WP-Safety

Video Share VOD – Turnkey Video Site Builder Script Security & Risk Analysis

wordpress.org/plugins/video-share-vod

Build your own VOD platform with Video Share VOD, featuring extensive video management, monetization, and HTML5 support.

60 active installs v3.1.1 PHP 7.4+ WP 5.1+ Updated Feb 27, 2026
ffmpegsharevideovideowhispervod
92
A · Safe
CVEs total5
Unpatched0
Last CVEFeb 17, 2026
Plugin page Download
Safety Verdict

Is Video Share VOD – Turnkey Video Site Builder Script Safe to Use in 2026?

Generally Safe

Score 92/100

Video Share VOD – Turnkey Video Site Builder Script has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Feb 17, 2026Updated 1mo ago
Risk Assessment

The video-share-vod plugin v3.1.1 presents a mixed security posture. While it demonstrates good practices with a high percentage of SQL prepared statements and properly escaped outputs, significant concerns arise from its attack surface and historical vulnerability patterns. A substantial number of AJAX handlers (9 out of 10) lack authentication checks, creating potential entry points for unauthorized actions. The taint analysis reveals two high-severity flows with unsanitized paths, which could lead to serious security issues if exploited. The plugin's history of five known CVEs, including a high-severity one, and the recent vulnerability dating to 2026, suggest a recurring pattern of exploitable weaknesses. Although there are currently no unpatched vulnerabilities, the plugin's track record and the identified code-level risks indicate a need for caution and diligent security management.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Known CVEs (historically)
  • Dangerous functions found (exec, unserialize)
  • Limited nonce checks
Vulnerabilities
5

Video Share VOD – Turnkey Video Site Builder Script Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
3 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
4

5 total CVEs

CVE-2025-13727medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Video Share VOD <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values

Feb 17, 2026 Patched in 2.7.12 (1d)
CVE-2025-7812high · 8.8Cross-Site Request Forgery (CSRF)

Video Share VOD – Turnkey Video Site Builder Script <= 2.7.6 - Cross-Site Request Forgery to Command Injection

Aug 27, 2025 Patched in 2.7.7 (1d)
CVE-2025-26583medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Video Share VOD <= 2.7.9 - Reflected Cross-Site Scripting

Mar 12, 2025 Patched in 2.7.10 (254d)
CVE-2024-13393medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Video Share VOD – Turnkey Video Site Builder Script <= 2.6.31 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 17, 2025 Patched in 2.6.32 (1d)
CVE-2024-12449medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Video Share VOD – Turnkey Video Site Builder Script <= 2.6.30 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 17, 2024 Patched in 2.6.31 (1d)
Code Analysis
Analyzed Mar 16, 2026

Video Share VOD – Turnkey Video Site Builder Script Code Analysis

Dangerous Functions
29
Raw SQL Queries
1
15 prepared
Unescaped Output
113
813 escaped
Nonce Checks
6
Capability Checks
13
File Operations
57
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

