Does Video gallery and Player have any unpatched vulnerabilities?

No. All known vulnerabilities in Video gallery and Player have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Video gallery and Player compatible with WordPress 6.9.4?

According to WordPress.org data, Video gallery and Player 2.8.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Video gallery and Player updated?

Video gallery and Player was last updated on Feb 20, 2026. Frequent updates are generally a positive security signal.

What is Video gallery and Player's security score?

Video gallery and Player has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Video gallery and Player Security & Risk Analysis

wordpress.org/plugins/html5-videogallery-plus-player

Easy to add and display your HTML5, YouTube, Vimeo vedio gallery with Magnific Popup to your website. Also work with Gutenberg shortcode block.

1K active installs v2.8.7 PHP + WP 4.0+ Updated Feb 20, 2026

html5-video-gallery-playervideo-gallery-magnific-popupvimeo-video-gallery-with-popupwordpress-responsive-video-galleryyoutube-video-gallery-with-popup

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Video gallery and Player Safe to Use in 2026?

Generally Safe

Score 100/100

Video gallery and Player has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "html5-videogallery-plus-player" plugin, version 2.8.7, exhibits a generally good security posture based on the provided static analysis. It demonstrates strong adherence to best practices with 100% of SQL queries using prepared statements and a high rate of output escaping (90%). The presence of nonce and capability checks on all identified entry points is also commendable, indicating a thoughtful approach to authorization. Furthermore, the lack of any recorded CVEs or vulnerability history suggests a history of secure development or diligent patching by developers.

Despite the positive indicators, a single critical code signal, the presence of the `unserialize` function, introduces a potential risk. If user-controlled data is passed directly to `unserialize` without sufficient sanitization, it could lead to remote code execution vulnerabilities through PHP Object Injection. While taint analysis shows no current flows with unsanitized paths, this function remains a point of concern that warrants careful consideration and robust input validation for any data being unserialized. The plugin's limited attack surface (one shortcode) and zero unprotected entry points are strengths, but the `unserialize` function necessitates vigilance.

In conclusion, the plugin is well-developed with a clean vulnerability history and good security practices in place for most areas. The primary weakness lies in the potential for PHP Object Injection via the `unserialize` function if improperly handled. Future security efforts should focus on ensuring this function is only used with strictly validated and trusted data. The plugin's overall security is good, but this single element prevents it from being excellent.

Key Concerns

Presence of unserialize function

Vulnerabilities

None known

Video gallery and Player Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Video gallery and Player Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

197 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$info = @unserialize($data);wpos-analytics\includes\class-anylc-admin.php:696

Output Escaping

90% escaped218 total outputs

Attack Surface

Video gallery and Player Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[sp_html5video] includes\shortcode\class_shortcode.php:149

WordPress Hooks 36

actionplugins_loadedhtml5video.php:79

actionupdate_option_active_pluginshtml5video.php:111

actionadmin_noticeshtml5video.php:172

actionadmin_menuincludes\admin\class-html5vp-admin.php:20

actionadd_meta_boxesincludes\admin\class-html5vp-admin.php:23

actionsave_postincludes\admin\class-html5vp-admin.php:26

actionadmin_initincludes\admin\class-html5vp-admin.php:29

filterpost_row_actionsincludes\admin\class-html5vp-admin.php:32

filtermanage_video-category_custom_columnincludes\admin\class-html5vp-admin.php:35

filtermanage_edit-video-category_columnsincludes\admin\class-html5vp-admin.php:36

