Does FV Flowplayer Video Player have any unpatched vulnerabilities?

No. All known vulnerabilities in FV Flowplayer Video Player have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is FV Flowplayer Video Player compatible with WordPress 6.6.5?

According to WordPress.org data, FV Flowplayer Video Player 7.5.49.7212 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

How often is FV Flowplayer Video Player updated?

FV Flowplayer Video Player was last updated on Mar 10, 2026. Frequent updates are generally a positive security signal.

What is FV Flowplayer Video Player's security score?

FV Flowplayer Video Player has a WP-Safety security score of 87/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

FV Flowplayer Video Player Security & Risk Analysis

wordpress.org/plugins/fv-wordpress-flowplayer

WordPress's most reliable, easy to use and feature-rich video player. Supports responsive design, HTML5, playlists, ads, stats, Vimeo and YouTube.

20K active installs v7.5.49.7212 PHP + WP 3.5+ Updated Mar 10, 2026

flowplayerhtml5-videomobile-videovideo-playervimeo

A · Safe

CVEs total23

Unpatched0

Last CVEJul 18, 2024

Plugin page Download

Safety Verdict

Is FV Flowplayer Video Player Safe to Use in 2026?

Generally Safe

Score 87/100

FV Flowplayer Video Player has a strong security track record. Known vulnerabilities have been patched promptly.

23 known CVEsLast CVE: Jul 18, 2024Updated 24d ago

Risk Assessment

The fv-wordpress-flowplayer plugin v7.5.49.7212 exhibits a concerning security posture. While it demonstrates some good practices like utilizing nonces and capability checks, a significant portion of its attack surface, specifically 11 out of 30 entry points, lacks proper authentication. This, coupled with the presence of dangerous functions like unserialize and a substantial number of flows with unsanitized paths, indicates a high potential for exploitation. The high severity taint analysis results further reinforce these concerns, suggesting critical vulnerabilities that could be leveraged by attackers. The plugin's vulnerability history is also a significant red flag, with 23 known CVEs, including critical and high-severity issues like SSRF, SQL Injection, and XSS. The recent vulnerability in July 2024, despite no currently unpatched CVEs, suggests ongoing security issues. The common vulnerability types and the sheer volume of past CVEs point to a history of insecure coding practices and a lack of consistent security focus. While the plugin does employ prepared statements for over half of its SQL queries and has a large number of output escapes, these positive aspects are overshadowed by the numerous critical vulnerabilities and the large, unprotected attack surface.

Key Concerns

Unprotected AJAX handlers
Dangerous function: unserialize
High severity taint flows
Significant number of flows with unsanitized paths
High number of known CVEs
Critical CVE severity history
Recent vulnerability (2024-07-18)
Vulnerability types: SSRF, SQLi, XSS, Open Redirect
Bundled library: Select2 (potential outdated issues)
Bundled library: Guzzle (potential outdated issues)
SQL queries without prepared statements
Output escaping not properly handled

Vulnerabilities

FV Flowplayer Video Player Security Vulnerabilities

CVEs by Year

1 CVE in 2011

2011

1 CVE in 2015

2015

2 CVEs in 2018

2018

6 CVEs in 2019

2019

2 CVEs in 2021

2021

2 CVEs in 2022

2022

3 CVEs in 2023

2023

6 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

23 total CVEs

CVE-2024-6338high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

FV Player <= 7.5.46.7212 - Authenticated (Subscriber+) SQL Injection via exclude Parameter

Jul 18, 2024 Patched in 7.5.47.7212 (1d)

CVE-2024-35631medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FV Flowplayer Video Player <= 7.5.45.7212 - Reflected Cross-Site Scripting

May 27, 2024 Patched in 7.5.46.7212 (10d)

CVE-2024-32955medium · 6.4Server-Side Request Forgery (SSRF)

FV Flowplayer Video Player <= 7.5.43.7212 - Authenticated (Subscriber+) Server-side Request Forgery

Apr 22, 2024 Patched in 7.5.45.7212 (9d)

CVE-2024-32078medium · 5.4URL Redirection to Untrusted Site ('Open Redirect')

FV Flowplayer Video Player <= 7.5.44.7212 - Authenticated (Contributor+) Arbitrary Redirect

Apr 11, 2024 Patched in 7.5.45.7212 (8d)

CVE-2024-22299medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FV Flowplayer Video Player <= 7.5.41.7212 - Reflected Cross-Site Scripting

Mar 26, 2024 Patched in 7.5.44.7212 (8d)

CVE-2024-29122medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FV Flowplayer Video Player <= 7.5.41.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 16, 2024 Patched in 7.5.44.7212 (5d)

