Does Media Stream (Bunny Stream Video Offload) have any unpatched vulnerabilities?

No. All known vulnerabilities in Media Stream (Bunny Stream Video Offload) have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Media Stream (Bunny Stream Video Offload) compatible with WordPress 6.9.4?

According to WordPress.org data, Media Stream (Bunny Stream Video Offload) 1.1.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Media Stream (Bunny Stream Video Offload) compatible with PHP 7.2+?

Media Stream (Bunny Stream Video Offload) requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Media Stream (Bunny Stream Video Offload) updated?

Media Stream (Bunny Stream Video Offload) was last updated on Dec 30, 2025. Frequent updates are generally a positive security signal.

What is Media Stream (Bunny Stream Video Offload)'s security score?

Media Stream (Bunny Stream Video Offload) has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Media Stream (Bunny Stream Video Offload) Security & Risk Analysis

wordpress.org/plugins/media-stream

Automatically syncs WordPress Media Library videos to Bunny.net Stream (BunnyCDN’s video platform) and serves them via Bunny.net’s global CDN.

100 active installs v1.1.6 PHP 7.2+ WP 6.5+ Updated Dec 30, 2025

bunnycdnmedia-librarystreamvideo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Media Stream (Bunny Stream Video Offload) Safe to Use in 2026?

Generally Safe

Score 100/100

Media Stream (Bunny Stream Video Offload) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The media-stream plugin version 1.1.6 demonstrates a generally strong security posture based on the provided static analysis. A significant strength is the complete absence of raw SQL queries and a very high percentage of properly escaped output, which are common sources of vulnerabilities. Furthermore, all AJAX handlers have nonce checks, and there are no publicly known CVEs associated with this plugin, indicating a history of responsible development and maintenance.

However, there are some areas for concern. The presence of four taint flows with unsanitized paths is the most significant risk. While the static analysis did not categorize these as critical or high severity, unsanitized paths can often lead to directory traversal or other file system vulnerabilities if not handled with extreme care within the code's logic. Additionally, the plugin performs several external HTTP requests, which, while not inherently risky, represent potential attack vectors if the target URLs are compromised or if the data sent to them is not properly sanitized. The single file operation also warrants attention to ensure it's implemented securely.

In conclusion, the media-stream plugin has a solid foundation with good security practices in place. The lack of historical vulnerabilities is a positive sign. The primary area requiring scrutiny is the taint analysis indicating unsanitized paths, which needs further investigation to confirm no exploitable weaknesses exist. The overall risk is relatively low but not negligible.

Key Concerns

Taint flows with unsanitized paths
External HTTP requests detected
File operations detected

Vulnerabilities

None known

Media Stream (Bunny Stream Video Offload) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Media Stream (Bunny Stream Video Offload) Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

26 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared8 total queries

Output Escaping

96% escaped27 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths

reencode_bunny_video_clbk (app\AjaxController.php:120)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Media Stream (Bunny Stream Video Offload) Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 5

authwp_ajax_mediaStream_save_settingsapp\AjaxController.php:18

authwp_ajax_mediaStream_upload_missing_videoapp\AjaxController.php:19

authwp_ajax_reencode_bunny_videoapp\AjaxController.php:20

authwp_ajax_removelocal_bunny_videoapp\AjaxController.php:21

authwp_ajax_mediaStream_get_media_status_pingapp\AjaxController.php:22

WordPress Hooks 13

actionadmin_menuapp\MainController.php:17

actionadd_attachmentapp\MainController.php:18

actiondelete_attachmentapp\MainController.php:19

filterwp_get_attachment_urlapp\MainController.php:20

filterattachment_fields_to_editapp\MainController.php:21

actionprint_media_templatesapp\MainController.php:22

actiontemplate_redirectapp\MainController.php:23

actionadmin_enqueue_scriptsmedia-stream.php:26

actionenqueue_block_assetsmedia-stream.php:27

actionelementor/editor/after_enqueue_scriptsmedia-stream.php:29

actionelementor/preview/enqueue_scriptsmedia-stream.php:30

actionwp_enqueue_scriptsmedia-stream.php:32

actionwp_enqueue_scriptsmedia-stream.php:34

Maintenance & Trust

Media Stream (Bunny Stream Video Offload) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 30, 2025

PHP min version7.2

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

Media Stream (Bunny Stream Video Offload) Alternatives

All-in-One Video Gallery

all-in-one-video-gallery

The ultimate video player & video gallery plugin for YouTubers, Video Bloggers, Course Creators, Podcasters, and anyone embedding videos on websites.

20K 11 CVEs

Jetpack VideoPress

jetpack-videopress

100

The finest video hosting for WordPress. Drag and drop videos through the WordPress editor and keep the focus on your content, not the ads.

7K No CVEs

WpStream – Live Streaming, Video on Demand, Pay Per View

wpstream

WpStream is a Video Streaming Plugin that lets you broadcast live events and helps you sell tickets or recordings via WooCommerce.

4K 4 CVEs

Activity Plus Reloaded for BuddyPress

bp-activity-plus-reloaded

Note: This plugin will be discontinued by March 31st, 2025 in favor of BuddyPress Attachment plugin. Please migrate to the new plugin before that date …

1K 2 unpatched

Bradmax Player

bradmax-player

Embed video stream easily in WordPress using Bradmax Player. Use responsive HTML5 video player for playing HLS, MPEG-DASH, MSS streams.

1K 1 CVE

Developer Profile

Media Stream (Bunny Stream Video Offload) Developer Profile

Aryan Shirani Bid Abadi

2 plugins · 130 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Media Stream (Bunny Stream Video Offload)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/media-stream/assets/js/hls.js/wp-content/plugins/media-stream/assets/js/public-script.js/wp-content/plugins/media-stream/assets/js/script.js/wp-content/plugins/media-stream/assets/css/style.css

Script Paths

/wp-content/plugins/media-stream/assets/js/hls.js/wp-content/plugins/media-stream/assets/js/public-script.js/wp-content/plugins/media-stream/assets/js/script.js

Version Parameters

media-stream/assets/js/hls.js?ver=media-stream/assets/js/public-script.js?ver=media-stream/assets/js/script.js?ver=media-stream/assets/css/style.css?ver=

HTML / DOM Fingerprints

JS Globals

mediaStream_var

REST Endpoints

/wp-json/mediastream/v1/mediastream_diagnos

FAQ