WP-Safety

Twitch Player Security & Risk Analysis

wordpress.org/plugins/ttv-easy-embed-player

Twitch streams for your WordPress website - Twitch Player unlocks a compact, cinema-style layout, great for embedded stream experience.

200 active installs v2.1.3 PHP + WP 5.0+ Updated Jun 14, 2023
twitchtwitch-apitwitch-embedtwitch-streamstwitch-tv
61
C · Use Caution
CVEs total2
Unpatched1
Last CVEDec 19, 2025
Plugin page Download
Safety Verdict

Is Twitch Player Safe to Use in 2026?

Use With Caution

Score 61/100

Twitch Player has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

2 known CVEs 1 unpatched Last CVE: Dec 19, 2025Updated 2yr ago
Risk Assessment

The 'ttv-easy-embed-player' plugin version 2.1.3 presents a mixed security posture. On the positive side, the static analysis reveals a strong adherence to several security best practices. There are no observed dangerous functions, no raw SQL queries (all use prepared statements), no file operations, and no external HTTP requests, which significantly reduces the potential for common web vulnerabilities. The presence of numerous nonce and capability checks also indicates an effort to implement authorization. However, a concerning aspect is the presence of two known CVEs, with one remaining unpatched. These historical vulnerabilities include medium-severity Cross-Site Scripting and Missing Authorization issues, suggesting a pattern of past security weaknesses that require vigilant patching. While the current code analysis shows no active unsanitized taint flows, the historical pattern of vulnerabilities and the presence of an unpatched CVE are the most significant risk factors. The plugin's limited attack surface (two shortcodes) is a strength, but the historical context overshadows this. Users should be aware of the unpatched vulnerability and consider the plugin's past security record.

Key Concerns

  • Unpatched CVE found
  • Medium severity CVEs in history
  • 2 known CVEs in history
  • Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
  • Missing Authorization vulnerability history
  • 88% of outputs properly escaped
Vulnerabilities
2

Twitch Player Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-68565medium · 5.3Missing Authorization

Twitch Player <= 2.1.3 - Missing Authorization

Dec 19, 2025Unpatched
CVE-2023-25464medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Twitch Player <= 2.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Feb 13, 2023 Patched in 2.1.1 (344d)
Code Analysis
Analyzed Mar 16, 2026

Twitch Player Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
13
100 escaped
Nonce Checks
5
Capability Checks
13
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

