Does Spotlightr have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Spotlightr compatible with WordPress 6.7.5?

According to WordPress.org data, Spotlightr 0.1.13 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Spotlightr compatible with PHP 7.0+?

Spotlightr requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Spotlightr updated?

Spotlightr was last updated on Feb 4, 2025. Frequent updates are generally a positive security signal.

What is Spotlightr's security score?

Spotlightr has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Spotlightr Security & Risk Analysis

wordpress.org/plugins/spotlightr

Video for Small Businesses & Big Ideas

200 active installs v0.1.13 PHP 7.0+ WP 5.3+ Updated Feb 4, 2025

embedhostingstreamingvideo

A · Safe

CVEs total1

Unpatched0

Last CVEDec 19, 2024

Plugin page Download

Safety Verdict

Is Spotlightr Safe to Use in 2026?

Generally Safe

Score 91/100

Spotlightr has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Dec 19, 2024Updated 1yr ago

Risk Assessment

The plugin 'spotlightr' v0.1.13 exhibits a mixed security posture. While it demonstrates strong practices in handling SQL queries and output escaping, with 100% of SQL using prepared statements and 99% of outputs properly escaped, there are significant concerns regarding its attack surface. A substantial portion of its entry points, specifically 6 out of 10, are unprotected AJAX handlers, indicating a potential for unauthorized execution of sensitive functions.

The vulnerability history shows a single known CVE, which is currently patched, and it was of medium severity related to Cross-site Scripting. The absence of critical or high-severity vulnerabilities in its history, combined with the excellent SQL and output handling, suggests that the developers are responsive to security issues and implement good coding standards for data manipulation and display. However, the lack of nonces on AJAX endpoints and a stated capability check of only one is a critical weakness that could be exploited if an attacker can trigger these handlers.

Overall, while the plugin has strong data handling practices and a history of addressing vulnerabilities, the significant number of unprotected AJAX handlers presents a clear and present risk. This, coupled with the absence of nonce checks on these critical entry points, outweighs the positive aspects and requires immediate attention to secure these functionalities.

Key Concerns

Unprotected AJAX handlers
Missing nonce checks on AJAX
Limited capability checks on AJAX

Vulnerabilities

1 published

Spotlightr Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-11411medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Spotlightr <= 0.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 19, 2024 Patched in 0.1.12 (42d)

Version History

Spotlightr Release Timeline

v0.1.13Current

v0.1.12

v0.1.111 CVE

v0.1.101 CVE

v0.1.91 CVE

v0.1.81 CVE

v0.1.71 CVE

v0.1.61 CVE

v0.1.51 CVE

v0.1.41 CVE

v0.1.31 CVE

v0.1.21 CVE

v0.1.11 CVE

v0.1.01 CVE

Code Analysis

Analyzed Mar 16, 2026

Spotlightr Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

124 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

99% escaped125 total outputs

Attack Surface

6 unprotected

Spotlightr Attack Surface

Entry Points10

Unprotected6

AJAX Handlers 6

authwp_ajax_spotlightr_ajax_loginspotlightr.php:76

authwp_ajax_spotlightr_ajax_logoutspotlightr.php:77

authwp_ajax_spotlightr_ajax_sign_upspotlightr.php:78

authwp_ajax_spotlightr_ajax_add_groupspotlightr.php:79

authwp_ajax_spotlightr_ajax_get_videosspotlightr.php:80

authwp_ajax_spotlightr_ajax_get_groupsspotlightr.php:81

Shortcodes 4

[spotlightr-v] spotlightr.php:745

[spotlightr-g] spotlightr.php:746

[spotlightr-q] spotlightr.php:747

[spotlightr-p] spotlightr.php:748

WordPress Hooks 15

actionadmin_enqueue_scriptsspotlightr.php:74

actionadmin_menuspotlightr.php:75

actionadmin_enqueue_scriptsspotlightr.php:82

actioninitspotlightr.php:83

actionwp_headspotlightr.php:84

actionadmin_enqueue_scriptsspotlightr.php:85

actionadmin_enqueue_scriptsspotlightr.php:86

actionadmin_enqueue_scriptsspotlightr.php:87

actionadmin_enqueue_scriptsspotlightr.php:88

filterlearndash_settings_fieldsspotlightr.php:91

actionadmin_enqueue_scriptsspotlightr.php:92

actionadmin_enqueue_scriptsspotlightr.php:214

actionadmin_enqueue_scriptsspotlightr.php:671

actionadmin_enqueue_scriptsspotlightr.php:683

actionadmin_enqueue_scriptsspotlightr.php:695

Maintenance & Trust

Spotlightr Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 4, 2025

PHP min version7.0

Downloads8K

Community Trust

Rating100/100

Number of ratings2

Active installs200

Alternatives

Spotlightr Alternatives

FastPix.io

fastpix-io

100

Upload, manage, and embed videos using FastPix.io's powerful video hosting platform directly from your WordPress dashboard.

