[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fY4mIVmihU1fA3P3mnc-nwGQelS7S0OZdzvq-B5P3mhA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":101,"crawl_stats":37,"alternatives":107,"analysis":203,"fingerprints":931},"video-share-vod","Video Share VOD – Turnkey Video Site Builder Script","3.1.1","videowhisper","https:\u002F\u002Fprofiles.wordpress.org\u002Fvideowhisper\u002F","\u003Cp>Launch a fully featured video on demand (VOD) platform with the Video Share VOD plugin. This turnkey solution for WordPress allows users to upload, manage, and publish videos effortlessly. From live streaming integration to advanced video management with FFmpeg support, this plugin offers everything needed to create a modern VOD service like Netflix or Hulu. Enhance your site with capabilities for playlists, ads, and video monetization, ensuring a rich viewing experience on any device.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdemo.videosharevod.com\u002F\" rel=\"nofollow ugc\">Live Video Site Demo\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Benefits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Comprehensive Video Management: Upload, import, and manage videos with powerful tools and user-friendly interfaces.\u003C\u002Fli>\n\u003Cli>HTML5 and HLS Support: Ensures compatibility across all devices and browsers, including mobile platforms.\u003C\u002Fli>\n\u003Cli>Ad Integration: Monetize your videos through HTML5 VAST support for ads, including Google DoubleClick and AdSense.\u003C\u002Fli>\n\u003Cli>Custom Playlists and Taxonomies: Organize videos into playlists and categories, enhancing discoverability and user engagement.\u003C\u002Fli>\n\u003Cli>Interactive Video Features: Allow viewers to rate and review videos, integrating with the Rate Star Review plugin for community feedback.\u003C\u002Fli>\n\u003Cli>Monetization Options: Set up creator subscription models, pay-per-view, and ad-supported structures to generate revenue from your video content.\u003C\u002Fli>\n\u003Cli>Advanced Video Processing: Utilize FFmpeg for video conversions, thumbnail generation, and video previews, ensuring high performance outputs.\u003C\u002Fli>\n\u003Cli>Seamless Integration: Works with BuddyPress for social media capabilities, and other plugins like MicroPayments\u002FFansPaysite for advanced monetization.\u003C\u002Fli>\n\u003Cli>Customizable Access Control: Define who can view or upload content based on user roles or subscription levels, with detailed access lists.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Special Requirements: This plugin requires FFmpeg access on the web host. Main features including generating video snapshots, preview clips, video watermarks, custom HTML5 video conversions, HLS segmentation are not possible without FFmpeg.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>adds video post type to WordPress site\u003C\u002Fli>\n\u003Cli>shortcodes, pages with video site features: browse videos, upload, import\u003C\u002Fli>\n\u003Cli>extracts thumbnail, generates feature image\u003C\u002Fli>\n\u003Cli>generates thumbnail sized short video preview (play on mouse hover)\u003C\u002Fli>\n\u003Cli>extracts info: duration, resolution, bitrate, file size\u003C\u002Fli>\n\u003Cli>multiple playback methods\u003C\u002Fli>\n\u003Cli>playlist taxonomy, listing of videos with rest of posts in categories, tags, searches\u003C\u002Fli>\n\u003Cli>shortcodes for listing videos, displaying player, upload form, import form\u003C\u002Fli>\n\u003Cli>HTML5 VAST (video ad serving template) support for video ads\u003C\u002Fli>\n\u003Cli>HTML5 Google IMA support: DoubleClick & AdSense support\u003C\u002Fli>\n\u003Cli>premium users that don’t see ads\u003C\u002Fli>\n\u003Cli>mass video upload\u003C\u002Fli>\n\u003Cli>mass video import (from server)\u003C\u002Fli>\n\u003Cli>setup user types that can share videos\u003C\u002Fli>\n\u003Cli>pending video \u002F approval for user types that can’t publish