Does HTML5 Video Player with Playlist have any unpatched vulnerabilities?

Yes — HTML5 Video Player with Playlist currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is HTML5 Video Player with Playlist compatible with WordPress 4.1.42?

According to WordPress.org data, HTML5 Video Player with Playlist 2.50 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is HTML5 Video Player with Playlist updated?

HTML5 Video Player with Playlist was last updated on Dec 23, 2014. Frequent updates are generally a positive security signal.

What is HTML5 Video Player with Playlist's security score?

HTML5 Video Player with Playlist has a WP-Safety security score of 42/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

HTML5 Video Player with Playlist Security & Risk Analysis

wordpress.org/plugins/html5-video-player-with-playlist

Allows Wordpress users to easily use HTML5 < video > the element enable native video playback within the browser. It supports Android, iOS/iPad/ …

50 active installs v2.50 PHP + WP 1.5+ Updated Dec 23, 2014

html5mp4-playerplaylistvideo-player

D · High Risk

CVEs total2

Unpatched2

Last CVEApr 9, 2025

Plugin page Download

Safety Verdict

Is HTML5 Video Player with Playlist Safe to Use in 2026?

High Risk

Score 42/100

HTML5 Video Player with Playlist carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: Apr 9, 2025Updated 11yr ago

Risk Assessment

The "html5-video-player-with-playlist" plugin version 2.50 presents a mixed security profile. While it has a very small attack surface with no apparent unprotected entry points in the static analysis, and no dangerous functions or file operations, there are significant concerns regarding output sanitization and its vulnerability history. The static analysis reveals that 100% of the 63 identified output points are not properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the plugin has a history of 2 known medium severity CVEs, both of which are currently unpatched and primarily related to XSS. This pattern of unpatched XSS vulnerabilities, coupled with the lack of proper output escaping in the current version, strongly suggests a persistent weakness in how user-supplied data is handled, making it a prime target for attacks.

Key Concerns

2 unpatched medium CVEs
0% output escaping
Bundled outdated jQuery v1.2.3
43% SQL queries not prepared
No nonce checks
No capability checks

Vulnerabilities

HTML5 Video Player with Playlist Security Vulnerabilities

CVEs by Year

1 CVE in 2014 · unpatched

2014

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-32536medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

HTML5 Video Player with Playlist <= 2.50 - Reflected Cross-Site Scripting

Apr 9, 2025Unpatched

CVE-2014-4534medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

HTML5 Video Player with Playlist <= 2.4.0 - Reflected Cross-Site Scripting

May 25, 2014Unpatched

Code Analysis

Analyzed Mar 16, 2026

HTML5 Video Player with Playlist Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery1.2.3

SQL Query Safety

43% prepared7 total queries

Output Escaping

0% escaped63 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths

<formplus> (html5plus\formplus.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

HTML5 Video Player with Playlist Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[html5video] index.php:461

WordPress Hooks 2

actionadmin_menuindex.php:201

actionadmin_initindex.php:227

Maintenance & Trust

HTML5 Video Player with Playlist Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedDec 23, 2014

PHP min version

Downloads26K

Community Trust

Rating64/100

Number of ratings6

Active installs50

Alternatives

HTML5 Video Player with Playlist Alternatives

HTML5 Video Player – Embed and Play Videos in Custom Player

html5-video-player

HTML5 Video Player Plugin lets you embed responsive videos in WordPress. It’s easy to use, fast, and supports MP4, WebM, OGG, FLV, Youtube and Vimeo.

20K 8 CVEs

dPlayer – Video Player for WordPress

dplayer

A nice video player plugin. This video player support various video file type, It support logo overlay and call to action button on the video player.

40 No CVEs

IV Player

ivplayer

IV Player is an interactive video player, if you are a teacher/educator/guru who wants to provide video content to your students/learners, then IV Pla …

10 No CVEs

FV Flowplayer Video Player

fv-wordpress-flowplayer

WordPress's most reliable, easy to use and feature-rich video player. Supports responsive design, HTML5, playlists, ads, stats, Vimeo and YouTube.

20K 23 CVEs

Super Video player – Fully Customizable Video Player with Playlist

super-video-player

100

Improve WordPress user experience with Super Video Player plugin. Self-hosted, supports mp4/OGG, captions, and subtitle for engagement.

2K No CVEs

Developer Profile

HTML5 Video Player with Playlist Developer Profile

Sandeep Verma

9 plugins · 1K total installs

trust score

Avg Security Score

82/100

Avg Patch Time

392 days

View full developer profile

Detection Fingerprints

How We Detect HTML5 Video Player with Playlist

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/html5-video-player-with-playlist/videoplayer/js/jquery.jplayer.min.js/wp-content/plugins/html5-video-player-with-playlist/videoplayer/js/jplayer.playlist.min.js/wp-content/plugins/html5-video-player-with-playlist/videoplayer/css/jplayer.blue.monday.css/wp-content/plugins/html5-video-player-with-playlist/html5plus/formplus.css/wp-content/plugins/html5-video-player-with-playlist/html5plus/css/style.css/wp-content/plugins/html5-video-player-with-playlist/html5plus/css/playlist.css/wp-content/plugins/html5-video-player-with-playlist/html5plus/css/addplaylist.css/wp-content/plugins/html5-video-player-with-playlist/html5plus/css/help.css

Script Paths

/wp-content/plugins/html5-video-player-with-playlist/videoplayer/js/jquery.jplayer.min.js/wp-content/plugins/html5-video-player-with-playlist/videoplayer/js/jplayer.playlist.min.js/wp-content/plugins/html5-video-player-with-playlist/html5plus/formplus.js/wp-content/plugins/html5-video-player-with-playlist/html5plus/addplaylist.js/wp-content/plugins/html5-video-player-with-playlist/html5plus/playlist.js/wp-content/plugins/html5-video-player-with-playlist/html5plus/help.js

Version Parameters

html5-video-player-with-playlist/videoplayer/js/jquery.jplayer.min.js?ver=html5-video-player-with-playlist/videoplayer/js/jplayer.playlist.min.js?ver=html5-video-player-with-playlist/html5plus/formplus.css?ver=html5-video-player-with-playlist/html5plus/css/style.css?ver=html5-video-player-with-playlist/html5plus/css/playlist.css?ver=html5-video-player-with-playlist/html5plus/css/addplaylist.css?ver=html5-video-player-with-playlist/html5plus/css/help.css?ver=

HTML / DOM Fingerprints

CSS Classes

jp-jplayerjp-playlistjp-video-play-iconhtml5-playlist-containerhtml5-video-playlist-wrapper

Data Attributes

data-playlistiddata-playlist_item_id

JS Globals

myPlaylist

Shortcode Output

[html5video]

FAQ