Does StreamWeasels YouTube Integration have any unpatched vulnerabilities?

No. All known vulnerabilities in StreamWeasels YouTube Integration have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is StreamWeasels YouTube Integration compatible with WordPress 6.8.5?

According to WordPress.org data, StreamWeasels YouTube Integration 1.4.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is StreamWeasels YouTube Integration updated?

StreamWeasels YouTube Integration was last updated on Jul 28, 2025. Frequent updates are generally a positive security signal.

What is StreamWeasels YouTube Integration's security score?

StreamWeasels YouTube Integration has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

StreamWeasels YouTube Integration Security & Risk Analysis

wordpress.org/plugins/streamweasels-youtube-integration

Embed YouTube content on your WordPress site. Easily embed a YouTube channel, shorts, gallery, feed, or live on your website.

1K active installs v1.4.1 PHP + WP 5.0+ Updated Jul 28, 2025

youtubeyoutube-channelyoutube-embedyoutube-liveyoutube-shorts

A · Safe

CVEs total3

Unpatched0

Last CVEJul 28, 2025

Plugin page Download

Safety Verdict

Is StreamWeasels YouTube Integration Safe to Use in 2026?

Generally Safe

Score 97/100

StreamWeasels YouTube Integration has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jul 28, 2025Updated 8mo ago

Risk Assessment

The "streamweasels-youtube-integration" plugin v1.4.1 exhibits a mixed security posture. While it demonstrates good practices in its SQL query handling and a high percentage of properly escaped output, significant concerns arise from its unprotected entry points and past vulnerability history. The presence of several AJAX handlers and REST API routes lacking proper authentication and permission checks creates a substantial attack surface, making it vulnerable to unauthorized actions if exploited.

The static analysis reveals 6 out of 11 total entry points are unprotected, which is a critical weakness. Despite the absence of dangerous functions and raw SQL queries, these unprotected endpoints are prime targets for unauthenticated attackers. The vulnerability history, with 3 past medium-severity Cross-site Scripting (XSS) vulnerabilities, suggests a pattern of input sanitization issues, which could resurface if not diligently addressed.

In conclusion, the plugin has strengths in its secure SQL practices and output escaping. However, the significant number of unprotected entry points and the historical pattern of XSS vulnerabilities indicate a need for immediate attention. The plugin's security is currently compromised by potential unauthorized access and a lingering risk of input validation flaws. The bundled Freemius library, while not explicitly noted as outdated, is a potential area for scrutiny in future analyses.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API routes
Past medium severity XSS vulnerabilities
Bundled library (Freemius v1.0)

Vulnerabilities

StreamWeasels YouTube Integration Security Vulnerabilities

CVEs by Year

2 CVEs in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-7811medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

StreamWeasels YouTube Integration <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 28, 2025 Patched in 1.4.1 (1d)

CVE-2024-11788medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

StreamWeasels YouTube Integration <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 27, 2024 Patched in 1.3.7 (1d)

CVE-2024-10185medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

StreamWeasels YouTube Integration <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-youtube-embed Shortcode

Oct 28, 2024 Patched in 1.3.3 (1d)

Code Analysis

Analyzed Mar 16, 2026

StreamWeasels YouTube Integration Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

348 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

Output Escaping

89% escaped389 total outputs

Attack Surface

6 unprotected

StreamWeasels YouTube Integration Attack Surface

Entry Points11

Unprotected6

AJAX Handlers 4

authwp_ajax_swyi_admin_notice_dismissincludes\class-streamweasels-youtube.php:170

authwp_ajax_swyi_admin_notice_dismiss_for_goodincludes\class-streamweasels-youtube.php:171

authwp_ajax_swyi_get_fresh_noncepublic\class-streamweasels-youtube-public.php:162

noprivwp_ajax_swyi_get_fresh_noncepublic\class-streamweasels-youtube-public.php:163

REST API Routes 3

GET/wp-json/streamweasels-youtube/v1/data/admin\class-streamweasels-youtube-admin.php:55

GET/wp-json/streamweasels-youtube/v1/fetch-videosadmin\class-streamweasels-youtube-admin.php:63

GET/wp-json/streamweasels-youtube/v1/fetch-liveadmin\class-streamweasels-youtube-admin.php:69

