WP-Safety

Transcoder Security & Risk Analysis

wordpress.org/plugins/transcoder

Transcoding services for ANY WordPress website. Convert audio/video files of any format to a web-friendly format (mp3/mp4).

500 active installs v1.4.1 PHP + WP 4.1+ Updated Aug 22, 2025
audiomediamultimediamusicsongs
98
A · Safe
CVEs total2
Unpatched0
Last CVEAug 27, 2025
Plugin page Download
Safety Verdict

Is Transcoder Safe to Use in 2026?

Generally Safe

Score 98/100

Transcoder has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 27, 2025Updated 7mo ago
Risk Assessment

The "transcoder" v1.4.1 plugin demonstrates several strong security practices. The static analysis reveals a robust approach to handling data, with all SQL queries utilizing prepared statements and a high percentage of output escaping. Furthermore, the presence of nonce and capability checks on most entry points, coupled with zero identified critical or high severity taint flows, suggests a well-engineered codebase that actively prevents common web vulnerabilities.

However, the plugin's vulnerability history presents a notable concern. Two medium severity CVEs have been recorded, specifically related to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). While currently unpatched, the existence of past vulnerabilities, especially of this nature, indicates that the plugin has been susceptible to attacks that could compromise user data or site integrity. The lack of any reported vulnerabilities in recent history (with the last recorded being in the future, which is likely a data anomaly) is positive, but the historical pattern warrants caution.

In conclusion, "transcoder" v1.4.1 has a fundamentally good security posture due to its secure coding practices regarding SQL and output handling. The limited attack surface and secure entry points are commendable. The primary weakness lies in its past vulnerability history, which indicates a potential for exploitable flaws. Users should remain vigilant and ensure the plugin is kept up-to-date with any available patches.

Key Concerns

  • Past medium severity CVEs (XSS, CSRF)
  • Two past CVEs indicate potential weaknesses
Vulnerabilities
2

Transcoder Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-58209medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Transcoder <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 27, 2025 Patched in 1.4.1 (8d)
CVE-2024-31305medium · 4.3Cross-Site Request Forgery (CSRF)

Transcoder <= 1.3.5 - Cross-Site Request Forgery

Apr 5, 2024 Patched in 1.3.6 (7d)
Code Analysis
Analyzed Mar 16, 2026

Transcoder Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
10 prepared
Unescaped Output
10
168 escaped
Nonce Checks
6
Capability Checks
7
File Operations
0
External Requests
6
Bundled Libraries
0

SQL Query Safety

100% prepared10 total queries

Output Escaping

94% escaped178 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
retranscode_interface (admin\rt-retranscode-admin.php:277)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Transcoder Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 5

authwp_ajax_retranscodemediaadmin\rt-retranscode-admin.php:69
authwp_ajax_transcoder_hide_admin_noticeadmin\rt-transcoder-admin.php:114
authwp_ajax_checkstatusadmin\rt-transcoder-functions.php:907
authwp_ajax_rt_disable_transcodingadmin\rt-transcoder-handler.php:183
authwp_ajax_rt_enable_transcodingadmin\rt-transcoder-handler.php:184