directly\u003C\u002Fli>\n\u003Cli>conversion queue for server load control\u003C\u002Fli>\n\u003Cli>configure codecs and encoding options, formats, bitrate\u003C\u002Fli>\n\u003Cli>BuddyPress activity for adding video\u003C\u002Fli>\n\u003Cli>see more \u003Ca href=\"https:\u002F\u002Fvideosharevod.com\u002Ffeatures\u002F\" title=\"Video Share VOD Features\" rel=\"nofollow ugc\">Video Share VOD Features\u003C\u002Fa> …\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Listings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>AJAX display and update of video list (does not reload site for filter, sort, next page)\u003C\u002Fli>\n\u003Cli>video preview in list (play on hover)\u003C\u002Fli>\n\u003Cli>Filter by category, tags, name search\u003C\u002Fli>\n\u003Cli>Sort by date, views, recently viewed, random, rating, rating number, rate popularity\u003C\u002Fli>\n\u003Cli>integrates \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frate-star-review\u002F\" title=\"Rate Star Review - AJAX Reviews for Content, with Star Ratings\" rel=\"ugc\">Rate Star Review – AJAX Reviews for Content, with Star Ratings\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>VOD Access Control : Membership, Sales\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>define global video access list (roles, user emails & ids)\u003C\u002Fli>\n\u003Cli>role playlists: assign videos as accessible by certain roles\u003C\u002Fli>\n\u003Cli>exception playlists: free, registered, unpublished\u003C\u002Fli>\n\u003Cli>show preview and custom message when inaccessible\u003C\u002Fli>\n\u003Cli>read more about \u003Ca href=\"https:\u002F\u002Fvideosharevod.com\u002Ffeatures\u002Fvideo-on-demand\u002F\" title=\"Video On Demand\" rel=\"nofollow ugc\">Video On Demand\u003C\u002Fa> …\u003C\u002Fli>\n\u003Cli>integrates \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpaid-membership\u002F\" title=\"Paid Membership and Content\" rel=\"ugc\">MicroPayments – Content, Membership, Downloads\u003C\u002Fa> plugin to allow selling items\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Players\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>HTML5 video conversion and playback support\u003C\u002Fli>\n\u003Cli>HLS playback support\u003C\u002Fli>\n\u003Cli>HD video support (player adapts to video size)\u003C\u002Fli>\n\u003Cli>HTML5 native tag player\u003C\u002Fli>\n\u003Cli>Video.js player (8.x) with VAST support\u003C\u002Fli>\n\u003Cli>MediaElement.js (WordPress default video player)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>PLupload \u002F HTML5 Video Uploader\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Drag & Drop\u003C\u002Fli>\n\u003Cli>AJAX (no Submit, page reload required to upload more videos)\u003C\u002Fli>\n\u003Cli>multi video support\u003C\u002Fli>\n\u003Cli>status \u002F progress bar for each upload\u003C\u002Fli>\n\u003Cli>fallback to standard upload for older browsers\u003C\u002Fli>\n\u003Cli>mobile video upload (iOS6+, Android 3+)\u003C\u002Fli>\n\u003Cli>backend multi upload menu\u003C\u002Fli>\n\u003Cli>read more about \u003Ca href=\"http:s\u002F\u002Fvideosharevod.com\u002Ffeatures\u002Fvideo-uploader\u002F\" title=\"Video Uploader\" rel=\"nofollow ugc\">Video Uploader\u003C\u002Fa> …\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Plugin Integrations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpaidvideochat.com\u002F\" title=\"Paid Videochat Site Builder\" rel=\"nofollow ugc\">Paid Videochat\u003C\u002Fa> turnkey pay per minute cam site builder: publish streaming recordings, videos on room profile, teaser loop video\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbroadcastlivevideo.com\u002F\" title=\"Broadcast Live Video Site Builder\" rel=\"nofollow ugc\">Broadcast Live Video\u003C\u002Fa> turnkey live streaming site builder: publish channel streaming archives\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpaid-membership\u002F\" title=\"MicroPayments Content and