CVE-2023-4520medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FV Flowplayer Video Player <= 7.5.37.7212 - Insufficient Input Validation to Unauthenticated Stored Cross-Site Scripting and Arbitrary Usermeta Update

Aug 24, 2023 Patched in 7.5.39.7212 (152d)

CVE-2023-30499medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FV Flowplayer Video Player <= 7.5.32.7212 - Reflected Cross-Site Scripting via id

May 3, 2023 Patched in 7.5.35.7212 (265d)

CVE-2023-25066medium · 4.3Cross-Site Request Forgery (CSRF)

FV Flowplayer Video Player <= 7.5.30.7210 - Cross-Site Request Forgery

Feb 2, 2023 Patched in 7.5.31.7212 (355d)

CVE-2022-25613medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FV Flowplayer Video Player <= 7.5.18.727 - Stored Cross-Site Scripting

Apr 4, 2022 Patched in 7.5.19.728 (659d)

CVE-2022-25607high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

FV Flowplayer Video Player <= 7.5.15.727 - SQL Injection

Mar 18, 2022 Patched in 7.5.18.727 (675d)

CVE-2021-39350medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FV Flowplayer Video Player 7.5.0.727 - 7.5.2.727 - Reflected Cross-Site Scripting via player_id Parameter

Oct 5, 2021 Patched in 7.5.3.727 (839d)

CVE-2020-35748medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FV Flowplayer Video Player <= 7.4.37.727 - Authenticated Stored Cross-Site Scripting

Jan 15, 2021 Patched in 7.4.38.727 (1103d)

CVE-2019-13573critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

FV Flowplayer Video Player <= 7.3.18.727 - SQL Injection

Jul 11, 2019 Patched in 7.3.19.727 (1657d)

CVE-2019-14800medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

FV Flowplayer Video Player <= 7.3.14.727 - Sensitive Information Exposure

May 20, 2019 Patched in 7.3.15.727 (1709d)

CVE-2019-14801critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

FV Flowplayer Video Player <= 7.3.14.727 - SQL Injection

May 20, 2019 Patched in 7.3.15.727 (1709d)

CVE-2019-14799medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored Cross-Site Scripting

May 20, 2019 Patched in 7.3.14.727 (1709d)

WF-2b7220a4-7178-42f7-978b-96eae777b134-fv-wordpress-flowplayermedium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

FV Flowplayer Video Player <= 7.3.14.727 - Sensitive Data Exposure

May 16, 2019 Patched in 7.3.15.727 (1713d)

WF-9729ebf5-ef78-4ef4-81d4-165f422c3847-fv-wordpress-flowplayercritical · 9.3Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

FV Flowplayer Video Player <= 7.3.14.727 - Unauthenticated SQL Injection

May 16, 2019 Patched in 7.3.15.727 (1713d)

WF-eb613de8-d298-471f-b585-2da3b5500f10-fv-wordpress-flowplayermedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FV Flowplayer Video Player <= 7.2.0.727 - Reflected Cross-Site Scripting

Sep 21, 2018 Patched in 7.2.1.727 (1950d)

CVE-2018-0642medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FV Flowplayer Video Player 6.1.2 - 6.6.4 - Cross-Site Scripting

Jul 2, 2018 Patched in 6.6.5 (2031d)

WF-b3325317-4ce7-468d-aee7-9b40fdf61d3c-fv-wordpress-flowplayermedium · 5.3Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FV Flowplayer Video Player <= 6.0.3.3 - Stored Cross-Site Scripting

Aug 24, 2015 Patched in 6.0.3.4 (3074d)

CVE-2011-4568medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FV Flowplayer Video Player <= 1.2.11 - Cross-Site Scripting

Jul 22, 2011 Patched in 1.2.12 (4568d)

Code Analysis

Analyzed Mar 16, 2026

FV Flowplayer Video Player Code Analysis

Dangerous Functions

Raw SQL Queries

75 prepared

Unescaped Output

384

342 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$response = @unserialize( preg_replace( '~^/\*[\s\S]*?\*/\s+~', '', $raw_response['body'] ) );includes\fp-api-private.php:397

unserialize$res = unserialize( preg_replace( '~^/\*[\s\S]*?\*/\s+~', '', $request['body'] ) );includes\fp-api-private.php:435

unserialize$unserialized = unserialize( $result );models\conversion\conversion-base.class.php:141

unserialize$tmp = unserialize($row->error);models\email-subscription.php:586

unserialize$tmp = unserialize($item);models\email-subscription.php:634

Bundled Libraries

Select2Guzzle

SQL Query Safety

53% prepared142 total queries

Output Escaping

47% escaped726 total outputs

Data Flows

15 unsanitized

Data Flow Analysis

25 flows15 with unsanitized paths

track (controller\track.php:181)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

