WP-Safety

Outdooractive Embed Security & Risk Analysis

wordpress.org/plugins/outdooractive-embed

Embed any kind of content from outdooractive.com into your WordPress site.

400 active installs v1.6 PHP + WP 5.0+ Updated Mar 27, 2025
bikinghikinghutmountaineeringtrekking
91
A · Safe
CVEs total1
Unpatched0
Last CVEDec 19, 2024
Plugin page Download
Safety Verdict

Is Outdooractive Embed Safe to Use in 2026?

Generally Safe

Score 91/100

Outdooractive Embed has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 19, 2024Updated 1yr ago
Risk Assessment

The outdooractive-embed plugin version 1.6 presents a generally good security posture, with a lack of critical code-level vulnerabilities indicated by the static analysis. The absence of dangerous functions, raw SQL queries, and unsanitized taint flows are positive signs. The plugin also demonstrates good practice by using prepared statements for all its SQL queries and implementing capability checks on its entry points. However, a notable concern is the 71% proper output escaping rate, meaning a portion of its output is not adequately sanitized, potentially leaving it vulnerable to Cross-Site Scripting (XSS) attacks, especially given its vulnerability history. The plugin has had one previous vulnerability classified as a medium severity XSS, which aligns with the observed output escaping weakness. While there are no currently unpatched vulnerabilities, the past incident coupled with the imperfect escaping suggests a potential ongoing risk. The plugin's limited attack surface, with no unprotected entry points, is a strength, but the imperfect output escaping requires attention to fully mitigate risks.

Key Concerns

  • Incomplete output escaping
  • Previous medium XSS vulnerability
  • No nonce checks on entry points
Vulnerabilities
1

Outdooractive Embed Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-11774medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Outdooractive Embed <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 19, 2024 Patched in 1.6 (5d)
Code Analysis
Analyzed Mar 16, 2026

Outdooractive Embed Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
14
35 escaped
Nonce Checks
0
Capability Checks
4
File Operations
0
External Requests
3
Bundled Libraries
1

Bundled Libraries

TinyMCE

Output Escaping

71% escaped49 total outputs
Attack Surface

Outdooractive Embed Attack Surface

Entry Points4
Unprotected0

Shortcodes 4

[list2go] shortcodes.php:269
[tour2go] shortcodes.php:270
[hut2go] shortcodes.php:271
[oaembed] shortcodes.php:272
WordPress Hooks 12
actionadmin_menuconfigpage.php:8
actionadmin_initconfigpage.php:9
actioninitoutdooractive.php:17
filtermce_external_languagesoutdooractive.php:24
actionadmin_initoutdooractive.php:26
filtermce_buttonsoutdooractive.php:30
filtermce_external_pluginsoutdooractive.php:31
actionadmin_enqueue_scriptsoutdooractive.php:52
actionadmin_noticesoutdooractive.php:59
actionadmin_initoutdooractive.php:78
actioninitoutdooractive.php:122
actionwidgets_initWidgets\EmbedContent.php:144
Maintenance & Trust

Outdooractive Embed Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 27, 2025
PHP min version
Downloads8K

Community Trust

Rating46/100
Number of ratings3
Active installs400
Alternatives

Outdooractive Embed Alternatives

Trail Status

Trail Status

trail-status

A
100

Display the status of trails on your website.

10 No CVEs
Lift & Trail Status

Lift & Trail Status

lift-trail-status

A
100

Display the status of lifts and trails for your ski resort or adventure park on your website. Great for mountain bike, water, ropes & adventure parks.

0 No CVEs
DSGVO All in one for WP

DSGVO All in one for WP

dsgvo-all-in-one-for-wp

A
97

An All in One GDPR Plugin for everything! Responsive Cookie Notice - Imprint & Privacy Policy Generator - integrate external Services GDPR complia &hellip;

20K 5 CVEs
Legal Text Connector of the IT-Recht Kanzlei

Legal Text Connector of the IT-Recht Kanzlei

legal-texts-connector-it-recht-kanzlei

A
100

Ensures that your website is always provided with warning-proof legal texts from IT-Recht Kanzlei after booking the GTC service.

10K No CVEs
WP DSGVO Tools (GDPR)

WP DSGVO Tools (GDPR)

shapepress-dsgvo

B
84

WP DSGVO Tools (GDPR) by legalweb.io help you to fulfill the GDPR (DSGVO) compliance guidance (GDPR)

10K 6 CVEs
Developer Profile

Outdooractive Embed Developer Profile

outdooractive

1 plugin · 400 total installs

94
trust score
Avg Security Score
91/100
Avg Patch Time
5 days
View full developer profile
Detection Fingerprints

How We Detect Outdooractive Embed

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/outdooractive-embed/outdooractive.css/wp-content/plugins/outdooractive-embed/Gutenberg/gutenberg.css
Script Paths
/wp-content/plugins/outdooractive-embed/OAButton/oamenubuttonpro.js/wp-content/plugins/outdooractive-embed/OAButton/oamenubutton.js/wp-content/plugins/outdooractive-embed/Gutenberg/gutenberg.js
Version Parameters
outdooractive-embed/outdooractive.css?ver=outdooractive-embed/Gutenberg/gutenberg.css?ver=

HTML / DOM Fingerprints

CSS Classes
wp-block-outdooractive-embed
Data Attributes
data-urldata-maxwidthdata-pro
JS Globals
outdooractive_gutenberg_editor_scriptoutdooractive_gutenberg_script
Shortcode Output
[oaembed <script type="text/javascript" src="https://www.outdooractive.com/part of outdooractive</a>
FAQ

Frequently Asked Questions about Outdooractive Embed