Shortcodes 1

[rt_media] admin\rt-transcoder-functions.php:154
WordPress Hooks 74
actionadmin_menuadmin\rt-retranscode-admin.php:67
actionadmin_enqueue_scriptsadmin\rt-retranscode-admin.php:68
filtermedia_row_actionsadmin\rt-retranscode-admin.php:70
actionadmin_head-upload.phpadmin\rt-retranscode-admin.php:71
actionadmin_action_bulk_retranscode_mediaadmin\rt-retranscode-admin.php:72
actionadmin_action_-1admin\rt-retranscode-admin.php:73
actionrtt_before_thumbnail_storeadmin\rt-retranscode-admin.php:74
actionrtt_before_transcoded_media_storeadmin\rt-retranscode-admin.php:75
actiontranscoded_thumbnails_addedadmin\rt-retranscode-admin.php:76
actionrtt_handle_callback_finishedadmin\rt-retranscode-admin.php:77
filteramp_story_allowed_video_typesadmin\rt-retranscode-admin.php:78
filterrender_blockadmin\rt-retranscode-admin.php:79
actionrest_api_initadmin\rt-retranscode-admin.php:98
filterposts_whereadmin\rt-retranscode-admin.php:318
actioninitadmin\rt-retranscode-admin.php:1017
actionrtmedia_add_edit_tab_titleadmin\rt-transcoder-actions.php:50
actionrtmedia_add_edit_tab_contentadmin\rt-transcoder-actions.php:163
actionrtmedia_after_update_mediaadmin\rt-transcoder-actions.php:207
actiontranscoded_thumb_addedadmin\rt-transcoder-actions.php:233
actionadmin_enqueue_scriptsadmin\rt-transcoder-admin.php:71
actionadmin_noticesadmin\rt-transcoder-admin.php:72
actionnetwork_admin_noticesadmin\rt-transcoder-admin.php:74
filterattachment_fields_to_editadmin\rt-transcoder-admin.php:77
filterattachment_fields_to_saveadmin\rt-transcoder-admin.php:78
actionadmin_noticesadmin\rt-transcoder-admin.php:79
actionadmin_menuadmin\rt-transcoder-admin.php:84
actionadmin_initadmin\rt-transcoder-admin.php:85
actioninitadmin\rt-transcoder-admin.php:91
actionnetwork_admin_noticesadmin\rt-transcoder-admin.php:94
actionnetwork_admin_enqueue_scriptsadmin\rt-transcoder-admin.php:95
actionadmin_noticesadmin\rt-transcoder-admin.php:97
actionadmin_enqueue_scriptsadmin\rt-transcoder-admin.php:98
actionnetwork_admin_noticesadmin\rt-transcoder-admin.php:111
actionadmin_noticesadmin\rt-transcoder-admin.php:113
actionadmin_headadmin\rt-transcoder-admin.php:116
filterwp_mediaelement_fallbackadmin\rt-transcoder-admin.php:118
filtermedia_send_to_editoradmin\rt-transcoder-functions.php:429
filterbp_get_activity_content_bodyadmin\rt-transcoder-functions.php:566
actiondelete_attachmentadmin\rt-transcoder-functions.php:639
filtermanage_media_columnsadmin\rt-transcoder-functions.php:755
actionmanage_media_custom_columnadmin\rt-transcoder-functions.php:795
filtermanage_upload_sortable_columnsadmin\rt-transcoder-functions.php:813
actionwp_enqueue_scriptsadmin\rt-transcoder-functions.php:841
actionadmin_enqueue_scriptsadmin\rt-transcoder-functions.php:843
actionenqueue_block_editor_assetsadmin\rt-transcoder-functions.php:845
actionwp_enqueue_scriptsadmin\rt-transcoder-functions.php:863
actionrtmedia_actions_before_descriptionadmin\rt-transcoder-functions.php:981
filterrtmedia_single_content_filteradmin\rt-transcoder-functions.php:1019
filterwp_generate_attachment_metadataadmin\rt-transcoder-functions.php:1052
actionrt_transcoder_before_widgetsadmin\rt-transcoder-handler.php:135
actionadmin_initadmin\rt-transcoder-handler.php:138
filterrtmedia_allowed_typesadmin\rt-transcoder-handler.php:146
filterwp_generate_attachment_metadataadmin\rt-transcoder-handler.php:166
filterrtmedia_plupload_files_filteradmin\rt-transcoder-handler.php:173
filterrtmedia_allowed_typesadmin\rt-transcoder-handler.php:174
filterrtmedia_valid_type_checkadmin\rt-transcoder-handler.php:175
actioninitadmin\rt-transcoder-handler.php:182
actionadd_attachmentadmin\rt-transcoder-handler.php:185
filterwp_mail_content_typeadmin\rt-transcoder-handler.php:423
filterwp_mail_content_typeadmin\rt-transcoder-handler.php:453
actionnetwork_admin_noticesadmin\rt-transcoder-handler.php:474
actionadmin_noticesadmin\rt-transcoder-handler.php:477
actionnetwork_admin_noticesadmin\rt-transcoder-handler.php:480
actionadmin_noticesadmin\rt-transcoder-handler.php:483
actionnetwork_admin_noticesadmin\rt-transcoder-handler.php:486
actionadmin_noticesadmin\rt-transcoder-handler.php:489
filterupload_diradmin\rt-transcoder-handler.php:835
filterupload_diradmin\rt-transcoder-handler.php:981
filterwp_mail_content_typeadmin\rt-transcoder-handler.php:1043
filterwp_mail_content_typeadmin\rt-transcoder-handler.php:1197
filterwp_mail_content_typeadmin\rt-transcoder-handler.php:1266
filterwp_mail_content_typeadmin\rt-transcoder-handler.php:1401
filterplugin_action_linksrt-transcoder.php:100
filternetwork_admin_plugin_action_linksrt-transcoder.php:101
Maintenance & Trust