11 unprotected

FV Flowplayer Video Player Attack Surface

Entry Points30

Unprotected11

AJAX Handlers 26

authwp_ajax_fv_wp_flowplayer_support_mailcontroller\backend.php:28

authwp_ajax_fv_wp_flowplayer_activate_extensioncontroller\backend.php:84

authwp_ajax_fv_wp_flowplayer_check_templatecontroller\backend.php:108

authwp_ajax_fv_wp_flowplayer_check_filescontroller\backend.php:267

authwp_ajax_fv_wp_flowplayer_check_licensecontroller\backend.php:375

authwp_ajax_flowplayer_conversion_scriptcontroller\backend.php:617

authwp_ajax_fv_player_splashcreen_actioncontroller\editor.php:422

authwp_ajax_fv_foliopress_ajax_pointerscontroller\settings.php:335

authwp_ajax_fv_foliopress_ajax_pointersincludes\fp-api-private.php:75

authwp_ajax_fv_foliopress_ajax_pointersincludes\fp-api-private.php:77

authwp_ajax_check_domain_licenseincludes\fp-api-private.php:78

authwp_ajax_fv_player_db_loadmodels\db.php:46

authwp_ajax_fv_player_db_exportmodels\db.php:47

authwp_ajax_fv_player_db_importmodels\db.php:48

authwp_ajax_fv_player_db_clonemodels\db.php:49

authwp_ajax_fv_player_db_removemodels\db.php:50

authwp_ajax_fv_wp_flowplayer_retrieve_video_datamodels\db.php:51

authwp_ajax_fv_player_db_retrieve_all_players_for_dropdownmodels\db.php:52

authwp_ajax_fv_player_db_savemodels\db.php:53

noprivwp_ajax_fv_wp_flowplayer_email_signupmodels\email-subscription.php:17

authwp_ajax_fv_wp_flowplayer_email_signupmodels\email-subscription.php:18

authwp_ajax_fv_player_email_subscription_savemodels\email-subscription.php:21

authwp_ajax_fv_wp_flowplayer_video_position_savemodels\player-position-save.php:10

authwp_ajax_fv_player_stats_users_searchmodels\stats.php:44

authwp_ajax_fv-player-vi-addmodels\video-intelligence.php:20

authwp_ajax_fv-player-vi-removemodels\video-intelligence.php:21

Shortcodes 4

[flowplayer] controller\shortcodes.php:27

[fvplayer] controller\shortcodes.php:29

[fv_time] controller\shortcodes.php:31

[fvplayer_watched] controller\shortcodes.php:594

WordPress Hooks 302

filterwp_mail_content_typecontroller\backend.php:50

actionadmin_initcontroller\backend.php:395

actionadmin_initcontroller\backend.php:473

filtersite_transient_update_pluginscontroller\backend.php:520

actionadmin_noticescontroller\backend.php:600

actionafter_plugin_row_fv-wordpress-flowplayer/flowplayer.phpcontroller\backend.php:608

actionadmin_noticescontroller\backend.php:651

filterheartbeat_receivedcontroller\backend.php:746

actionadmin_noticescontroller\backend.php:749

filterupgrader_pre_downloadcontroller\backend.php:791

actionadmin_noticescontroller\backend.php:829

actionadmin_noticescontroller\backend.php:845

actionadmin_noticescontroller\backend.php:861

actionfv_player_load_video_encoder_libscontroller\backend.php:878

actionattachment_submitbox_misc_actionscontroller\backend.php:888

actionadmin_enqueue_scriptscontroller\editor.php:7

actionmedia_buttonscontroller\editor.php:88

actionmedia_upload_fvplayer_videocontroller\editor.php:113

actionenqueue_block_editor_assetscontroller\editor.php:116

actionadmin_footercontroller\editor.php:119

actionedit_form_after_editorcontroller\editor.php:125

actionadmin_footercontroller\editor.php:141

actionadmin_footercontroller\editor.php:142

actionadmin_footercontroller\editor.php:149

actionadmin_footercontroller\editor.php:156

actionadmin_footercontroller\editor.php:163

filterwp_check_filetype_and_extcontroller\editor.php:167

filteradmin_print_scriptscontroller\editor.php:184

actionadmin_print_stylescontroller\editor.php:194

actionsave_postcontroller\editor.php:203

actionsave_postcontroller\editor.php:208

actionfv_player_db_savecontroller\editor.php:209

actionelementor/editor/wp_headcontroller\editor.php:553

actionelementor/editor/wp_headcontroller\editor.php:554

actionelementor/editor/wp_headcontroller\editor.php:555

filterpre_option_elementor_experiment-e_hidden_wordpress_widgetscontroller\editor.php:558

