Does Simple YouTube Responsive have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple YouTube Responsive have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple YouTube Responsive compatible with WordPress 6.9.4?

According to WordPress.org data, Simple YouTube Responsive 3.2.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Simple YouTube Responsive updated?

Simple YouTube Responsive was last updated on Feb 5, 2026. Frequent updates are generally a positive security signal.

What is Simple YouTube Responsive's security score?

Simple YouTube Responsive has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple YouTube Responsive Security & Risk Analysis

wordpress.org/plugins/simple-youtube-responsive

Easily embed responsive YouTube videos using a simple shortcode. Lazy load included.

3K active installs v3.2.6 PHP + WP 2.5+ Updated Feb 5, 2026

embedplayerresponsiveshortcodeyoutube

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 23, 2023

Plugin page Download

Safety Verdict

Is Simple YouTube Responsive Safe to Use in 2026?

Generally Safe

Score 100/100

Simple YouTube Responsive has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 23, 2023Updated 1mo ago

Risk Assessment

The "simple-youtube-responsive" plugin version 3.2.6 exhibits a generally strong security posture, with a good adherence to secure coding practices. The static analysis reveals no critical or high severity taint flows, and SQL queries are consistently handled using prepared statements. Output escaping is also robust, with a very high percentage of outputs properly escaped, and there are no dangerous functions identified. The plugin's attack surface is minimal and appears to be well-protected, with no unprotected entry points identified. File operations are present but limited, and external HTTP requests are absent, reducing potential attack vectors.

Despite the positive static analysis, the plugin has a history of a medium-severity Cross-Site Scripting (XSS) vulnerability, with the last instance being in February 2023. While this vulnerability is currently unpatched, the fact that it's the only known CVE and is of medium severity suggests that the risk may be manageable if addressed promptly. The absence of nonce checks and capability checks on its single shortcode, while not directly leading to immediate critical risks in the current analysis, represents a potential area for improvement in hardening against certain types of attacks, especially if the shortcode's functionality were to evolve to handle more sensitive user input in the future. The bundled TinyMCE library is a common component, but its version is not specified, which could be a minor concern if it's outdated.

In conclusion, "simple-youtube-responsive" v3.2.6 is a relatively secure plugin, demonstrating good development practices in crucial areas like SQL and output handling. The primary area of concern stems from its past XSS vulnerability, which, although medium in severity and not present in the current version's analysis, warrants attention. The limited number of capability checks on the shortcode is a minor weakness that could be strengthened. Overall, the plugin presents a low to moderate risk, with the potential for further hardening.

Key Concerns

Past medium severity XSS vulnerability
Missing nonce check on shortcode
Missing capability check on shortcode

Vulnerabilities

Simple YouTube Responsive Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-25982medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple YouTube Responsive <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Feb 23, 2023 Patched in 3.0 (334d)

Code Analysis

Analyzed Mar 16, 2026

Simple YouTube Responsive Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

37 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

Output Escaping

97% escaped38 total outputs

Attack Surface

Simple YouTube Responsive Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[youtube] fxs\fxs-shortcode.php:273

WordPress Hooks 13

actionadmin_menuadmin\admin-about.php:15

actionadmin_menuadmin\admin-options.php:13

actionadmin_initadmin\admin-options.php:14

actionadmin_initadmin\admin-options.php:15

actionadmin_menuadmin\admin-shortcode.php:15

filterwidget_textfxs\fxs-backend.php:12

actionwp_footerfxs\fxs-backend.php:41

actionwp_enqueue_scriptsfxs\fxs-backend.php:48

filtermce_external_pluginsfxs\fxs-frontend.php:23

filtermce_buttonsfxs\fxs-frontend.php:25

actioninitfxs\fxs-frontend.php:27

filterthe_contentfxs\fxs-shortcode.php:124

actionamp_post_template_headfxs\fxs-shortcode.php:130

Maintenance & Trust

Simple YouTube Responsive Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 5, 2026

PHP min version

Downloads57K

Community Trust

Rating100/100

Number of ratings12

Active installs3K

Alternatives

Simple YouTube Responsive Alternatives

Widget Responsive for Youtube

youtube-widget-responsive

Widgets + ShortCode responsive to embed youtube in your sidebar or in your content [youtube video=...] or in WPBakery Page Builder, with SEO http://sc …

8K 1 CVE