Does Videopack have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Videopack compatible with WordPress 6.9.4?

According to WordPress.org data, Videopack 4.10.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Videopack compatible with PHP 7.2+?

Videopack requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Videopack updated?

Videopack was last updated on Jan 24, 2026. Frequent updates are generally a positive security signal.

What is Videopack's security score?

Videopack has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Videopack Security & Risk Analysis

wordpress.org/plugins/video-embed-thumbnail-generator

Makes video thumbnails, allows resolution switching, and embeds responsive self-hosted videos and galleries.

10K active installs v4.10.5 PHP 7.2+ WP 5.0+ Updated Jan 24, 2026

resolutionsthumbnailvideovideo-galleryvideo-player

A · Safe

CVEs total4

Unpatched0

Last CVEJul 16, 2025

Plugin page Download

Safety Verdict

Is Videopack Safe to Use in 2026?

Generally Safe

Score 95/100

Videopack has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: Jul 16, 2025Updated 3mo ago

Risk Assessment

The 'video-embed-thumbnail-generator' plugin version 4.10.5 exhibits a generally strong security posture, with a significant number of entry points (35) all protected by authentication checks. The static analysis reveals a low number of critical findings, with no unsanitized paths identified in taint analysis and a low percentage of SQL queries not using prepared statements. The plugin also demonstrates good output escaping practices with 88% of outputs properly escaped and a high number of nonce and capability checks. However, the plugin's history of 4 known CVEs, including one high-severity vulnerability and three medium-severity vulnerabilities, indicates a past pattern of exploitable weaknesses. The common vulnerability types also suggest potential for cross-site scripting and code injection, which are serious concerns despite the absence of currently unpatched vulnerabilities and critical taint flows. The bundled Freemius v1.0 library, while not explicitly flagged as outdated in the provided data, could be a potential vector if it contains known vulnerabilities not reflected here.

Key Concerns

History of 4 known CVEs
1 high severity CVE in history
3 medium severity CVEs in history
Bundled library (Freemius v1.0)

Vulnerabilities

4 published

Videopack Security Vulnerabilities

CVEs by Year

2 CVEs in 2012

2012

1 CVE in 2015

2015

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2025-54016medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Videopack <= 4.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 16, 2025 Patched in 4.10.4 (7d)

WF-1d73f773-f084-40da-b18f-8b30b0d0c08a-video-embed-thumbnail-generatormedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

VideoJS (Various Versions) - Cross-Site Scripting

May 14, 2015 Patched in 4.1 (3176d)

CVE-2012-1785high · 7.2Improper Control of Generation of Code ('Code Injection')

Videopack (formerly Video Embed & Thumbnail Generator) < 2.0 - Remote Code Execution

Feb 20, 2012 Patched in 2.0 (4355d)

CVE-2012-1786medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Videopack (formerly Video Embed & Thumbnail Generator) <= 1.1 - Full Path Disclosure

Feb 20, 2012 Patched in 2.0 (4355d)

Version History

Videopack Release Timeline

v4.10.5Current

v4.10.4

v4.10.31 CVE

Videopack Security & Risk Analysis

Is Videopack Safe to Use in 2026?

Generally Safe

Key Concerns

Videopack Security Vulnerabilities

CVEs by Year

Severity Breakdown

Videopack Release Timeline

Videopack Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Videopack Attack Surface

AJAX Handlers 30

Shortcodes 5

Scheduled Events 14

Videopack Maintenance & Trust

Maintenance Signals

Community Trust

Videopack Alternatives

All-in-One Video Gallery

Video Gallery for WooCommerce

Video Gallery YouTube Vimeo

video carousel slider with lightbox

Video Gallery

Videopack Developer Profile

How We Detect Videopack

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Videopack