actionwp_footercontroller\frontend.php:23

actionwp_footercontroller\frontend.php:24

actionwidget_textcontroller\frontend.php:25

filterrun_ngg_resource_managercontroller\frontend.php:27

actionwp_print_scriptscontroller\frontend.php:36

filterrun_ngg_resource_managercontroller\frontend.php:38

actioninitcontroller\frontend.php:44

filterthe_contentcontroller\frontend.php:589

filterprepend_attachmentcontroller\frontend.php:627

filterfv_player_captioncontroller\frontend.php:649

filtercomment_textcontroller\frontend.php:652

filterbp_get_activity_content_bodycontroller\frontend.php:653

filterbbp_get_topic_contentcontroller\frontend.php:654

filterbbp_get_reply_contentcontroller\frontend.php:655

filtercomment_textcontroller\frontend.php:662

filterbbp_get_topic_contentcontroller\frontend.php:663

filterbbp_get_reply_contentcontroller\frontend.php:664

actionfv_player_extensions_admin_load_assetscontroller\frontend.php:693

actionfv_player_extensions_admin_load_assetscontroller\frontend.php:701

actionwp_footercontroller\frontend.php:718

actionwp_footercontroller\frontend.php:732

actionwp_footercontroller\frontend.php:734

actionwp_footercontroller\frontend.php:739

filterscript_loader_tagcontroller\frontend.php:743

actionwp_print_footer_scriptscontroller\frontend.php:778

filterpre_get_rocket_option_remove_unused_css_safelistcontroller\frontend.php:850

filtersgs_whitelist_wp_contentcontroller\frontend.php:872

filtersgo_js_async_excludecontroller\frontend.php:889

filterlearnify_filter_post_contentcontroller\frontend.php:902

actionadmin_menucontroller\settings.php:10

filterplugin_action_linkscontroller\settings.php:45

actionafter_plugin_rowcontroller\settings.php:60

filterget_user_option_closedpostboxes_fv_flowplayer_settingscontroller\settings.php:90

filterget_user_option_closedpostboxes_fv_flowplayer_settings_toolscontroller\settings.php:103

filterget_user_option_closedpostboxes_fv_flowplayer_settings_skincontroller\settings.php:116

