WP-Safety

SmartS3 Security & Risk Analysis

wordpress.org/plugins/smarts3

SmartS3 is a simple video plugin that lets you easily embed Amazon S3 videos into your WordPress blog.

10 active installs v0.0.2 PHP + WP 3.5.1+ Updated Jun 5, 2014
amazon-s3flowplayervideo
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SmartS3 Safe to Use in 2026?

Generally Safe

Score 85/100

SmartS3 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "smarts3" v0.0.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and having no recorded vulnerabilities or CVEs, suggesting a history of responsible development or a lack of historical scrutiny. The absence of taint analysis findings is also a good sign. However, several concerning signals are present in the static analysis. Notably, the plugin uses the `unserialize` function six times, which is a known vector for remote code execution if the serialized data originates from an untrusted source. Furthermore, there are no nonce checks or capability checks implemented for any of the identified entry points, meaning any user, regardless of their role or permissions, could potentially trigger these functions. The 38% of outputs that are not properly escaped also pose a risk for cross-site scripting (XSS) vulnerabilities. While the attack surface is small, the lack of fundamental security checks on these entry points and the risky use of `unserialize` are significant weaknesses that need to be addressed.

Key Concerns

  • Use of unserialize
  • No nonce checks
  • No capability checks
  • Unescaped output detected
Vulnerabilities
None known

SmartS3 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

SmartS3 Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

SmartS3 Code Analysis

Dangerous Functions
6
Raw SQL Queries
0
4 prepared
Unescaped Output
5
8 escaped
Nonce Checks
0
Capability Checks
0
File Operations
55
External Requests
4
Bundled Libraries
1

Dangerous Functions Found

unserialize$data = unserialize($serialized);includes/aws/Aws/Common/Model/MultipartUpload/AbstractTransferState.php:141
unserialize$this->loadData(unserialize($serialized));includes/aws/Aws/Common/Model/MultipartUpload/AbstractUploadId.php:68
unserialize$this->loadData(unserialize($serialized));includes/aws/Aws/Common/Model/MultipartUpload/AbstractUploadPart.php:81
unserializereturn unserialize($data);includes/aws/Doctrine/Common/Cache/FilesystemCache.php:69
unserializereturn $this->doContains($id) ? unserialize(xcache_get($id)) : false;includes/aws/Doctrine/Common/Cache/XcacheCache.php:42
unserialize$meta = unserialize(file_get_contents($metadata));includes/aws/Symfony/Component/ClassLoader/ClassCollectionLoader.php:71

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared4 total queries

Output Escaping

62% escaped13 total outputs
Attack Surface

SmartS3 Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[smarts3] smarts3.php:268
WordPress Hooks 7
actionadmin_print_footer_scriptsadmin/class-smarts3-admin.php:60
actionwp_enqueue_scriptssmarts3.php:265
actionmedia_buttons_contextsmarts3.php:266
actionadmin_footersmarts3.php:267
filtersmarts3_player_optionssmarts3.php:269
actionadmin_initsmarts3.php:270
actionadmin_enqueue_scriptssmarts3.php:271
Maintenance & Trust

SmartS3 Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2
Last updatedJun 5, 2014
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

SmartS3 Alternatives

FV Flowplayer Video Player

FV Flowplayer Video Player

fv-wordpress-flowplayer

A
87

WordPress's most reliable, easy to use and feature-rich video player. Supports responsive design, HTML5, playlists, ads, stats, Vimeo and YouTube.

20K 23 CVEs
Flowplayer Video Player

Flowplayer Video Player

flowplayer6-video-player

A
85

Add a video file to WordPress with Flowplayer style. Embed a self-hosted, external or HTML5 compatible responsive video into a page with flowplayer.

1K 1 CVE
Flowplayer Platform Embed

Flowplayer Platform Embed

flowplayer-platform-embed

A
85

Flowplayer/WordPress plugin is an extremely simple tool to embed videos on your WP site.

20 No CVEs
Flowplayer Playlist

Flowplayer Playlist

flowplayer-playlist

A
85

Flowplayer Playlist is a free plugin to embed video playlist in WordPress.

10 No CVEs
flowplayer-wrapper

flowplayer-wrapper

flowplayer-wrapper

A
85

Including standard videos via flowplayer into your blog. Version 1.1.2 or higher are requiring PHP5.

10 No CVEs
Developer Profile

SmartS3 Developer Profile

John Morris

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SmartS3

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/smarts3/css/style.css

HTML / DOM Fingerprints

CSS Classes
smarts3_shortcode_generator_innerform_fieldform_field_halfform_field_submitsmarts3_halfsmarts3_autoplay
Data Attributes
id="smarts3_shortcode_generator"id="smarts3_mp4"id="smarts3_ogg"id="smarts3_webm"id="smarts3_poster"id="smarts3_width"+4 more
JS Globals
jQuery
Shortcode Output
[smarts3
FAQ

Frequently Asked Questions about SmartS3