execif ( exec( 'echo EXEC' ) == 'EXEC' ) {inc\options.php:714
execexec( escapeshellcmd( $cmd ), $output, $returnvalue );inc\options.php:728
execexec( escapeshellcmd( $cmd ), $output, $returnvalue );inc\options.php:737
execexec( escapeshellcmd( $cmd ), $output, $returnvalue );inc\options.php:780
unserialize$spaceStats = unserialize( $meta );inc\options.php:861
execif ( exec( 'echo EXEC' ) == 'EXEC' ) {inc\options.php:2030
execexec( escapeshellcmd( $cmd ), $output, $returnvalue );inc\options.php:2044
execif ( exec( 'echo EXEC' ) == 'EXEC' ) {inc\options.php:2230
execexec( escapeshellcmd( $cmd ), $output, $returnvalue );inc\options.php:2244
execexec( escapeshellcmd( $cmd ), $output, $returnvalue );inc\options.php:2253
execexec( escapeshellcmd( $cmd ), $output, $returnvalue );inc\options.php:2294
execexec( escapeshellcmd( $cmd ), $output, $returnvalue );inc\options.php:2380
execif ( exec( 'echo EXEC' ) == 'EXEC' ) {inc\options.php:2407
execexec( escapeshellcmd( $cmd ), $output, $returnvalue );inc\options.php:2431
execexec( escapeshellcmd( $cmd ), $output, $returnvalue );inc\options.php:2440
execexec( escapeshellcmd( $cmd ), $output, $returnvalue );inc\options.php:2520
unserialize$videoAlts = unserialize( $videoAdaptive );video-share-vod.php:1778
execexec( escapeshellcmd( "echo '$cmd' >> $cmdPath" ), $output, $returnvalue );video-share-vod.php:2023
execexec( escapeshellcmd( "echo '$cmdH' >> $cmdPath" ), $output, $returnvalue );video-share-vod.php:2077
execexec( escapeshellcmd( "echo '$cmd' >> $cmdPath" ), $output, $returnvalue );video-share-vod.php:2102
execexec( $cmd, $output, $returnvalue );video-share-vod.php:2146
unserializereturn unserialize( file_get_contents( $path ) );video-share-vod.php:2167
execexec( $cmd, $output, $returnvalue );video-share-vod.php:2198
execexec( $cmd, $output, $returnvalue );video-share-vod.php:2228
execexec( $cmd, $output, $returnvalue );video-share-vod.php:2297
execexec( escapeshellcmd( "echo '$cmd' >> $cmdPath" ), $output, $returnvalue );video-share-vod.php:2300
execexec( $cmd, $output, $returnvalue );video-share-vod.php:2522
execexec( escapeshellcmd( "echo '$info' >> $logPath" ), $output, $returnvalue );video-share-vod.php:2526
execexec( escapeshellcmd( "echo '$cmd' >> $cmdPath" ), $output, $returnvalue );video-share-vod.php:2529

SQL Query Safety

94% prepared16 total queries

Output Escaping

88% escaped926 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

11 flows3 with unsanitized paths
adminManage (inc\options.php:1044)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
9 unprotected

Video Share VOD – Turnkey Video Site Builder Script Attack Surface

Entry Points23
Unprotected9

AJAX Handlers 10

authwp_ajax_vwvs_videosvideo-share-vod.php:524
noprivwp_ajax_vwvs_videosvideo-share-vod.php:525
authwp_ajax_vwvs_playlist_m3uvideo-share-vod.php:528
noprivwp_ajax_vwvs_playlist_m3uvideo-share-vod.php:529
authwp_ajax_vwvs_embedvideo-share-vod.php:531
noprivwp_ajax_vwvs_embedvideo-share-vod.php:532
authwp_ajax_vwvs_mbrvideo-share-vod.php:534
noprivwp_ajax_vwvs_mbrvideo-share-vod.php:535
authwp_ajax_vwvs_uploadvideo-share-vod.php:540
authwp_ajax_vwvs_pluploadvideo-share-vod.php:541

Shortcodes 13

[videowhisper_plupload] video-share-vod.php:503
[videowhisper_player] video-share-vod.php:505
[videowhisper_videos] video-share-vod.php:506
[videowhisper_upload] video-share-vod.php:507
[videowhisper_preview] video-share-vod.php:508
[videowhisper_player_html] video-share-vod.php:509
[videowhisper_import] video-share-vod.php:510
[videowhisper_playlist] video-share-vod.php:511
[videowhisper_embed_code] video-share-vod.php:513
[videowhisper_postvideos] video-share-vod.php:515
[videowhisper_postvideos_process] video-share-vod.php:516
[videowhisper_postvideo_assign] video-share-vod.php:518
[videowhisper_embed] video-share-vod.php:520
WordPress Hooks 30
filterwp_get_attachment_image_srcvideo-share-vod.php:455
filterwp_get_attachment_urlvideo-share-vod.php:456
actionwp_enqueue_scriptsvideo-share-vod.php:458
filterthe_contentvideo-share-vod.php:464
filterthe_contentvideo-share-vod.php:467
actionload-post.phpvideo-share-vod.php:470
actionload-post-new.phpvideo-share-vod.php:471
filterpre_get_postsvideo-share-vod.php:474
filterrequestvideo-share-vod.php:478
actionadmin_headvideo-share-vod.php:481
filterparse_queryvideo-share-vod.php:483
actionbefore_delete_postvideo-share-vod.php:485
filterthe_contentvideo-share-vod.php:490
filterthe_contentvideo-share-vod.php:495
filterthe_contentvideo-share-vod.php:499
filterquery_varsvideo-share-vod.php:537
filtervw_ls_manage_channelvideo-share-vod.php:553
filtervw_ls_manage_channels_headvideo-share-vod.php:554
actionadd_meta_boxesvideo-share-vod.php:3264
actionsave_postvideo-share-vod.php:3267
actioninitvideo-share-vod.php:3671
actionadmin_menuvideo-share-vod.php:3672
actionadmin_bar_menuvideo-share-vod.php:3673
actionplugins_loadedvideo-share-vod.php:3675
actionparse_requestvideo-share-vod.php:3677
filterarchive_templatevideo-share-vod.php:3680
filtercron_schedulesvideo-share-vod.php:3684
actioncron_4min_eventvideo-share-vod.php:3685
actioninitvideo-share-vod.php:3687
filtersingle_templatevideo-share-vod.php:3690

