WP-Safety

Remote My Project Playlist Plugin for WordPress Security & Risk Analysis

wordpress.org/plugins/remote-my-project-playlist-plugin-for-wordpress

This plugin is provided by Hollywood Tools LLC. It enables you to configure and embed a Remote My Project Playlist for use on your WordPress website.

10 active installs v0.6.2 PHP + WP 2.8.6+ Updated Jan 10, 2012
flashjw-playerremote-my-projectrtmpvideo
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Remote My Project Playlist Plugin for WordPress Safe to Use in 2026?

Generally Safe

Score 85/100

Remote My Project Playlist Plugin for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago
Risk Assessment

This plugin exhibits a concerning security posture due to a large number of unprotected entry points, specifically AJAX handlers. While it demonstrates good practice by using prepared statements for all SQL queries, the absence of capability and nonce checks on five out of six identified entry points leaves the plugin highly susceptible to various attacks. The static analysis revealed a significant number of dangerous functions, specifically `create_function`, and importantly, all output is unescaped, posing a risk of Cross-Site Scripting (XSS) vulnerabilities.

The taint analysis did not reveal critical or high severity flows, which is a positive sign. However, the presence of four flows with unsanitized paths, even if not deemed critical by the analysis tool, warrants attention. The complete lack of any recorded vulnerability history might suggest that the plugin hasn't been a target or that previous vulnerabilities were addressed promptly. Nevertheless, this cannot be relied upon as a sole indicator of current security. The core issue remains the exposed attack surface and lack of input/output validation.

Key Concerns

  • 5 unprotected AJAX handlers
  • 0% output properly escaped
  • Use of dangerous function: create_function
  • 0 Nonce checks
  • 0 Capability checks
  • 4 flows with unsanitized paths
Vulnerabilities
None known

Remote My Project Playlist Plugin for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Remote My Project Playlist Plugin for WordPress Code Analysis

Dangerous Functions
6
Raw SQL Queries
0
0 prepared
Unescaped Output
6
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
20
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action('admin_notices', create_function('', 'echo \'<div id="message" class="error fade"><p><strrmp-plugin.php:38
create_functionadd_action('admin_notices', create_function('', 'echo \'<div id="message" class="error fade"><p><strrmp-plugin.php:44
create_functionadd_action('admin_notices', create_function('', 'echo \'<div id="message" class="fade updated"><p><srmp-plugin.php:59
create_functionadd_action('admin_notices', create_function('', 'echo \'<div id="message" class="fade updated"><p><srmp-plugin.php:71
create_functionadd_action('admin_notices', create_function('', 'echo \'<div id="message" class="fade updated"><p><srmp-plugin.php:81
create_functionadd_action('admin_notices', create_function('', 'echo \'<div id="message" class="fade updated"><p><srmp-plugin.php:86

Output Escaping

0% escaped6 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
<rmp-player-style> (admin\rmp-player-style.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Remote My Project Playlist Plugin for WordPress Attack Surface

Entry Points6
Unprotected5

AJAX Handlers 5

noprivwp_ajax_rmp-load-playerrmp-plugin.php:145
authwp_ajax_rmp-load-playerrmp-plugin.php:146
noprivwp_ajax_rmp-load-player-jsrmp-plugin.php:147
authwp_ajax_rmp-load-player-jsrmp-plugin.php:148
authwp_ajax_rmp-verify-playerrmp-plugin.php:149

Shortcodes 1

[rmp-video] rmp-plugin.php:104
WordPress Hooks 8
actionadmin_menurmp-options.php:4
actionadmin_noticesrmp-plugin.php:38
actionadmin_noticesrmp-plugin.php:44
actionadmin_noticesrmp-plugin.php:59
actionadmin_noticesrmp-plugin.php:71
actionadmin_noticesrmp-plugin.php:74
actionadmin_noticesrmp-plugin.php:81
actionadmin_noticesrmp-plugin.php:86
Maintenance & Trust

Remote My Project Playlist Plugin for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2
Last updatedJan 10, 2012
PHP min version
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Remote My Project Playlist Plugin for WordPress Alternatives

JW Player Snapshot Tool

JW Player Snapshot Tool

jw-player-snapshot-tool

A
85

JW Player Snapshot Tool is a small JW Player module to create video snapshot

10 No CVEs
Easy Video Player

Easy Video Player

easy-video-player

A
99

Easy Video Player is a WordPress video player that allows you to add videos to your WordPress site.

20K 2 CVEs
JW Player for WordPress

JW Player for WordPress

jw-player-7-for-wp

A
99

JW Player for WordPress enables you to publish videos on your WordPress posts and pages using the most popular video player on the web.

1K 1 CVE
WP-SWFObject

WP-SWFObject

wp-swfobject

A
85

Insert Flash Movies into WordPress.

1K No CVEs
Stream Video Player

Stream Video Player

stream-video-player

C
63

Stream Video Player for WordPress its one stop solution for high quality video publishing for web or iOS.

700 1 unpatched
Developer Profile

Remote My Project Playlist Plugin for WordPress Developer Profile

ursasmar

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Remote My Project Playlist Plugin for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/remote-my-project-playlist-plugin-for-wordpress/fancybox/jquery.fancybox-1.3.4.pack.js/wp-content/plugins/remote-my-project-playlist-plugin-for-wordpress/fancybox/jquery.easing-1.3.pack.js/wp-content/plugins/remote-my-project-playlist-plugin-for-wordpress/js/jquery.jscrollpane.min.js/wp-content/plugins/remote-my-project-playlist-plugin-for-wordpress/fancybox/jquery.fancybox-1.3.4.css/wp-content/plugins/remote-my-project-playlist-plugin-for-wordpress/css/jquery.jscrollpane.css/wp-content/plugins/remote-my-project-playlist-plugin-for-wordpress/css/rmp-playlist-style.css/wp-content/plugins/remote-my-project-playlist-plugin-for-wordpress/css/rmp-player-style.css/wp-content/plugins/remote-my-project-playlist-plugin-for-wordpress/js/rmp-scripts.js
Script Paths
/wp-content/plugins/remote-my-project-playlist-plugin-for-wordpress/js/rmp-scripts.js
Version Parameters
remote-my-project-playlist-plugin-for-wordpress/fancybox/jquery.fancybox-1.3.4.pack.js?ver=remote-my-project-playlist-plugin-for-wordpress/fancybox/jquery.easing-1.3.pack.js?ver=remote-my-project-playlist-plugin-for-wordpress/js/jquery.jscrollpane.min.js?ver=remote-my-project-playlist-plugin-for-wordpress/fancybox/jquery.fancybox-1.3.4.css?ver=remote-my-project-playlist-plugin-for-wordpress/css/jquery.jscrollpane.css?ver=remote-my-project-playlist-plugin-for-wordpress/css/rmp-playlist-style.css?ver=remote-my-project-playlist-plugin-for-wordpress/css/rmp-player-style.css?ver=remote-my-project-playlist-plugin-for-wordpress/js/rmp-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
rmp-playlist-containerrmp-playlist-item
HTML Comments
<!-- RMP Video Shortcode -->
Data Attributes
data-rmp-playlistdata-rmp-configdata-rmp-typedata-rmp-autoplaydata-rmp-widthdata-rmp-height
JS Globals
RMPAjax
REST Endpoints
/wp-json/rmp/v1/playlist
Shortcode Output
[rmp-video playlist="" config="" type="playlist" autoplay="true" width="640" height="480"]
FAQ

Frequently Asked Questions about Remote My Project Playlist Plugin for WordPress