames_del_videoengine\admin-side.php:34

authwp_ajax_frames_del_playlistengine\admin-side.php:35

authwp_ajax_frames_playlist_n_theme_namesengine\admin-side.php:37

authwp_ajax_frames_videos_starting_withengine\admin-side.php:38

authwp_ajax_frames_front_get_more_videosengine\front.php:15

noprivwp_ajax_frames_front_get_more_videosengine\front.php:16

authwp_ajax_frames_update_fbv_srcengine\front.php:18

noprivwp_ajax_frames_update_fbv_srcengine\front.php:19

authwp_ajax_frames_add_viewcountengine\front.php:21

noprivwp_ajax_frames_add_viewcountengine\front.php:22

Shortcodes 1

[frames] engine\front.php:13

WordPress Hooks 11

actionadmin_menuengine\admin-side.php:19

actionadmin_enqueue_scriptsengine\admin-side.php:20

actionprint_media_templatesengine\admin-side.php:40

filtermce_external_pluginsengine\admin-side.php:283

filtermce_buttonsengine\admin-side.php:291

filterframes_get_default_themeengine\api.php:19

actionwp_enqueue_scriptsengine\front.php:24

filterframes_front_outputengine\front.php:26

actionwidgets_initengine\front.php:27

actionplugins_loadedframes.php:35

actionprint_media_templatesframes.php:36

Maintenance & Trust

Frames Video Player Maintenance & Trust

Maintenance Signals

WordPress version tested

Last updatedUnknown

PHP min version

Downloads7K

Community Trust

Rating100/100

Number of ratings3

Active installs20

Alternatives

Frames Video Player Alternatives

Simple Video Post

simple-video-post

100

A simple video post plugin that support YouTube/Vimeo/Facebook/Dailymotion like video sharing website. No coding required.

0 No CVEs

All-in-One Video Gallery

all-in-one-video-gallery

The ultimate video player & video gallery plugin for YouTubers, Video Bloggers, Course Creators, Podcasters, and anyone embedding videos on websites.

20K 11 CVEs

Video Gallery by Huzzaz

huzzaz-video-gallery

Create a beautiful video gallery with YouTube, Vimeo, Facebook, and Twitch videos. It looks great on mobile, tablet, or desktop screens and it support …

1K 1 unpatched

Video Gallery YouTube Vimeo

new-video-gallery

Create responsive YouTube and Vimeo video galleries with custom layouts, lightbox display, and easy shortcode embedding.

1K 1 CVE

WP Videos

video-sync-for-vimeo

100

WP Videos creates Video post types that you can easily add Vimeo, YouTube, WordPress, Shortcode or custom embed (third party) HTML and JS videos to.

100 No CVEs

Developer Profile

Frames Video Player Developer Profile

plugin.builders

5 plugins · 10K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

279 days

View full developer profile

Detection Fingerprints

How We Detect Frames Video Player

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/frames-video-gallery/frames-main.css/wp-content/plugins/frames-video-gallery/frames-admin.css/wp-content/plugins/frames-video-gallery/frames-admin.js/wp-content/plugins/frames-video-gallery/frames-front.js

Version Parameters

frames-video-gallery/frames-main.css?ver=frames-video-gallery/frames-admin.css?ver=frames-video-gallery/frames-admin.js?ver=frames-video-gallery/frames-front.js?ver=

HTML / DOM Fingerprints

CSS Classes

frames-admin-wrapframes-admin-mainframes-admin-contentframes-admin-sidebarframes-admin-headerframes-video-gallery-theme-editor

HTML Comments

Data Attributes

data-frames-playlist-iddata-frames-video-iddata-frames-theme-id

JS Globals

frames_ew_logsframes_admin_ajax_object

REST Endpoints

/wp-json/frames/v1/playlists/wp-json/frames/v1/themes/wp-json/frames/v1/settings

FAQ