Does PlayerJS have any unpatched vulnerabilities?

Yes — PlayerJS currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is PlayerJS compatible with WordPress 6.7.5?

According to WordPress.org data, PlayerJS 2.24 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is PlayerJS compatible with PHP 5.2.4+?

PlayerJS requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is PlayerJS updated?

PlayerJS was last updated on Feb 25, 2025. Frequent updates are generally a positive security signal.

What is PlayerJS's security score?

PlayerJS has a WP-Safety security score of 69/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PlayerJS Security & Risk Analysis

wordpress.org/plugins/playerjs

The official plugin for PlayerJS.com - video & audio player builder. Make an awesome player for your website for free.

1K active installs v2.24 PHP 5.2.4+ WP 4.6+ Updated Feb 25, 2025

audio-playerhls-playerhtml5-playerplayerjsvideo-player

C · Use Caution

CVEs total2

Unpatched1

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is PlayerJS Safe to Use in 2026?

Use With Caution

Score 69/100

PlayerJS has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

2 known CVEs 1 unpatched Last CVE: Sep 22, 2025Updated 1yr ago

Risk Assessment

Player.js version 2.24 exhibits a generally good security posture based on the static analysis provided. The absence of dangerous functions, reliance on prepared statements for SQL queries, and proper output escaping are all positive indicators. The limited attack surface with no unprotected entry points is also commendable. However, the vulnerability history presents a significant concern. With two known CVEs, one of which remains unpatched, there is a clear and present risk to users of this version. The historical prevalence of Cross-Site Scripting vulnerabilities suggests a potential ongoing weakness in input sanitization or rendering, even if current static analysis did not detect specific flaws.

While the code itself appears to follow many secure coding practices, the unpatched vulnerability is a critical indicator of risk. This suggests that even if the current version passes static analysis, it is not free from known security flaws. The existence of past XSS vulnerabilities, coupled with an unpatched CVE, necessitates caution. The plugin's strengths lie in its clean code practices, but its weakness is the documented and unaddressed security flaw, making it a medium to high risk for environments where security is a priority.

Key Concerns

Unpatched CVE
Known historical XSS vulnerabilities
No nonce checks
No capability checks

Vulnerabilities

PlayerJS Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-58651medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PlayerJS <= 2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched

CVE-2025-27330medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PlayerJS <= 2.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 24, 2025 Patched in 2.24 (8d)

Code Analysis

Analyzed Mar 16, 2026

PlayerJS Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped11 total outputs

Attack Surface

PlayerJS Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[playerjs] playerjs.php:50

WordPress Hooks 10

actionadmin_menuadmin\playerjs_com_admin.php:3

actionmedia_buttonsadmin\playerjs_com_admin.php:8

actionadmin_initadmin\playerjs_com_admin.php:36

actionwp_enqueue_scriptsplayerjs.php:35

filterthe_contentplayerjs.php:49

filterwidget_textplayerjs.php:51

filterthe_excerptplayerjs.php:52

filterthe_contentplayerjs.php:53

filterthe_contentplayerjs.php:54

filterscript_loader_tagplayerjs.php:55

Maintenance & Trust

PlayerJS Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 25, 2025

PHP min version5.2.4

Downloads23K

Community Trust

Rating100/100

Number of ratings5

Active installs1K

Alternatives

PlayerJS Alternatives

StreamNexus.io Embed Videos

streamnexus-io-embed-videos

100

Easily embed StreamNexus.io hosted videos using a shortcode. The plugin embeds an HTML5 ABR HLS video player.

0 No CVEs

AudioIgniter Music Player

audioigniter

100

AudioIgniter lets you create music playlists and embed them in your WordPress posts, pages or custom post types and serve your audio content in style!

10K No CVEs

CP Media Player – Audio Player and Video Player

audio-and-video-player

100

CP Media Player - Audio and Video Player supported by major browsers, such as IE, Firefox, Opera, Safari, Chrome, and mobile devices: iPhone, iPad, An …

3K 1 CVE

Lean Player – Video and Audio Player for WordPress, Elementor, Block Editor and Classic Editor

az-video-and-audio-player-addon-for-elementor

100

WordPress Video Player & Audio Player plugin - simple, lightweight and customizable HTML5, YouTube, Vimeo & mp3 media player that supports all devices

3K No CVEs

FV Player 8

fv-player

100

WordPress's most reliable, easy to use and feature-rich video player. Supports playlists, ads, stats and user video position saving.

1K No CVEs

Developer Profile

PlayerJS Developer Profile

PlayerJS

1 plugin · 1K total installs

trust score

Avg Security Score

69/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect PlayerJS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/playerjs/playerjs_default.js

Script Paths