Does oEmbed Manager have any unpatched vulnerabilities?

No. All known vulnerabilities in oEmbed Manager have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is oEmbed Manager compatible with WordPress 6.9.4?

According to WordPress.org data, oEmbed Manager 3.3.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is oEmbed Manager compatible with PHP 8.1+?

oEmbed Manager requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is oEmbed Manager updated?

oEmbed Manager was last updated on Nov 22, 2025. Frequent updates are generally a positive security signal.

What is oEmbed Manager's security score?

oEmbed Manager has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

oEmbed Manager Security & Risk Analysis

wordpress.org/plugins/oembed-manager

Manage oEmbed capabilities of your website and take a new step in the GDPR compliance of your embedded content.

200 active installs v3.3.0 PHP 8.1+ WP 6.2+ Updated Nov 22, 2025

embedgdprmanageroembedprivacy

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is oEmbed Manager Safe to Use in 2026?

Generally Safe

Score 100/100

oEmbed Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The oEmbed Manager v3.3.0 plugin exhibits a mixed security posture. On the positive side, it has no known vulnerabilities (CVEs) and the static analysis did not reveal any critical or high severity taint flows, nor any dangerous functions or raw SQL queries without prepared statements. The majority of SQL queries are properly prepared, and a reasonable number of nonce and capability checks are present. However, there are significant areas of concern. The plugin has an unprotected AJAX handler, which represents a direct entry point for potential attacks if not properly validated. Furthermore, only 45% of output is properly escaped, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities where user-supplied data might be rendered without sufficient sanitization. The presence of file operations and external HTTP requests, while not inherently insecure, increases the attack surface and warrants careful review in conjunction with other findings.

Key Concerns

Unprotected AJAX handler
Low percentage of properly escaped output

Vulnerabilities

None known

oEmbed Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

oEmbed Manager Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

51 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared18 total queries

Output Escaping

45% escaped114 total outputs

Attack Surface

1 unprotected

oEmbed Manager Attack Surface

Entry Points6

Unprotected1

AJAX Handlers 2

authwp_ajax_hide_oemm_nagincludes\plugin\class-core.php:98

authwp_ajax_poo_switch_autoupdateperfopsone\functions.php:32

Shortcodes 4

[oemm-wpcli] includes\features\class-wpcli.php:40

[oemm-changelog] includes\plugin\class-core.php:74

[oemm-libraries] includes\plugin\class-core.php:75

[oemm-statistics] includes\plugin\class-core.php:76

WordPress Hooks 36

filterinit_perfopsone_admin_menusadmin\class-oembed-manager-admin.php:230

filterinit_perfopsone_admin_baradmin\class-oembed-manager-admin.php:231

filterpre_option_embed_autourlsincludes\features\class-oembed.php:252

filterembed_oembed_discoverincludes\features\class-oembed.php:253

filtertiny_mce_pluginsincludes\features\class-oembed.php:264

filterembed_oembed_htmlincludes\features\class-oembed.php:267

filtervideo_embed_htmlincludes\features\class-oembed.php:268

filteroembed_ttlincludes\features\class-oembed.php:269

filteroembed_remote_get_argsincludes\features\class-oembed.php:270

filterrewrite_rules_arrayincludes\features\class-oembed.php:299

filterperfopsone_plugin_infoincludes\plugin\class-core.php:70

actioninitincludes\plugin\class-core.php:71

actioninitincludes\plugin\class-core.php:72

actionwp_headincludes\plugin\class-core.php:73

actionadmin_enqueue_scriptsincludes\plugin\class-core.php:89

actionadmin_enqueue_scriptsincludes\plugin\class-core.php:90

actionadmin_menuincludes\plugin\class-core.php:91

actionadmin_menuincludes\plugin\class-core.php:92

actionadmin_menuincludes\plugin\class-core.php:93

actionadmin_initincludes\plugin\class-core.php:94

filterplugin_row_metaincludes\plugin\class-core.php:96

actionadmin_noticesincludes\plugin\class-core.php:97

actionwp_enqueue_scriptsincludes\plugin\class-core.php:111

actionwp_enqueue_scriptsincludes\plugin\class-core.php:112

filterplugins_apiincludes\plugin\class-updater.php:65

filtersite_transient_update_pluginsincludes\plugin\class-updater.php:66

actionupgrader_process_completeincludes\plugin\class-updater.php:67

filterclean_urlincludes\plugin\class-updater.php:68

filterperfopsone_apcu_infoincludes\system\class-apcu.php:51

filtersite_status_testsincludes\system\class-sitehealth.php:77

filtersite_status_testsincludes\system\class-sitehealth.php:78

filtersite_status_testsincludes\system\class-sitehealth.php:79

filtersite_status_testsincludes\system\class-sitehealth.php:81

filterdebug_informationincludes\system\class-sitehealth.php:91

filterdebug_informationincludes\system\class-sitehealth.php:109

actionadmin_bar_menuperfopsone\class-adminbar.php:54

Maintenance & Trust

oEmbed Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 22, 2025

PHP min version8.1

Downloads14K

Community Trust

Rating100/100

Number of ratings4

Active installs200

Alternatives

oEmbed Manager Alternatives

Embed Consent

embed-consent

100

Replaces embed blocks with a confirmation to ask for consent before loading third-party resources.

10 No CVEs

Embed Privacy

embed-privacy

100

Embed Privacy prevents the loading of embedded external content and allows your site visitors to opt-in.

10K 1 CVE

Cookie Dash

wp-gtm-data-privacy

A plugin for quickly deploying Google Tag Manager on WordPress, with a cookie consent popup that disables the container if consent is declined.

10 No CVEs

GDPR-Extensions-com – Youtube 2xClick Solution

gdpr-extensions-com-youtube-2clicksolution

100

Short Description: The GDPR YouTube 2xClick Solution lets you embed YouTube videos while protecting user privacy through consent-based loading.

0 No CVEs

Complianz – GDPR/CCPA Cookie Consent

complianz-gdpr

Configure your Cookie Banner, Cookie Consent and Cookie Policy with our Wizard and Cookies Scan.

1.0M 9 CVEs

Developer Profile

oEmbed Manager Developer Profile

Pierre Lannoy

12 plugins · 15K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

65 days

View full developer profile

Detection Fingerprints

How We Detect oEmbed Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/oembed-manager/css/oembed-manager.css/wp-content/plugins/oembed-manager/js/oembed-manager.js

Script Paths

/wp-content/plugins/oembed-manager/js/oembed-manager.js

Version Parameters

oembed-manager/style.css?ver=oembed-manager/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

oemm-about-logooemm-exclusion-section

Data Attributes

data-oemm-id

JS Globals

oemm_plugin_settings

REST Endpoints

/wp-json/oemm/v1/settings

Shortcode Output

[oemm-libraries][oemm-changelog]

FAQ