Does Simple Flowplayer have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Flowplayer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Flowplayer compatible with WordPress 3.3.2?

According to WordPress.org data, Simple Flowplayer 0.9.5 has been tested up to WordPress 3.3.2. Check the plugin's changelog for the latest compatibility information.

How often is Simple Flowplayer updated?

Simple Flowplayer was last updated on Feb 4, 2012. Frequent updates are generally a positive security signal.

What is Simple Flowplayer's security score?

Simple Flowplayer has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Flowplayer Security & Risk Analysis

wordpress.org/plugins/simple-flowplayer

Dieses Plugin ermöglicht das einfache präsentieren von Medien aus der Mediathek, sowie externen Quellen, mit hilfe des Flowplayers.

10 active installs v0.9.5 PHP + WP 2.9+ Updated Feb 4, 2012

audioflowplayermediaplayer

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Simple Flowplayer Safe to Use in 2026?

Generally Safe

Score 85/100

Simple Flowplayer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The 'simple-flowplayer' plugin exhibits a strong security posture with no known vulnerabilities in its history and a clean record regarding dangerous functions and direct SQL queries. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface. However, the static analysis reveals a concerning aspect: 33% of output escaping is not properly handled, which could lead to Cross-Site Scripting (XSS) vulnerabilities if user-controlled data is directly outputted without sanitization. While the taint analysis shows only one flow with unsanitized paths and no critical or high-severity issues, this single instance warrants attention as it indicates a potential entry point for malicious input, even if currently assessed as low risk. The presence of one capability check suggests some basic security awareness, but the lack of nonce checks on potential entry points (though currently none are present) is a common best practice that is missing. Overall, the plugin is well-structured with minimal potential for common web attacks, but the unescaped output presents a tangible risk that should be addressed to achieve a more robust security profile.

Key Concerns

Unescaped output identified
Flow with unsanitized path

Vulnerabilities

None known

Simple Flowplayer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Simple Flowplayer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

33% escaped6 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

saveOptions (screen-simple-flowplayer.php:281)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Simple Flowplayer Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionadmin_menuscreen-simple-flowplayer.php:89

actioninitscreen-simple-flowplayer.php:368

Maintenance & Trust

Simple Flowplayer Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2

Last updatedFeb 4, 2012

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Simple Flowplayer Alternatives

Compact WP Audio Player

compact-wp-audio-player

A Compact WP Audio Player Plugin that is compatible with all major browsers and devices (Android, iPhone, iPad)

20K 6 CVEs

Lean Player – Video and Audio Player for WordPress, Elementor, Block Editor and Classic Editor

az-video-and-audio-player-addon-for-elementor

100

WordPress Video Player & Audio Player plugin - simple, lightweight and customizable HTML5, YouTube, Vimeo & mp3 media player that supports all devices

3K No CVEs

WaveSurfer-WP

wavesurfer-wp

Customizable HTML5 Audio controller with waveform preview (mixed or split channels), using WordPress native audio and playlist shortcode.

400 1 CVE

zbPlayer

zbplayer

zbPlayer is a small and very easy plugin. It does one thing: capture mp3 links and insert a small flash player instead.

300 No CVEs

Media Downloader

media-downloader

Lists MP3 files from a folder.

100 3 CVEs

Developer Profile

Simple Flowplayer Developer Profile

tumichnix

2 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Flowplayer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-flowplayer/flowplayer/flowplayer-3.2.4.min.js/wp-content/plugins/simple-flowplayer/flowplayer/flowplayer-3.2.4.swf

Script Paths

/wp-content/plugins/simple-flowplayer/flowplayer/flowplayer-3.2.4.min.js

Version Parameters

simple-flowplayer/flowplayer/flowplayer-3.2.4.min.js?ver=

HTML / DOM Fingerprints

JS Globals

flowplayer

Shortcode Output

<div style="margin-top: 3px; display:block; width: height:" id=""></div>

FAQ