88% escaped113 total outputs
Attack Surface

Twitch Player Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[getTwitchPlayer] public\class-streamweasels-player-pro-public.php:105
[getTwitchPlayerPro] public\class-streamweasels-player-pro-public.php:106
WordPress Hooks 35
actionplugins_loadedincludes\class-streamweasels-player-pro.php:147
actionadmin_menuincludes\class-streamweasels-player-pro.php:163
actionadmin_enqueue_scriptsincludes\class-streamweasels-player-pro.php:164
actionadmin_enqueue_scriptsincludes\class-streamweasels-player-pro.php:165
actiontgmpa_registerincludes\class-streamweasels-player-pro.php:166
filterswti_twitch_layout_optionsincludes\class-streamweasels-player-pro.php:167
actionwp_enqueue_scriptsincludes\class-streamweasels-player-pro.php:182
actionwp_enqueue_scriptsincludes\class-streamweasels-player-pro.php:183
actioninitincludes\class-streamweasels-player-pro.php:184
actioninitincludes\class-streamweasels-tgmpa.php:268
filterload_textdomain_mofileincludes\class-streamweasels-tgmpa.php:269
actioninitincludes\class-streamweasels-tgmpa.php:272
actionadmin_menuincludes\class-streamweasels-tgmpa.php:421
actionadmin_headincludes\class-streamweasels-tgmpa.php:422
filterinstall_plugin_complete_actionsincludes\class-streamweasels-tgmpa.php:425
filterupdate_plugin_complete_actionsincludes\class-streamweasels-tgmpa.php:426
actionadmin_noticesincludes\class-streamweasels-tgmpa.php:429
actionadmin_initincludes\class-streamweasels-tgmpa.php:430
actionadmin_enqueue_scriptsincludes\class-streamweasels-tgmpa.php:431
actionload-plugins.phpincludes\class-streamweasels-tgmpa.php:436
actionswitch_themeincludes\class-streamweasels-tgmpa.php:439
actionswitch_themeincludes\class-streamweasels-tgmpa.php:442
actionadmin_initincludes\class-streamweasels-tgmpa.php:447
actionswitch_themeincludes\class-streamweasels-tgmpa.php:452
actionload_textdomain_mofileincludes\class-streamweasels-tgmpa.php:475
filterupgrader_source_selectionincludes\class-streamweasels-tgmpa.php:889
actionplugins_loadedincludes\class-streamweasels-tgmpa.php:2112
filtertgmpa_table_data_itemsincludes\class-streamweasels-tgmpa.php:2236
filterupgrader_source_selectionincludes\class-streamweasels-tgmpa.php:2977
actionadmin_initincludes\class-streamweasels-tgmpa.php:3147
actionupgrader_process_completeincludes\class-streamweasels-tgmpa.php:3242
filterupgrader_post_installincludes\class-streamweasels-tgmpa.php:3301
filterupgrader_post_installincludes\class-streamweasels-tgmpa.php:3446
actionadmin_noticestwitch-player.php:146
actionadmin_inittwitch-player.php:147
Maintenance & Trust

Twitch Player Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedJun 14, 2023
PHP min version
Downloads24K

Community Trust

Rating74/100
Number of ratings6
Active installs200
Alternatives

Twitch Player Alternatives

Twitch Rail

Twitch Rail

ttv-easy-embed

A
85

Twitch streams for your WordPress website - Twitch Rail unlocks a horizontal scrolling layout, to display many streams in a small space.

100 No CVEs
Twitch Wall

Twitch Wall

ttv-easy-embed-wall

A
85

Twitch streams for your WordPress website - Twitch Wall unlocks a classic Twitch layout for displaying many streams at once.

100 No CVEs
StreamWeasels Twitch Integration

StreamWeasels Twitch Integration

streamweasels-twitch-integration

A
96

Embed Twitch streams with our collection of Twitch Blocks and Shortcodes. Works with Block Editor, Classic Editor, and Page Builders.

1K 4 CVEs
TwitchPress

TwitchPress

twitchpress

A
92

Unofficial Twitch.tv power-up for your WordPress!

10 No CVEs
TwitchPress Embed Everything

TwitchPress Embed Everything

twitchpress-embed-everything

A
100

Add the Embed Everything plugin to your blog after installing the core TwitchPress plugin called Channel Solution for Twitch.

10 No CVEs
Developer Profile

Twitch Player Developer Profile

JayBee

7 plugins · 1K total installs

69
trust score
Avg Security Score
85/100
Avg Patch Time
173 days
View full developer profile
Detection Fingerprints

How We Detect Twitch Player

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ttv-easy-embed-player/css/ttv-easy-embed-player.css/wp-content/plugins/ttv-easy-embed-player/js/ttv-easy-embed-player.js
Script Paths
/wp-content/plugins/ttv-easy-embed-player/js/ttv-easy-embed-player.js
Version Parameters
ttv-easy-embed-player/css/ttv-easy-embed-player.css?ver=ttv-easy-embed-player/js/ttv-easy-embed-player.js?ver=

HTML / DOM Fingerprints

CSS Classes
ttv-embed-player-containerttv-video-wrapper
Data Attributes
data-stream-urldata-channel-namedata-video-id
JS Globals
ttvEasyEmbedPlayer
Shortcode Output
[ttv_player channel=[ttv_player video=[ttv_player embed_type=
FAQ

Frequently Asked Questions about Twitch Player