Video Reviews / Video Widget Security & Risk Analysis
wordpress.org/plugins/video-reviewsTransform your website with engaging video content. Add a powerful Video Reviews widget to your footer and boost conversions instantly.
Is Video Reviews / Video Widget Safe to Use in 2026?
Generally Safe
Score 92/100Video Reviews / Video Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "video-reviews" plugin v1.5.4 exhibits a concerning security posture due to a significant unprotected entry point. While the plugin demonstrates good practices by not using dangerous functions, performing all SQL queries with prepared statements, and having no recorded vulnerabilities, the presence of a single REST API route without permission callbacks represents a direct attack vector. This unprotected endpoint could potentially be leveraged for unauthorized actions or data manipulation if it handles any sensitive operations, even if not immediately apparent from the static analysis. The lack of nonce and capability checks on this route exacerbates the risk.
Despite the absence of known CVEs and a clean vulnerability history, which is a positive indicator of developer diligence, the static analysis highlights a critical oversight in its exposed REST API. The 50% output escaping rate also suggests potential for cross-site scripting (XSS) vulnerabilities if the unescaped outputs involve user-controlled data. In conclusion, while the plugin has strengths in its SQL handling and lack of historical issues, the unprotected REST API endpoint is a major weakness that requires immediate attention to mitigate potential security risks.
Key Concerns
- REST API route without permission callbacks
- Unescaped output rate is 50%
- No nonce checks
- No capability checks
Video Reviews / Video Widget Security Vulnerabilities
Video Reviews / Video Widget Code Analysis
Bundled Libraries
Output Escaping
Video Reviews / Video Widget Attack Surface
REST API Routes 1
WordPress Hooks 11
Maintenance & Trust
Video Reviews / Video Widget Maintenance & Trust
Maintenance Signals
Community Trust
Video Reviews / Video Widget Alternatives
Video PopUp
video-popup
The ultimate Video Popup plugin for WordPress. Create unlimited and responsive popups for YouTube, Vimeo, MP4 & WebM videos on click or On-Page Load.
WP Video Popup – WordPress Video Lightbox for YouTube, Rumble & Vimeo
responsive-youtube-vimeo-popup
WP Video Popup lets you add a responsive YouTube, Rumble or Vimeo video lightbox to any page, post or custom post type of your website.
Video Popup for Elementor – WPTD
wptd-video-popup
Simple video popup plugin for elementor. You can make video lightbox popup in elementor. YouTube, Vimeo videos are supported.
Post Featured Video
post-featured-video
Post Featured Video is a very nifty responsive video plugin that helps your users to see a YouTube or Vimeo video or Custom HTML MP4 video
Video Lightbox For Guten Blocks
video-lightbox-for-guten-blocks
Elevate WordPress with "Video Lightbox for Guten Blocks". Streamline video embedding effortlessly for engaging content.
Video Reviews / Video Widget Developer Profile
2 plugins · 200 total installs
How We Detect Video Reviews / Video Widget
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/video-reviews/build/admin.js/wp-content/plugins/video-reviews/build/adminStyle.cssvideo-reviews/build/admin.jsvideo-reviews/build/adminStyle.cssvideo-reviews/build/admin.js?ver=video-reviews/build/adminStyle.css?ver=HTML / DOM Fingerprints
warningdata-targetvd_rv