actionadmin_initcontroller\settings.php:134

actionadmin_initcontroller\settings.php:209

actionadmin_enqueue_scriptscontroller\settings.php:404

actionadmin_headcontroller\settings.php:430

actionadmin_footercontroller\settings.php:450

actionadmin_print_footer_scriptscontroller\settings.php:462

filterthe_contentcontroller\shortcodes.php:227

filterwp_video_shortcode_overridecontroller\shortcodes.php:388

filterwp_audio_shortcode_overridecontroller\shortcodes.php:389

filterpost_playlistcontroller\shortcodes.php:519

filterthe_contentcontroller\shortcodes.php:522

filterthe_contentcontroller\shortcodes.php:523

filterembed_oembed_htmlcontroller\shortcodes.php:524

filterembed_oembed_htmlcontroller\shortcodes.php:525

filterthe_contentcontroller\shortcodes.php:539

filterwp_trim_wordscontroller\shortcodes.php:559

filterwp_trim_wordscontroller\shortcodes.php:571

filterfv_flowplayer_shortcodecontroller\shortcodes.php:579

actionplugins_loadedflowplayer.php:125

filtertables_to_repairflowplayer.php:136

actionadmin_initincludes\class.fv-player-wizard-base.php:45

actionadmin_enqueue_scriptsincludes\fp-api-private.php:72

filterplugins_api_resultincludes\fp-api-private.php:80

filterpre_set_site_transient_update_pluginsincludes\fp-api-private.php:103

filterplugins_apiincludes\fp-api-private.php:104

actionupdate_option__transient_update_pluginsincludes\fp-api-private.php:105

filterhttp_request_argsincludes\fp-api-private.php:106

filterhttps_ssl_verifyincludes\fp-api-private.php:132

actionadmin_print_footer_scriptsincludes\fp-api-private.php:512

actionadmin_footermodels\avada-builder-bridge.php:7

actionadmin_initmodels\cdn.class.php:21

filterplugins_loadedmodels\cdn.class.php:23

filterfv_player_pro_video_ajaxify_domainsmodels\cdn.class.php:154

filterfv_player_pro_video_ajaxify_argsmodels\cdn.class.php:155

actionplugins_loadedmodels\cdn.class.php:157

filterfv_flowplayer_video_srcmodels\cdn.class.php:159

filterfv_flowplayer_splashmodels\cdn.class.php:161

filterfv_flowplayer_playlist_splashmodels\cdn.class.php:162

filterfv_flowplayer_resourcemodels\cdn.class.php:163

filtercron_schedulesmodels\checker.php:26

actionfv_flowplayer_checker_eventmodels\checker.php:27

actioninitmodels\checker.php:28

actionhttp_api_curlmodels\checker.php:109

actionadmin_menumodels\conversion\conversion-base.class.php:26

actionfv_player_conversion_buttonsmodels\conversion\conversion-base.class.php:28

actionadmin_initmodels\conversion\conversion-base.class.php:31

actionadmin_noticesmodels\conversion.php:11

actionfv_player_conversion_buttonsmodels\conversion.php:12

filterfv_flowplayer_splashmodels\custom-videos.php:47

filterfv_flowplayer_playlist_splashmodels\custom-videos.php:48

filterfv_flowplayer_splashmodels\custom-videos.php:49

filterfv_flowplayer_playlist_splashmodels\custom-videos.php:50

actionadmin_footermodels\custom-videos.php:52

actionadmin_footermodels\custom-videos.php:53

actionadmin_footermodels\custom-videos.php:56

actionadmin_footermodels\custom-videos.php:59

actioninitmodels\custom-videos.php:211

actionsave_postmodels\custom-videos.php:212

filtershow_password_fieldsmodels\custom-videos.php:214

actionadd_meta_boxesmodels\custom-videos.php:215

filterthe_contentmodels\custom-videos.php:217

filterget_the_author_descriptionmodels\custom-videos.php:218

actionedd_profile_editor_after_emailmodels\custom-videos.php:221

actionedd_pre_update_user_profilemodels\custom-videos.php:222

actionbbp_template_after_user_profilemodels\custom-videos.php:225

filterbbp_user_edit_after_aboutmodels\custom-videos.php:226

actiontoplevel_page_fv_playermodels\db.php:37

actionload-settings_page_fvplayermodels\db.php:38

filterfv_flowplayer_args_premodels\db.php:40

filterfv_player_item_premodels\db.php:41

actionwp_headmodels\db.php:42

actionsave_postmodels\db.php:44

actionplugins_loadedmodels\digitalocean-spaces.class.php:17

actionadmin_initmodels\digitalocean-spaces.class.php:18

actionadmin_initmodels\digitalocean-spaces.class.php:19

actionadmin_initmodels\email-subscription.php:11

actionadmin_initmodels\email-subscription.php:13

filterfv_flowplayer_popup_htmlmodels\email-subscription.php:14

filterfv_player_conf_defaultsmodels\email-subscription.php:15

filterfv_flowplayer_settings_savemodels\email-subscription.php:16

filterfv_player_admin_popups_defaultsmodels\email-subscription.php:19

actionadmin_initmodels\email-subscription.php:24

actionadmin_noticesmodels\email-subscription.php:28

filterfv_flowplayer_attributesmodels\email-subscription.php:31

actionwp_headmodels\facebook-share.php:11

actionfv_flowplayer_admin_integration_options_aftermodels\facebook-share.php:12

filterwp_kses_allowed_htmlmodels\flowplayer-frontend.php:347

filterfv_flowplayer_attributesmodels\flowplayer-frontend.php:692

actionwp_footermodels\flowplayer-frontend.php:900

actionwp_footermodels\flowplayer-frontend.php:902

actionin_plugin_update_message-fv-wordpress-flowplayer/flowplayer.phpmodels\flowplayer.php:108

