Gumlet Video Security & Risk Analysis
wordpress.org/plugins/gumlet-videoAn official plugin by Gumlet for video embedding, dynamic watermark configuration, user level analytics and shortcode.
Is Gumlet Video Safe to Use in 2026?
Generally Safe
Score 99/100Gumlet Video has a strong security track record. Known vulnerabilities have been patched promptly.
The "gumlet-video" v1.2.0 plugin demonstrates a generally good security posture based on the static analysis. The absence of dangerous functions, proper output escaping for all outputs, and the exclusive use of prepared statements for SQL queries are commendable practices. The plugin also appears to have a limited attack surface with no unprotected entry points. However, the static analysis does reveal potential areas for improvement. Specifically, the absence of any nonce checks or capability checks on its single shortcode is a significant concern, as this could allow for unauthorized actions if the shortcode is vulnerable. Furthermore, the plugin has a history of a medium-severity Cross-Site Scripting (XSS) vulnerability, even though it is currently patched. This historical pattern suggests a past weakness in input sanitization or output encoding, which warrants continued vigilance.
Key Concerns
- Shortcode lacks nonce and capability checks
- History of medium severity XSS vulnerability
Gumlet Video Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Gumlet Video <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Gumlet Video Code Analysis
Output Escaping
Gumlet Video Attack Surface
Shortcodes 1
WordPress Hooks 6
Maintenance & Trust
Gumlet Video Maintenance & Trust
Maintenance Signals
Community Trust
Gumlet Video Alternatives
WP Video Lightbox
wp-video-lightbox
Very easy to use WordPress lightbox plugin to display YouTube and Vimeo videos in an elegant lightbox overlay.
Cookies and Content Security Policy
cookies-and-content-security-policy
Be fully GDPR and CCPA compliant through Content Security Policy. Blocks cookies and unwanted external content.
Really Simple Featured Video – Featured video support for Posts, Pages & WooCommerce Products
really-simple-featured-video
Really Simple Featured Video enables featured video support for WordPress posts, pages, CPTs (with featured images) & WooCommerce Products.
Wonder Video Embed
wonderplugin-video-embed
Embed MP4, Youtube, Vimeo, Wistia videos to the sidebar widget, WordPress posts and pages.
Content Security Policy Manager
csp-manager
Plugin for configuring Content Security Policy headers for your site. Allows different CSP headers for admin, logged inn frontend and regular visitors
Gumlet Video Developer Profile
2 plugins · 800 total installs
How We Detect Gumlet Video
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/gumlet-video/includes/assets/css/gumlet-admin.css/wp-content/plugins/gumlet-video/includes/assets/js/gumlet-admin.js/wp-content/plugins/gumlet-video/blocks/gumlet-video-block/build/index.js/wp-content/plugins/gumlet-video/blocks/gumlet-video-block/build/style-index.css/wp-content/plugins/gumlet-video/blocks/gumlet-video-block/build/index.jsgumlet-video/includes/assets/css/gumlet-admin.css?ver=gumlet-video/includes/assets/js/gumlet-admin.js?ver=gumlet-video/blocks/gumlet-video-block/build/index.js?ver=gumlet-video/blocks/gumlet-video-block/build/style-index.css?ver=HTML / DOM Fingerprints
gumlet-video-block__editor--activegumlet-video-block__player--active<!-- Generated by Gumlet Video Plugin -->data-gumlet-video-idwindow.gumletVideoSettings<iframe src="https://play.gumlet.io/embed/loading="lazy" title="Gumlet video player"