0 No CVEs

Jetpack VideoPress

jetpack-videopress

100

The finest video hosting for WordPress. Drag and drop videos through the WordPress editor and keep the focus on your content, not the ads.

7K No CVEs

SmartVideo – Video Player and CDN

smartvideo

100

Lightweight HTML5 video player and video hosting with CDN built for WordPress

1K No CVEs

HLS Player

hls-player

HLS Player is a lightweight HTTP Live Streaming player for WordPress, using video.js for easy embedding HLS videos into posts and pages.

600 1 CVE

Mux Video Uploader

2coders-integration-mux-video

100

The Mux Video Uploader for WordPress by 2Coders simplifies video uploads, video streaming, and video management.

80 No CVEs

Developer Profile

Spotlightr Developer Profile

Bill Zimmerman

3 plugins · 310 total installs

trust score

Avg Security Score

87/100

Avg Patch Time

42 days

View full developer profile

Detection Fingerprints

How We Detect Spotlightr

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/spotlightr/resources/js/videolist-ld.js/wp-content/plugins/spotlightr/resources/js/spotlightr-video-block.js/wp-content/plugins/spotlightr/resources/js/spotlightr-playlist-block.js/wp-content/plugins/spotlightr/resources/js/spotlightr-quiz-block.js/wp-content/plugins/spotlightr/resources/js/spotlightr-gallery-block.js/wp-content/plugins/spotlightr/resources/js/admin-scripts.js/wp-content/plugins/spotlightr/resources/js/spotlightr-blocks.js/wp-content/plugins/spotlightr/resources/js/spotlightr-api.js+2 more

Script Paths

Version Parameters

spotlightr/resources/js/videolist-ld.js?ver=spotlightr/resources/js/spotlightr-video-block.js?ver=spotlightr/resources/js/spotlightr-playlist-block.js?ver=spotlightr/resources/js/spotlightr-quiz-block.js?ver=spotlightr/resources/js/spotlightr-gallery-block.js?ver=spotlightr/resources/js/admin-scripts.js?ver=spotlightr/resources/js/spotlightr-blocks.js?ver=spotlightr/resources/js/spotlightr-api.js?ver=spotlightr/resources/css/spotlightr.css?ver=spotlightr/resources/css/spotlightr.admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

spotlightr-admin-wrapperspotlightr-settings-pagespotlightr-video-listspotlightr-gallery-listspotlightr-quiz-listspotlightr-playlist-listspotlightr-modalspotlightr-modal-content+14 more

HTML Comments

+1 more

Data Attributes

data-spotlightr-video-iddata-spotlightr-playlist-iddata-spotlightr-quiz-iddata-spotlightr-gallery-iddata-spotlightr-modal-targetdata-spotlightr-ajax-action

JS Globals

spotlightrspotlightrInfo

REST Endpoints

/wp-json/spotlightr/v1/videos/wp-json/spotlightr/v1/playlists/wp-json/spotlightr/v1/quizzes/wp-json/spotlightr/v1/galleries

Shortcode Output

[spotlightr_video][spotlightr_playlist][spotlightr_quiz][spotlightr_gallery]

FAQ

Spotlightr Security & Risk Analysis

Is Spotlightr Safe to Use in 2026?

Generally Safe

Key Concerns

Spotlightr Security Vulnerabilities

CVEs by Year

Severity Breakdown

Spotlightr Release Timeline

Spotlightr Code Analysis

Output Escaping

Spotlightr Attack Surface

AJAX Handlers 6

Shortcodes 4

Spotlightr Maintenance & Trust

Maintenance Signals

Community Trust

Spotlightr Alternatives

FastPix.io

Jetpack VideoPress

SmartVideo – Video Player and CDN

HLS Player

Mux Video Uploader

Spotlightr Developer Profile

How We Detect Spotlightr

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Spotlightr