filterfv_flowplayer_inner_htmlmodels\flowplayer.php:131

filterfv_flowplayer_video_srcmodels\flowplayer.php:133

actioninitmodels\flowplayer.php:135

filterfv_flowplayer_splashmodels\flowplayer.php:137

filterfv_flowplayer_playlist_splashmodels\flowplayer.php:138

actionwp_enqueue_scriptsmodels\flowplayer.php:140

actionadmin_enqueue_scriptsmodels\flowplayer.php:141

actioninitmodels\flowplayer.php:143

filterrewrite_rules_arraymodels\flowplayer.php:145

filterquery_varsmodels\flowplayer.php:146

filterfv_player_custom_cssmodels\flowplayer.php:148

filterfv_player_custom_cssmodels\flowplayer.php:149

actiontemplate_redirectmodels\flowplayer.php:152

actionwp_headmodels\flowplayer.php:154

actionwp_footermodels\flowplayer.php:155

actiondo_rocket_lazyloadmodels\flowplayer.php:158

filterfv_flowplayer_video_srcmodels\flowplayer.php:160

filterfv_player_itemmodels\flowplayer.php:161

actionadmin_headmodels\flowplayer.php:1515

filterfv_player_itemmodels\flowplayer.php:1684

actioninitmodels\gutenberg.php:17

filterplugins_loadedmodels\learndash.php:11

filterinitmodels\learndash.php:20

actionadd_meta_boxesmodels\learndash.php:22

filterlearndash_settings_fieldmodels\learndash.php:26

filterlearndash_settings_fieldsmodels\learndash.php:28

filterld_video_providermodels\learndash.php:29

actionadmin_initmodels\learndash.php:32

actionsave_postmodels\learndash.php:36

actioninitmodels\lightbox.php:25

filterfv_flowplayer_shortcodemodels\lightbox.php:27

filterfv_flowplayer_player_typemodels\lightbox.php:29

filterfv_flowplayer_argsmodels\lightbox.php:31

filterfv_flowplayer_argsmodels\lightbox.php:32

filterfv_flowplayer_args_premodels\lightbox.php:34

filterfv_flowplayer_argsmodels\lightbox.php:36

filterthe_contentmodels\lightbox.php:38

filterthe_contentmodels\lightbox.php:39

actionfv_flowplayer_shortcode_editor_tab_optionsmodels\lightbox.php:41

actionfv_flowplayer_admin_default_options_aftermodels\lightbox.php:43

filterfv_flowplayer_admin_interface_options_aftermodels\lightbox.php:44

filterfv_flowplayer_admin_integration_options_aftermodels\lightbox.php:45

actionwp_footermodels\lightbox.php:47

filterfv_player_conf_defaultsmodels\lightbox.php:49

actionwp_headmodels\lightbox.php:51

actionwp_footermodels\lightbox.php:52

filtershortcode_atts_gallerymodels\lightbox.php:54

actionwp_enqueue_scriptsmodels\lightbox.php:56

filterfv_flowplayer_htmlmodels\lightbox.php:111

actionplugins_loadedmodels\linode-object-storage.class.php:14

actioninitmodels\list-table.php:14

filtermanage_toplevel_page_fv_player_columnsmodels\list-table.php:24

filterhidden_columnsmodels\list-table.php:25

actionadmin_menumodels\list-table.php:44

actionadmin_menumodels\list-table.php:47

actionadmin_headmodels\list-table.php:49

actionadminmenumodels\list-table.php:51

actionadmin_headmodels\list-table.php:53

filterset-screen-optionmodels\list-table.php:54

filterset_screen_option_fv_player_per_pagemodels\list-table.php:55

actionedit_form_after_editormodels\media-browser.php:16

actionenqueue_block_editor_assetsmodels\media-browser.php:17

actionadmin_print_scripts-toplevel_page_fv_playermodels\media-browser.php:18

actionadmin_print_scripts-widgets.phpmodels\media-browser.php:19

actionadmin_print_scripts-fv-player_page_fv_player_coconutmodels\media-browser.php:22

actionadmin_print_scripts-fv-player_page_fv_player_bunny_streammodels\media-browser.php:23

actionfv_player_media_browser_enqueue_base_uploader_cssmodels\media-browser.php:24

actionadmin_footermodels\media-browser.php:64

actionadmin_menumodels\migration-wizard.php:12

filterfv_player_itemmodels\player-position-save.php:11

filterfv_flowplayer_admin_default_options_aftermodels\player-position-save.php:12