Transcoder Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 22, 2025
PHP min version
Downloads87K

Community Trust

Rating72/100
Number of ratings8
Active installs500
Alternatives

Transcoder Alternatives

rtMedia for WordPress, BuddyPress and bbPress

rtMedia for WordPress, BuddyPress and bbPress

buddypress-media

B
75

Add albums, photo, audio/video upload, privacy, sharing, front-end uploads & more. All this works on mobile/tablets devices.

8K 12 CVEs
Featured Audio

Featured Audio

featured-audio

A
92

Add featured audio to your posts and pages, like featured images.

500 No CVEs
Harmonia

Harmonia

harmonia

A
85

Harmonia turns any link to an MP3 or M4A file into a minimalist inline audio player.

20 No CVEs
DJ Player

DJ Player

dj-player

A
85

Fully responsive music player with tracklist.

10 No CVEs
Pandora Feeds for WordPress

Pandora Feeds for WordPress

pandora-feeds-for-wordpress

A
85

Inspired by and building upon the great work of Jean-Paul Franssen, who developed a wordpress-sidebar-widget to display feeds coming from Pandora, I h &hellip;

10 No CVEs
Developer Profile

Transcoder Developer Profile

rtCamp

19 plugins · 119K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
883 days
View full developer profile
Detection Fingerprints

How We Detect Transcoder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/transcoder/css/rt-transcoder-admin.css/wp-content/plugins/transcoder/js/rt-transcoder-admin.js/wp-content/plugins/transcoder/admin/js/rt-retranscode-admin.js/wp-content/plugins/transcoder/admin/js/retranscode-media.js/wp-content/plugins/transcoder/admin/js/custom-functions.js/wp-content/plugins/transcoder/admin/js/rt-transcoder-media.js/wp-content/plugins/transcoder/admin/js/rt-transcoder-settings.js
Script Paths
/wp-content/plugins/transcoder/js/rt-transcoder-admin.js/wp-content/plugins/transcoder/admin/js/rt-retranscode-admin.js/wp-content/plugins/transcoder/admin/js/retranscode-media.js/wp-content/plugins/transcoder/admin/js/custom-functions.js/wp-content/plugins/transcoder/admin/js/rt-transcoder-media.js/wp-content/plugins/transcoder/admin/js/rt-transcoder-settings.js
Version Parameters
transcoder/css/rt-transcoder-admin.css?ver=transcoder/js/rt-transcoder-admin.js?ver=transcoder/admin/js/rt-retranscode-admin.js?ver=transcoder/admin/js/retranscode-media.js?ver=transcoder/admin/js/custom-functions.js?ver=transcoder/admin/js/rt-transcoder-media.js?ver=transcoder/admin/js/rt-transcoder-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
rt-transcoder-settings-wraprt-transcoder-usage-infort-transcoder-retranscode-table
HTML Comments
<!-- START rt-transcoder --><!-- END rt-transcoder --><!--rt-transcoder-admin-settings-page-->
Data Attributes
data-transcoder-iddata-rt-transcoder-action
JS Globals
rt_transcoder_admin_paramsrt_transcoder_retranscode_params
REST Endpoints
/wp-json/transcoder/v1/retranscode/wp-json/transcoder/v1/settings
FAQ

Frequently Asked Questions about Transcoder