Membership\" rel=\"ugc\">MicroPayments Content and Membership\u003C\u002Fa>: sell videos as WooCommerce products or with MyCred Sell Content\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frate-star-review\u002F\" title=\"Rate Star Review - AJAX Reviews for Content, with Star Ratings\" rel=\"ugc\">Rate Star Review – AJAX Reviews for Content, with Star Ratings\u003C\u002Fa>: allow users to rate videos and leave reviews\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Broadcast Live Video – HTML5 Live Streaming Plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>integrates with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvideowhisper-live-streaming-integration\u002F\" title=\"Broadcast Live Video - HTML5 Live Streaming\" rel=\"ugc\">Broadcast Live Video – HTML5 Live Streaming\u003C\u002Fa> channels plugin\u003C\u002Fli>\n\u003Cli>import archived video streams (previous broadcasts)\u003C\u002Fli>\n\u003Cli>upload additional videos for each channel\u003C\u002Fli>\n\u003Cli>list videos on channel page\u003C\u002Fli>\n\u003Cli>channel button on video page (if channel exists)\u003C\u002Fli>\n\u003Cli>read more about \u003Ca href=\"https:\u002F\u002Fvideosharevod.com\u002Ffeatures\u002Flive-streaming\u002F\" title=\"Live Streaming\" rel=\"nofollow ugc\">Live Streaming\u003C\u002Fa> …\u003C\u002Fli>\n\u003Cli>see \u003Ca href=\"https:\u002F\u002Fbroadcastlivevideo.com\u002F\" title=\"Broadcast Live Video Camera Script\" rel=\"nofollow ugc\">Broadcast Live Video\u003C\u002Fa> turnkey solution …\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Webcam Recording Plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>integrates with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvideo-posts-webcam-recorder\u002F\" title=\"VideoWhisper Video Posts Webcam Recorder\" rel=\"ugc\">VideoWhisper Video Posts Webcam Recorder\u003C\u002Fa> for video recording\u003C\u002Fli>\n\u003Cli>integrates with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvideo-comments-webcam-recorder\u002F\" title=\"Video Comments Webcam Recorder\n\">VideoWhisper Video Comments Webcam Recorder\u003C\u002Fa> for video recording comments (including in BuddyPress activity)\u003C\u002Fli>\n\u003Cli>recorder access shortcode “videowhisper_recorder” integrates VideoShareVOD sharing permissions\u003C\u002Fli>\n\u003Cli>read more about \u003Ca href=\"https:\u002F\u002Fwww.videowhisper.com\u002F?p=WordPress+Video+Recorder+Posts+Comments\" title=\"Video Posts Webcam Recorder\" rel=\"nofollow ugc\">Video Posts Webcam Recorder\u003C\u002Fa> …\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>External Service Dependencies\u003C\u002Fh4>\n\u003Cp>Google Interactive Media Ads libraries are required to load from Google domains when feature is enabled, to prevent “Error: IMA SDK is either not loaded from a google domain or is not a supported version.” .\u003Cbr \u002F>\nService terms: https:\u002F\u002Fdevelopers.google.com\u002Finteractive-media-ads\u002Fdocs\u002Fsdks\u002Fhtml5\u002Fclient-side\u002Fterms\u003C\u002Fp>\n\u003Ch4>Special Hosting Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>FFmpeg and HTML5 codecs are required to generate snapshots, preview clips and convert videos to HTML5 formats. Latest FFmpeg is recommended with video & audio codecs for HTML5 & video types you plan to upload.\u003C\u002Fli>\n\u003Cli>Conversions require important resources like CPU time, memory, long process time (not available on budget shared hosting). These must be available and enabled for the account processes.\u003C\u002Fli>\n\u003Cli>High upload size and script timeout limits on web host to allow uploading bigger files. Importing videos (uploaded with FTP or other tools) is recommended for very big files.\u003C\u002Fli>\n\u003Cli>CloudFlare or similar services are not recommend due to upload limitations. Will usually break bigger uploads.\u003C\u002Fli>\n\u003Cli>Optionally, to deliver videos as live streaming a server like Wowza SE is required that will provide access at a HLS address from video path.