Scheduled Events 1

cron_4min_event
Maintenance & Trust

Video Share VOD – Turnkey Video Site Builder Script Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 27, 2026
PHP min version7.4
Downloads86K

Community Trust

Rating46/100
Number of ratings12
Active installs60
Alternatives

Video Share VOD – Turnkey Video Site Builder Script Alternatives

VOD Infomaniak

VOD Infomaniak

vod-infomaniak

A
95

Easily embed and manage videos from Infomaniak VOD in your posts, comments and RSS feeds. You need an Infomaniak VOD account to use this plugin.

20K 4 CVEs
Open Beacon MP4 Conversion and Compression

Open Beacon MP4 Conversion and Compression

open-beacon-mp4-conversion-and-compression

A
85

Easily convert video to MP4 and compress existing MP4 files to smaller sizes for WordPress media or to save locally for a variety of other uses.

70 No CVEs
HTML5 Webcam/Screen/Mic Recorder for Video Comments and Forms

HTML5 Webcam/Screen/Mic Recorder for Video Comments and Forms

video-comments-webcam-recorder

A
92

Easily add webcam, screen, and mic recordings to WordPress comments and forms with this shortcode-enabled plugin for video and audio submissions.

60 1 CVE
Press Tube

Press Tube

press-tube

A
85

With Press Tube you can easily access to YouTube content directly from your site administration panel.

50 No CVEs
Spreebie Transcoder – Resize, Compress and Store Video

Spreebie Transcoder – Resize, Compress and Store Video

spreebie-transcoder

A
85

SPREEBIE TRANSCODER is a WordPress plugin that resizes, compresses and stores MP4 video via FFmpeg and Google Cloud Storage.

40 No CVEs
Developer Profile

Video Share VOD – Turnkey Video Site Builder Script Developer Profile

videowhisper

12 plugins · 1K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
1072 days
View full developer profile
Detection Fingerprints

How We Detect Video Share VOD – Turnkey Video Site Builder Script

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/video-share-vod/inc/css/video-share-vod.css/wp-content/plugins/video-share-vod/inc/css/video-share-vod-admin.css/wp-content/plugins/video-share-vod/inc/js/video-share-vod-admin.js/wp-content/plugins/video-share-vod/inc/js/video-share-vod.js
Script Paths
/wp-content/plugins/video-share-vod/inc/js/video-share-vod.js/wp-content/plugins/video-share-vod/inc/js/video-share-vod-admin.js
Version Parameters
video-share-vod/inc/css/video-share-vod.css?ver=video-share-vod/inc/css/video-share-vod-admin.css?ver=video-share-vod/inc/js/video-share-vod-admin.js?ver=video-share-vod/inc/js/video-share-vod.js?ver=

HTML / DOM Fingerprints

CSS Classes
video-share-vod
Data Attributes
data-plugin="video-share-vod"
JS Globals
videoShareVOD_js
Shortcode Output
[video id="[vod_browse][vod_featured][vod_latest]
FAQ

Frequently Asked Questions about Video Share VOD – Turnkey Video Site Builder Script