Shortcodes 4

[streamweasels-youtube] public\class-streamweasels-youtube-public.php:168

[sw-youtube] public\class-streamweasels-youtube-public.php:169

[sw-youtube-integration] public\class-streamweasels-youtube-public.php:170

[sw-youtube-embed] public\class-streamweasels-youtube-public.php:171

WordPress Hooks 15

actionswyi_cronadmin\class-streamweasels-youtube-admin.php:202

actionplugins_loadedincludes\class-streamweasels-youtube.php:148

actionadmin_noticesincludes\class-streamweasels-youtube.php:163

actionadmin_menuincludes\class-streamweasels-youtube.php:164

actionadmin_enqueue_scriptsincludes\class-streamweasels-youtube.php:165

actionadmin_enqueue_scriptsincludes\class-streamweasels-youtube.php:166

actioninitincludes\class-streamweasels-youtube.php:167

actioninitincludes\class-streamweasels-youtube.php:168

actionrest_api_initincludes\class-streamweasels-youtube.php:169

actionwp_enqueue_scriptsincludes\class-streamweasels-youtube.php:186

actionwp_enqueue_scriptsincludes\class-streamweasels-youtube.php:187

actioninitincludes\class-streamweasels-youtube.php:188

actioninitincludes\class-streamweasels-youtube.php:189

actionwp_footerincludes\class-streamweasels-youtube.php:190

filterpricing/show_annual_in_monthlystreamweasels-youtube.php:76

Scheduled Events 1

swyi_cron

Maintenance & Trust

StreamWeasels YouTube Integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 28, 2025

PHP min version

Downloads22K

Community Trust

Rating100/100

Number of ratings9

Active installs1K

Alternatives

StreamWeasels YouTube Integration Alternatives

Automatic YouTube Gallery

automatic-youtube-gallery

100

Build dynamic video galleries by simply adding a YouTube USERNAME, CHANNEL, PLAYLIST, SEARCH KEYWORDS, or a custom list of video URLs.

9K 1 CVE

Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades

youtube-embed-plus

100

A multi-featured plugin to embed YouTube in WordPress. Embed a video, YouTube channel gallery, playlist, or YouTube livestream. Defer JavaScript too!

100K 1 CVE

Video Gallery – YouTube Playlist, Channel Gallery by YotuWP

yotuwp-easy-youtube-embed

Modern responsive YouTube video gallery helps your website getting noticed from visitors, increase the reach and stand out from the competitors.

20K 5 CVEs

Bubuku Disable Related Videos

bubuku-disable-related-videos

Plugin to disable related YouTube videos that appear at the end of the video when you embed it in Gutenberg

80 No CVEs

Easy Video Publisher

easy-video-publisher

Easy Video Publisher quickly publish YouTube videos, use to Import YouTube videos from one or multiple YouTube channels.

0 No CVEs

Developer Profile

StreamWeasels YouTube Integration Developer Profile

StreamWeasels

4 plugins · 2K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

2 days

View full developer profile

Detection Fingerprints

How We Detect StreamWeasels YouTube Integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/streamweasels-youtube-integration/includes/freemius/assets/css/notice.css/wp-content/plugins/streamweasels-youtube-integration/public/css/streamweasels-youtube-public.css/wp-content/plugins/streamweasels-youtube-integration/public/js/streamweasels-youtube-public.js

Script Paths

/wp-content/plugins/streamweasels-youtube-integration/public/js/streamweasels-youtube-public.js/wp-content/plugins/streamweasels-youtube-integration/includes/freemius/start.php

Version Parameters

streamweasels-youtube-integration/public/css/streamweasels-youtube-public.css?ver=streamweasels-youtube-integration/public/js/streamweasels-youtube-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

swyi-youtube-shorts-container

HTML Comments

Data Attributes

data-swyi-api-keydata-swyi-shortcode-attsdata-swyi-iddata-swyi-video-iddata-swyi-live-iddata-swyi-playlist-id+2 more

JS Globals

SWYI_API_KEY

REST Endpoints

/wp-json/streamweasels-youtube/v1/data//wp-json/streamweasels-youtube/v1/fetch-videos/wp-json/streamweasels-youtube/v1/fetch-live

Shortcode Output

[streamweasels_youtube_shorts][streamweasels_youtube_live][streamweasels_youtube_video][streamweasels_youtube_playlist]

FAQ