\u003C\u002Fli>\n\u003Cli>Optionally, plugin can also generate static HLS segments, using extra disk space and initial processing resources. \u003C\u002Fli>\n\u003Cli>read more about \u003Ca href=\"https:\u002F\u002Fvideosharevod.com\u002Fhosting\u002F\" title=\"Video Share VOD Hosting\" rel=\"nofollow ugc\">Video Share VOD Hosting\u003C\u002Fa> …\u003Cbr \u002F>\nSecurity Warning: Hosts that include FFmpeg access should also have specific security configuration in place. That can include CageFS and other restriction\u002Fisolation tools.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fvideosharevod.com\" rel=\"nofollow ugc\">Video Site Plugin Homepage\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fvideosharevod.com\u002Ffeatures\u002Fquick-start-tutorial\u002F\" rel=\"nofollow ugc\">Turnkey Video Site Installation Tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fconsult.videowhisper.com\" rel=\"nofollow ugc\">Developer Contact\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fvideosharevod.com\u002Fhosting\u002F\" rel=\"nofollow ugc\">Recommended Hosting\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcodes\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>videowhisper_videos playlist=”” perpage=”” perrow=”” – Video list.\u003C\u002Fli>\n\u003Cli>videowhisper_upload playlist=”” category=”” owner=”” – Upload form.\u003C\u002Fli>\n\u003Cli>videowhisper_player video=”0″ – Video player.\u003C\u002Fli>\n\u003Cli>videowhisper_preview video=”0″ – Preview only.\u003C\u002Fli>\n\u003Cli>videowhisper_player_html source=”” source_type=”” poster=”” width=”” height=”” – HTML file player.\u003C\u002Fli>\n\u003Cli>videowhisper_embed_code source=”” source_type=”” poster=”” width=”” height=”” – Embed code HTML player.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more details see Video Share VOD – Documentation menu after installing plugin.\u003C\u002Fp>\n\u003Ch3>Demo\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdemo.videosharevod.com\u002F\" rel=\"nofollow ugc\">Live Video Site Demo\u003C\u002Fa>\u003C\u002Fp>\n","Build your own VOD platform with Video Share VOD, featuring extensive video management, monetization, and HTML5 support.",60,86001,46,12,"2026-02-27T11:08:00.000Z","6.9.4","5.1","7.4",[20,21,22,7,23],"ffmpeg","share","video","vod","https:\u002F\u002Fvideosharevod.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvideo-share-vod.zip",92,5,0,"2026-02-17 20:33:31","2026-03-15T15:16:48.613Z",[32,48,63,77,90],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-13727","video-share-vod-authenticated-editor-stored-cross-site-scripting-via-custom-field-meta-values","Video Share VOD \u003C= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values","The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=2.7.11","2.7.12","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-02-18 09:25:54",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F776a441b-1bb8-46ea-9884-4abf562f6e5c?source=api-prod",1,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":37,"affected_versions":53,"patched_in_version":54,"severity":55,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":60,"references":61,"days_to_patch":47},"CVE-2025-7812","video-share-vod-turnkey-video-site-builder-script-cross-site-request-forgery-to-command-injection","Video Share VOD – Turnkey Video Site Builder Script \u003C= 2.7.6 - Cross-Site Request Forgery to Command Injection","The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.6. This is due to missing or incorrect nonce validation on the adminExport() function. This makes it possible for unauthenticated attackers to update settings and execute remote code when the Server command execution setting is enabled via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=2.7.6","2.7.7","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Cross-Site Request Forgery (CSRF)","2025-08-27 00:00:00","2025-08-28 