actioninitincludes\admin\supports\gutenberg-block.php:62

actionenqueue_block_editor_assetsincludes\admin\supports\gutenberg-block.php:85

filterblock_categories_allincludes\admin\supports\gutenberg-block.php:106

actionadmin_enqueue_scriptsincludes\class-wp-html5vp-script.php:20

actionwp_enqueue_scriptsincludes\class-wp-html5vp-script.php:23

actionwp_enqueue_scriptsincludes\class-wp-html5vp-script.php:26

actioninitincludes\wp-html5vp-post-types.php:58

actioninitincludes\wp-html5vp-post-types.php:94

filterpost_updated_messagesincludes\wp-html5vp-post-types.php:124

actionadmin_menuwpos-analytics\includes\class-anylc-admin.php:45

actionadmin_menuwpos-analytics\includes\class-anylc-admin.php:48

actionadmin_initwpos-analytics\includes\class-anylc-admin.php:51

actionadmin_noticeswpos-analytics\includes\class-anylc-admin.php:54

actionadmin_footerwpos-analytics\includes\class-anylc-admin.php:57

actionwp_loadedwpos-analytics\includes\class-anylc-admin.php:60

actioninitwpos-analytics\includes\class-anylc-admin.php:63

filtercron_scheduleswpos-analytics\includes\class-anylc-admin.php:66

actionwpos_monthly_cron_hookwpos-analytics\includes\class-anylc-admin.php:69

actionrest_api_initwpos-analytics\includes\class-anylc-admin.php:72

filterrest_pre_serve_requestwpos-analytics\includes\class-anylc-admin.php:585

actionadmin_enqueue_scriptswpos-analytics\includes\class-anylc-script.php:20

actionactivated_pluginwpos-analytics\wpos-analytics.php:244

actionplugins_loadedwpos-analytics\wpos-analytics.php:258

actionadmin_menuwpos-plugins\includes\admin\class-espbw-admin.php:19

actionadmin_enqueue_scriptswpos-plugins\includes\class-espbw-script.php:19

actionplugins_loadedwpos-plugins\wpos-recommendation.php:185

Scheduled Events 1

wpos_monthly_cron_hook

Maintenance & Trust

Video gallery and Player Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 20, 2026

PHP min version

Downloads120K

Community Trust

Rating88/100

Number of ratings16

Active installs1K

Alternatives

Video gallery and Player Alternatives

No alternatives data available yet.

Developer Profile

Video gallery and Player Developer Profile

Essential Plugin

33 plugins · 205K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

219 days

View full developer profile

Detection Fingerprints

How We Detect Video gallery and Player

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/html5-videogallery-plus-player/assets/css/video-gallery-style.css/wp-content/plugins/html5-videogallery-plus-player/assets/js/custom-script.js/wp-content/plugins/html5-videogallery-plus-player/assets/js/custom-script-min.js/wp-content/plugins/html5-videogallery-plus-player/assets/js/magnific-popup.min.js/wp-content/plugins/html5-videogallery-plus-player/assets/js/magnific-popup.js/wp-content/plugins/html5-videogallery-plus-player/assets/js/jquery.validate.min.js/wp-content/plugins/html5-videogallery-plus-player/assets/js/jquery.validate.js/wp-content/plugins/html5-videogallery-plus-player/assets/js/blocks.build.js

Script Paths

/wp-content/plugins/html5-videogallery-plus-player/assets/js/custom-script.js/wp-content/plugins/html5-videogallery-plus-player/assets/js/custom-script-min.js/wp-content/plugins/html5-videogallery-plus-player/assets/js/magnific-popup.min.js/wp-content/plugins/html5-videogallery-plus-player/assets/js/magnific-popup.js/wp-content/plugins/html5-videogallery-plus-player/assets/js/jquery.validate.min.js/wp-content/plugins/html5-videogallery-plus-player/assets/js/jquery.validate.js+1 more

Version Parameters

/wp-content/plugins/html5-videogallery-plus-player/assets/css/video-gallery-style.css?ver=/wp-content/plugins/html5-videogallery-plus-player/assets/js/custom-script.js?ver=/wp-content/plugins/html5-videogallery-plus-player/assets/js/magnific-popup.min.js?ver=/wp-content/plugins/html5-videogallery-plus-player/assets/js/jquery.validate.min.js?ver=/wp-content/plugins/html5-videogallery-plus-player/assets/js/blocks.build.js?ver=

HTML / DOM Fingerprints

CSS Classes

video-gallery-pro-mainvideo-gallery-lite-mainsp-html5video-publicsp-video-gallery-wrap

HTML Comments

Data Attributes

data-video-gallery-id

JS Globals

WP_Html5Vp_Block

Shortcode Output

[sp_html5video gallery_id=

FAQ