WP-Safety

Simple Video Post Security & Risk Analysis

wordpress.org/plugins/simple-video-post

A simple video post plugin that support YouTube/Vimeo/Facebook/Dailymotion like video sharing website. No coding required.

0 active installs v1.0.0 PHP 7.4+ WP 4.7.0+ Updated Unknown
facebook-html5-playerhtml5-video-playervideojsvimeo-html5-playeryoutube-html5-player
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Simple Video Post Safe to Use in 2026?

Generally Safe

Score 100/100

Simple Video Post has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "simple-video-post" plugin v1.0.0 exhibits a mixed security posture. On the positive side, it shows good practices in SQL query handling, with 100% using prepared statements, and a high rate of proper output escaping (89%). The absence of any recorded vulnerabilities in its history is also a positive indicator, suggesting a generally well-maintained codebase.

However, significant concerns arise from its attack surface and code signals. The plugin exposes a total of 5 entry points, with a substantial 80% (4 out of 4) lacking authentication checks. This makes a large portion of its functionality susceptible to unauthorized access. Additionally, the presence of 'unserialize' without further context on its usage is a red flag, as it can lead to remote code execution vulnerabilities if untrusted data is unserialized. The two taint flows with unsanitized paths, although not classified as critical or high severity, still warrant attention as they indicate potential weaknesses in data handling.

While the plugin has no known CVEs and a clean vulnerability history, this cannot entirely offset the immediate risks presented by the large number of unprotected AJAX handlers and the potential danger of unserialize. The plugin's current version, v1.0.0, also suggests it may be an older release and could benefit from further security hardening. In conclusion, the plugin has strengths in its data querying and output handling but weaknesses in its access control mechanisms and potential for insecure deserialization.

Key Concerns

  • 4 unprotected AJAX handlers
  • Use of unserialize function
  • 2 flows with unsanitized paths
  • 2 capability checks but only 4 nonce checks
Vulnerabilities
None known

Simple Video Post Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Simple Video Post Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
4 prepared
Unescaped Output
12
102 escaped
Nonce Checks
4
Capability Checks
2
File Operations
0
External Requests
3
Bundled Libraries
1

Dangerous Functions Found

unserialize$sources = isset( $post_meta['sources'] ) ? unserialize( $post_meta['sources'][0] ) : array();admin\videos.php:71
unserialize$params['sources'] = unserialize( $post_meta['sources'][0] );includes\player.php:799
unserialize$track = unserialize( $track );includes\player.php:835

Bundled Libraries

Select2

SQL Query Safety

100% prepared4 total queries

Output Escaping

89% escaped114 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
save_meta_data (admin\videos.php:103)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Simple Video Post Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 4

authwp_ajax_svp_set_cookieincludes\init.php:160
noprivwp_ajax_svp_set_cookieincludes\init.php:161
authwp_ajax_svp_update_views_countincludes\init.php:170
noprivwp_ajax_svp_update_views_countincludes\init.php:171

Shortcodes 1

[svp_video] public\video.php:31
WordPress Hooks 22
filterwp_kses_allowed_htmladmin\videos.php:185
actionplugins_loadedincludes\init.php:104
actionadmin_initincludes\init.php:118
actionadmin_enqueue_scriptsincludes\init.php:119
actionadmin_enqueue_scriptsincludes\init.php:120
filterwp_check_filetype_and_extincludes\init.php:123
actionbefore_delete_postincludes\init.php:127
actionadd_meta_boxesincludes\init.php:130
actionsave_postincludes\init.php:131
actionmanage_svp_videos_posts_custom_columnincludes\init.php:132
filtermanage_edit-svp_videos_columnsincludes\init.php:134
actionadmin_menuincludes\init.php:140
actionadmin_initincludes\init.php:141
actiontemplate_redirectincludes\init.php:155
actioninitincludes\init.php:156
actionwp_loadedincludes\init.php:157
actionwp_enqueue_scriptsincludes\init.php:158
actionwp_enqueue_scriptsincludes\init.php:159
filterhas_post_thumbnailincludes\init.php:163
filterpost_thumbnail_htmlincludes\init.php:164
actiontemplate_includeincludes\init.php:169
filterthe_contentincludes\init.php:173
Maintenance & Trust

Simple Video Post Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedUnknown
PHP min version7.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Simple Video Post Alternatives

HTML5 Video Player – Embed and Play Videos in Custom Player

HTML5 Video Player – Embed and Play Videos in Custom Player

html5-video-player

A
94

HTML5 Video Player Plugin lets you embed responsive videos in WordPress. It’s easy to use, fast, and supports MP4, WebM, OGG, FLV, Youtube and Vimeo.

20K 8 CVEs
Videojs HTML5 Player

Videojs HTML5 Player

videojs-html5-player

A
99

Embed video file beautifully in WordPress using Video.js HTML5 Player. Embed HTML5 compatible responsive video in your post/page with Video.js.

8K 2 CVEs
HLS Player

HLS Player

hls-player

A
91

HLS Player is a lightweight HTTP Live Streaming player for WordPress, using video.js for easy embedding HLS videos into posts and pages.

600 1 CVE
Fluid Player

Fluid Player

fluid-player

A
85

The plugin makes it easy to embed the VAST ready Fluid Player video player.

400 No CVEs
WP Smart TV

WP Smart TV

wp-smart-tv

A
99

The ultimate toolkit for video streaming services using WordPress. Turn your site into an video service similar to YouTube or Vimeo.

300 1 CVE
Developer Profile

Simple Video Post Developer Profile

rawalprashant

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Simple Video Post

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/simple-video-post/public/assets/css/magnific-popup.css/wp-content/plugins/simple-video-post/admin/assets/css/admin.css/wp-content/plugins/simple-video-post/admin/assets/js/admin.js/wp-content/plugins/simple-video-post/public/assets/js/public.js
Script Paths
https://use.fontawesome.com/releases/v5.15.3/css/all.css
Version Parameters
simple-video-post/admin/assets/css/admin.css?ver=simple-video-post/admin/assets/js/admin.js?ver=simple-video-post/public/assets/js/public.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-svp-video-iddata-svp-video-widthdata-svp-video-heightdata-svp-video-autoplaydata-svp-video-loopdata-svp-video-muted+6 more
JS Globals
svp_admin
Shortcode Output
[svp_video
FAQ

Frequently Asked Questions about Simple Video Post