01:46:29",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb9e499c4-e683-4587-b0ab-7f4ecde94e41?source=api-prod",{"id":64,"url_slug":65,"title":66,"description":67,"plugin_slug":4,"theme_slug":37,"affected_versions":68,"patched_in_version":69,"severity":40,"cvss_score":70,"cvss_vector":71,"vuln_type":43,"published_date":72,"updated_date":73,"references":74,"days_to_patch":76},"CVE-2025-26583","video-share-vod-reflected-cross-site-scripting","Video Share VOD \u003C= 2.7.9 - Reflected Cross-Site Scripting","The Video Share VOD plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=2.7.9","2.7.10",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2025-03-12 00:00:00","2025-11-20 19:48:17",[75],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F64aa76c3-a70a-4939-ad46-b2e67a556124?source=api-prod",254,{"id":78,"url_slug":79,"title":80,"description":81,"plugin_slug":4,"theme_slug":37,"affected_versions":82,"patched_in_version":83,"severity":40,"cvss_score":84,"cvss_vector":85,"vuln_type":43,"published_date":86,"updated_date":87,"references":88,"days_to_patch":47},"CVE-2024-13393","video-share-vod-turnkey-video-site-builder-script-authenticated-contributor-stored-cross-site-scripting-2","Video Share VOD – Turnkey Video Site Builder Script \u003C= 2.6.31 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_videos' shortcode in all versions up to, and including, 2.6.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.6.31","2.6.32",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2025-01-17 00:00:00","2025-01-18 07:05:10",[89],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff9e85d85-76cd-4606-918b-87f07098c967?source=api-prod",{"id":91,"url_slug":92,"title":93,"description":94,"plugin_slug":4,"theme_slug":37,"affected_versions":95,"patched_in_version":96,"severity":40,"cvss_score":84,"cvss_vector":85,"vuln_type":43,"published_date":97,"updated_date":98,"references":99,"days_to_patch":47},"CVE-2024-12449","video-share-vod-turnkey-video-site-builder-script-authenticated-contributor-stored-cross-site-scripting","Video Share VOD – Turnkey Video Site Builder Script \u003C= 2.6.30 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_player_html' shortcode in all versions up to, and including, 2.6.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.6.30","2.6.31","2024-12-17 00:00:00","2024-12-18 03:22:06",[100],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb857e64c-a345-4ed3-b690-5b9d1a0cae15?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":102,"avg_security_score":103,"avg_patch_time_days":104,"trust_score":105,"computed_at":106},1270,93,1072,74,"2026-04-04T09:51:51.364Z",[108,131,152,170,187],{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":118,"num_ratings":119,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":127,"download_link":128,"security_score":129,"vuln_count":119,"unpatched_count":28,"last_vuln_date":130,"fetched_at":30},"vod-infomaniak","VOD Infomaniak","1.5.12","Infomaniak Network","https:\u002F\u002Fprofiles.wordpress.org\u002Finfomaniak-dev\u002F","\u003Cp>Ce plugin vous permet de gérer facilement les interactions entre votre blog wordpress et votre espace VOD.\u003Cbr \u002F>\nIl vous permet en toute simplicité de récupérer et de gérer l’ensemble de vos vidéos.\u003C\u002Fp>\n\u003Cp>Si vous souhaitez obtenir plus d’informations sur notre solution d’hébergement vidéo, veuillez vous rendre à l’adresse http:\u002F\u002Fstreaming.infomaniak.com\u002Fstockage-video-en-ligne\u003C\u002Fp>\n\u003Cp>Cet outil va vous permettre d’utiliser simplement depuis votre blog, de nombreuses fonctions avancées telles que :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>L’envoi de nouvelles vidéos pendant l’écriture d’un article\u003C\u002Fli>\n\u003Cli>La possibilité d’importer massivement des fichiers vidéos directement depuis votre administration wordpress\u003C\u002Fli>\n\u003Cli>La mise à jour automatique de la base de données de votre site lors de l’ajout d’une nouvelle vidéo à votre compte\u003C\u002Fli>\n\u003Cli>La récupération automatique des players existants\u003C\u002Fli>\n\u003Cli>La gestion et l’implémentation facile des playlist déjà créés dans notre interface d’administration\u003C\u002Fli>\n\u003Cli>Un outil de recherche de vidéo, lors de l’écriture d’un article ou d’une page pour retrouver facilement une archive\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cp>How can I report security bugs?