filterfv_flowplayer_attributesmodels\player-position-save.php:14

filterfv_flowplayer_args_premodels\seo.php:13

filterfv_flowplayer_attributesmodels\seo.php:14

filterfv_flowplayer_inner_htmlmodels\seo.php:15

filterfv_player_item_htmlmodels\seo.php:16

filterfv_player_meta_datamodels\splash-download.php:12

actionadmin_initmodels\stats-export.php:15

filterfv_flowplayer_admin_default_options_aftermodels\stats.php:16

filterfv_flowplayer_confmodels\stats.php:17

filterfv_flowplayer_attributesmodels\stats.php:18

actionfv_player_statsmodels\stats.php:28

actionfv_player_updatemodels\stats.php:30

actionadmin_initmodels\stats.php:34

actionadmin_menumodels\stats.php:36

filtermanage_users_columnsmodels\stats.php:38

filtermanage_users_custom_columnmodels\stats.php:39

filtermanage_users_sortable_columnsmodels\stats.php:40

actionpre_user_querymodels\stats.php:43

filterfv_player_itemmodels\subtitles.php:11

filterfv_player_db_video_meta_savemodels\subtitles.php:12

actionadmin_initmodels\system-info.php:11

actionadmin_initmodels\system-info.php:12

actioninitmodels\users-ultra-pro.php:11

filterthe_contentmodels\users-ultra-pro.php:21

filterthe_contentmodels\users-ultra-pro.php:22

filterthe_contentmodels\users-ultra-pro.php:23

actioninitmodels\video-encoder\video-encoder.php:60

actionadmin_menumodels\video-encoder\video-encoder.php:63

filterfv_player_conf_defaultsmodels\video-encoder\video-encoder.php:65

actionadmin_enqueue_scriptsmodels\video-encoder\video-encoder.php:81

actionadmin_initmodels\video-encoder\video-encoder.php:92

filterwp_terms_checklist_argsmodels\video-encoder\video-encoder.php:95

filterheartbeat_receivedmodels\video-encoder\video-encoder.php:98

actionadmin_enqueue_scriptsmodels\video-encoder\video-encoder.php:101

actionfv_flowplayer_shortcode_editor_item_aftermodels\video-encoder\video-encoder.php:102

filterplugin_action_linksmodels\video-encoder\video-encoder.php:104

actionadmin_noticesmodels\video-encoder\video-encoder.php:111

actionfv_player_video_encoder_include_listing_libmodels\video-encoder\video-encoder.php:113

actionfv_player_itemmodels\video-encoder\video-encoder.php:116

filterset-screen-optionmodels\video-encoder\video-encoder.php:251

filterfv_player_secure_link_timeoutmodels\video-encoder\video-encoder.php:672

actionadmin_menumodels\video-intelligence.php:16

actionadmin_initmodels\video-intelligence.php:17

actionadmin_noticesmodels\video-intelligence.php:18

actionfv_player_admin_settings_tabsmodels\video-intelligence.php:19

actionwidgets_initmodels\widget.php:9

actionadmin_footermodels\widget.php:18

actionadmin_headmodels\widget.php:91

filterinitmodels\xml-video-sitemap.php:12

actiondo_feed_video-sitemapmodels\xml-video-sitemap.php:13

actiondo_feed_video-sitemap-indexmodels\xml-video-sitemap.php:14

actionparse_requestmodels\xml-video-sitemap.php:16

filterquery_varsmodels\xml-video-sitemap.php:17

filterredirect_canonicalmodels\xml-video-sitemap.php:19

filterfv_flowplayer_settings_savemodels\xml-video-sitemap.php:20

actionfv_flowplayer_admin_seo_aftermodels\xml-video-sitemap.php:21

filterfv_flowplayer_splashmodels\youtube.php:27

filterfv_flowplayer_playlist_splashmodels\youtube.php:28

filterfv_flowplayer_splashmodels\youtube.php:32

filterfv_flowplayer_playlist_splashmodels\youtube.php:33

actioninitmodels\youtube.php:35

actionadmin_initmodels\youtube.php:37

filterfv_flowplayer_attributesmodels\youtube.php:41

filterfv_flowplayer_checker_timemodels\youtube.php:43

filterfv_flowplayer_argsmodels\youtube.php:45

filterfv_flowplayer_get_mime_typemodels\youtube.php:47

actionfv_player_extensions_admin_load_assetsmodels\youtube.php:49

filterfv_flowplayer_confmodels\youtube.php:51

filterfv_player_meta_datamodels\youtube.php:53

Scheduled Events 2

fv_flowplayer_checker_event

fv_player_stats

Maintenance & Trust

FV Flowplayer Video Player Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedMar 10, 2026

PHP min version

Downloads2.4M

Community Trust

Rating88/100

Number of ratings90

Active installs20K

Alternatives

FV Flowplayer Video Player Alternatives

FV Player 8

fv-player

100

WordPress's most reliable, easy to use and feature-rich video player. Supports playlists, ads, stats and user video position saving.

1K No CVEs

VideoIgniter – Video Player

videoigniter

100

VideoIgniter lets you create video playlists and embed them in your WordPress posts, pages or custom post types and serve your video content in style!

100 No CVEs

Simple Video Post

simple-video-post

100

A simple video post plugin that support YouTube/Vimeo/Facebook/Dailymotion like video sharing website. No coding required.

0 No CVEs

All-in-One Video Gallery

all-in-one-video-gallery

The ultimate video player & video gallery plugin for YouTubers, Video Bloggers, Course Creators, Podcasters, and anyone embedding videos on websites.

