Does oEmbed External Video have any unpatched vulnerabilities?

No. All known vulnerabilities in oEmbed External Video have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is oEmbed External Video compatible with WordPress 6.1.10?

According to WordPress.org data, oEmbed External Video 2.3.0 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is oEmbed External Video compatible with PHP 5.3+?

oEmbed External Video requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is oEmbed External Video updated?

oEmbed External Video was last updated on Mar 13, 2023. Frequent updates are generally a positive security signal.

What is oEmbed External Video's security score?

oEmbed External Video has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

oEmbed External Video Security & Risk Analysis

wordpress.org/plugins/oembed-external-video

oEmbed External Video plugin converts any external mp4 url into HTML5 video tag

300 active installs v2.3.0 PHP 5.3+ WP 4.6+ Updated Mar 13, 2023

external-videohtml5mp4oembedvideo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is oEmbed External Video Safe to Use in 2026?

Generally Safe

Score 85/100

oEmbed External Video has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "oembed-external-video" v2.3.0 plugin exhibits a generally strong security posture based on the provided static analysis. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface. Furthermore, the code shows good practices regarding SQL queries, exclusively using prepared statements, and the absence of file operations or external HTTP requests further reduces potential vulnerabilities. The lack of recorded CVEs in its history also suggests a history of responsible development.

However, a critical concern arises from the significantly low percentage of properly escaped output (11%). This indicates a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data or external content rendered by the plugin may not be adequately sanitized before being displayed. The absence of capability checks and nonce checks, while perhaps justifiable given the limited attack surface, still represents missed opportunities for defense-in-depth.

In conclusion, while the plugin is commendable for its limited attack surface and secure handling of database interactions, the prevalent lack of output escaping is a serious weakness that could lead to exploitable XSS flaws. It's crucial for users to be aware of this risk and for developers to address the output escaping issues.

Key Concerns

Low output escaping percentage
No capability checks
No nonce checks

Vulnerabilities

None known

oEmbed External Video Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

oEmbed External Video Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

11% escaped9 total outputs

Attack Surface

oEmbed External Video Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionplugins_loadedoEmbed-external-video.php:17

actionadmin_menuoEmbed-external-video.php:97

actionadmin_initoEmbed-external-video.php:108

actionadmin_noticesoEmbed-external-video.php:140

Maintenance & Trust

oEmbed External Video Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedMar 13, 2023

PHP min version5.3

Downloads16K

Community Trust

Rating100/100

Number of ratings2

Active installs300

Alternatives

oEmbed External Video Alternatives

HTML5 Video Player – Embed and Play Videos in Custom Player

html5-video-player

HTML5 Video Player Plugin lets you embed responsive videos in WordPress. It’s easy to use, fast, and supports MP4, WebM, OGG, FLV, Youtube and Vimeo.

20K 8 CVEs

Gabfire Media Module

gabfire-media-module

Gabfire Media Module extends the functionality of WordPress Featured Image to support Videos and Default Post Images.

100 No CVEs

HTML5 Video Player with Playlist

html5-video-player-with-playlist

Allows Wordpress users to easily use HTML5 < video > the element enable native video playback within the browser. It supports Android, iOS/iPad/ …

50 2 unpatched

dPlayer – Video Player for WordPress

dplayer

A nice video player plugin. This video player support various video file type, It support logo overlay and call to action button on the video player.

40 No CVEs

IV Player

ivplayer

IV Player is an interactive video player, if you are a teacher/educator/guru who wants to provide video content to your students/learners, then IV Pla …

10 No CVEs

Developer Profile

oEmbed External Video Developer Profile

Ali Qureshi

5 plugins · 2K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

20 days

View full developer profile

Detection Fingerprints

How We Detect oEmbed External Video

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output

<video

FAQ