\u003C\u002Fp>\n\u003Cp>You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. \u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fdatabase\u002Fvdp\u002Fvod-infomaniak\" rel=\"nofollow ugc\">Report a security vulnerability.\u003C\u002Fa>\u003C\u002Fp>\n","Easily embed and manage videos from Infomaniak VOD in your posts, comments and RSS feeds. You need an Infomaniak VOD account to use this plugin.",20000,279151,80,4,"2025-10-06T04:50:00.000Z","6.8.5","2.8.6","",[125,126,22,23],"infomaniak","manage","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fvod-infomaniak\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvod-infomaniak.1.5.12.zip",95,"2025-09-23 00:00:00",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":139,"downloaded":140,"rating":141,"num_ratings":47,"last_updated":142,"tested_up_to":143,"requires_at_least":144,"requires_php":123,"tags":145,"homepage":149,"download_link":150,"security_score":151,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"open-beacon-mp4-conversion-and-compression","Open Beacon MP4 Conversion and Compression","1.0.1","Thabo David Klass","https:\u002F\u002Fprofiles.wordpress.org\u002Fthabo-david-klass\u002F","\u003Cp>Over the past 10 years, the stunning rise of video on the internet as a way to communicate\u003Cbr \u002F>\nand disseminate ideas has made it a platform that EVERYONE has needed to get familiar with\u003Cbr \u002F>\nand master.  With this rise, came incredible tools like FFmpeg and video file formats like\u003Cbr \u002F>\nMP4, that has become the de facto video format on the web.  FFmpeg is a powerful open source\u003Cbr \u002F>\nvideo conversion, compression and streaming tool used by top services like YouTube and\u003Cbr \u002F>\nFacebook. Because of the current zeitgeist, it is important to use video on your site to\u003Cbr \u002F>\ninteract with you visitors in ways that they can relate to and understand.  Communicating\u003Cbr \u002F>\nin a standard way using the MP4 video format and making sure those videos are small in size\u003Cbr \u002F>\nbut good in quality is therefore absolutely imperative.\u003C\u002Fp>\n\u003Cp>Open Beacon MP4 Conversion and Compression combines WordPress with FFmpeg to easily convert\u003Cbr \u002F>\nfiles from the popular FLV and MOV file formats to the even more popular MP4 file format.\u003Cbr \u002F>\nExisting MP4 files can be radically compressed without any perceptible loss in video quality.\u003Cbr \u002F>\nIn short, Open Beacon MP4 Conversion and Compression is what any WordPress aficionado needs\u003Cbr \u002F>\nif they want to use FFmpeg.\u003C\u002Fp>\n\u003Cp>This plugin ONLY works with FFmpeg.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fsy-1kkjeJ8E?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Ch3>A brief Markdown Example\u003C\u002Fh3>\n","Easily convert video to MP4 and compress existing MP4 files to smaller sizes for WordPress media or to save locally for a variety of other uses.",70,5613,100,"2015-09-07T18:27:00.000Z","4.1.42","3.6",[146,147,20,148,22],"compression","conversion","mp4","http:\u002F\u002Fopenbeacon.biz\u002F?p=298","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fopen-beacon-mp4-conversion-and-compression.zip",85,{"slug":153,"name":154,"version":155,"author":7,"author_profile":8,"description":156,"short_description":157,"active_installs":11,"downloaded":158,"rating":28,"num_ratings":28,"last_updated":159,"tested_up_to":160,"requires_at_least":161,"requires_php":18,"tags":162,"homepage":167,"download_link":168,"security_score":26,"vuln_count":47,"unpatched_count":28,"last_vuln_date":169,"fetched_at":30},"video-comments-webcam-recorder","HTML5 Webcam\u002FScreen\u002FMic Recorder for Video Comments and Forms","2.2.6","\u003Cp>HTML5 Webcam Microphone Recorder Forms is a powerful, easy-to-use plugin that allows you to add video and audio recording capabilities directly into WordPress comment forms and custom forms. With this plugin, users can record from their webcam, screen, microphone and submit their recordings as part of their comment or form submission.