20K 11 CVEs

HTML5 Video Player – Embed and Play Videos in Custom Player

html5-video-player

HTML5 Video Player Plugin lets you embed responsive videos in WordPress. It’s easy to use, fast, and supports MP4, WebM, OGG, FLV, Youtube and Vimeo.

20K 8 CVEs

Developer Profile

FV Flowplayer Video Player Developer Profile

FolioVision

19 plugins · 48K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

1121 days

View full developer profile

Detection Fingerprints

How We Detect FV Flowplayer Video Player

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fv-wordpress-flowplayer/css/fvplayer.css/wp-content/plugins/fv-wordpress-flowplayer/css/fvplayer_dialogs.css/wp-content/plugins/fv-wordpress-flowplayer/css/fvplayer_admin.css/wp-content/plugins/fv-wordpress-flowplayer/css/fvplayer_setup_wizard.css/wp-content/plugins/fv-wordpress-flowplayer/js/fvplayer.js/wp-content/plugins/fv-wordpress-flowplayer/js/fvplayer_admin.js/wp-content/plugins/fv-wordpress-flowplayer/js/fvplayer_setup_wizard.js/wp-content/plugins/fv-wordpress-flowplayer/js/fvplayer_setup_wizard_step2.js+3 more

Script Paths

/wp-content/plugins/fv-wordpress-flowplayer/js/fvplayer.js/wp-content/plugins/fv-wordpress-flowplayer/js/fvplayer_admin.js/wp-content/plugins/fv-wordpress-flowplayer/js/fvplayer_setup_wizard.js/wp-content/plugins/fv-wordpress-flowplayer/js/fvplayer_setup_wizard_step2.js/wp-content/plugins/fv-wordpress-flowplayer/js/fvplayer_dialogs.js/wp-content/plugins/fv-wordpress-flowplayer/js/editor_plugin.js+1 more

Version Parameters

fv-wordpress-flowplayer/css/fvplayer.css?ver=fv-wordpress-flowplayer/css/fvplayer_dialogs.css?ver=fv-wordpress-flowplayer/css/fvplayer_admin.css?ver=fv-wordpress-flowplayer/css/fvplayer_setup_wizard.css?ver=fv-wordpress-flowplayer/js/fvplayer.js?ver=fv-wordpress-flowplayer/js/fvplayer_admin.js?ver=fv-wordpress-flowplayer/js/fvplayer_setup_wizard.js?ver=fv-wordpress-flowplayer/js/fvplayer_setup_wizard_step2.js?ver=fv-wordpress-flowplayer/js/fvplayer_dialogs.js?ver=fv-wordpress-flowplayer/js/editor_plugin.js?ver=fv-wordpress-flowplayer/js/fv-player-admin-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes

fvplayer-videofvfp-dialogfv-player-admin-wrapfv-player-setup-wizardfv-player-field-wrapfv-player-settings-groupfv-player-section-headerfv-player-button+3 more

HTML Comments

+6 more

Data Attributes

data-fvplayer-configdata-fvplayer-iddata-fvplayer-sourcedata-fvplayer-autoplaydata-fvplayer-loopdata-fvplayer-controls+8 more

JS Globals

fv_wp_flowplayer_verfv_player_admin_paramsfv_player_frontend_paramsfv_player_setup_wizard_paramsFV_Player_GlobalFV_Player_Settings

REST Endpoints

/wp-json/fv-player/v1/settings/wp-json/fv-player/v1/videos/wp-json/fv-player/v1/players/wp-json/fv-player/v1/stats/wp-json/fv-player/v1/upload

Shortcode Output

[fvplayer][fvplayer url=[fvplayer src=[fvplayer mp4=

FAQ

FV Flowplayer Video Player Security & Risk Analysis

Is FV Flowplayer Video Player Safe to Use in 2026?

Generally Safe

Key Concerns

FV Flowplayer Video Player Security Vulnerabilities

CVEs by Year

Severity Breakdown

FV Flowplayer Video Player Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

FV Flowplayer Video Player Attack Surface

AJAX Handlers 26

Shortcodes 4

Scheduled Events 2

FV Flowplayer Video Player Maintenance & Trust

Maintenance Signals

Community Trust

FV Flowplayer Video Player Alternatives

FV Player 8

VideoIgniter – Video Player

Simple Video Post

All-in-One Video Gallery

HTML5 Video Player – Embed and Play Videos in Custom Player

FV Flowplayer Video Player Developer Profile

How We Detect FV Flowplayer Video Player

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about FV Flowplayer Video Player