\u003C\u002Fp>\n\u003Cp>Key Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Seamless Form Integration: Adds a recording field to your forms with a simple shortcode. Users can easily record video or audio and submit it alongside their comments or form entries.\u003C\u002Fli>\n\u003Cli>Video Comments: Includes a button within the comments form for users to add video or audio recordings. This feature can be toggled on or off in the plugin settings. Submitted recordings are displayed as links that open in a new page or embed.\u003C\u002Fli>\n\u003Cli>Customizable Recorder: The recording interface appears in a user-friendly dialog box and allows multiple recordings. Recordings are uploaded to your server and can be automatically added to the Media Library or processed\u002Fpublished using the \u003Ca href=\"https:\u002F\u002Fvideosharevod.com\" rel=\"nofollow ugc\">Video Share VOD\u003C\u002Fa> plugin.\u003C\u002Fli>\n\u003Cli>Flexible Recording Options: Supports various recording types, including:\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>Webcam + Microphone Video\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>Screen + Microphone Video\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>Microphone-only Audio\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Simple Integration with Other Plugins: Perfect for use in more advanced setups like paid questions or message forms. Works well with the \u003Ca href=\"https:\u002F\u002Fpaidvideochat.com\u002F\" rel=\"nofollow ugc\">PaidVideochat – Video Services Site\u003C\u002Fa> plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note: Recordings are saved in formats supported by the user’s browser (e.g., MP4, WebM). Please be aware that some formats may not be compatible with all browsers.\u003C\u002Fp>\n\u003Cp>This plugin utilizes the latest HTML5 technology, based on the HTML5 Videochat \u002F Cam Recorder web app, ensuring fast and reliable performance for both video and audio recording.\u003C\u002Fp>\n\u003Cp>Transform your WordPress site by enabling rich, multimedia user interactions with this intuitive and versatile recording plugin.\u003C\u002Fp>\n\u003Cp>This web app implementation is based on \u003Ca href=\"https:\u002F\u002Fdemo.videowhisper.com\u002Fcam-recorder-html5-video-audio\u002F\" rel=\"nofollow ugc\">HTML5 Videochat \u002F Cam Recoder\u003C\u002Fa> .\u003C\u002Fp>\n\u003Cp>Sample integration: Paid Questions \u002F Messages forms can include recordings in \u003Ca href=\"https:\u002F\u002Fpaidvideochat.com\u002F\" rel=\"nofollow ugc\">PaidVideochat – Video Services Site\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Display HTML5 Recorder with shortcode [[videowhisper_recorder_inline field=”recordings” add_field=”1″ label=””]].\u003Cbr \u002F>\nWhen a recording is sent to server, application calls window.VideoWhisper.recoderUploadCompleted([filename]). Unless field parameter is blank, the function is also implemented and adds the filename to value of field with provided id. Field is added by default unless disabled with add_field parameter. A field label can be included.\u003Cbr \u002F>\nThis web app implementation is based on \u003Ca href=\"https:\u002F\u002Fdemo.videowhisper.com\u002Fcam-recorder-html5-video-audio\u002F\" rel=\"nofollow ugc\">HTML5 Videochat \u002F Cam Recoder\u003C\u002Fa> .\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fvideowhisper.com\u002Ftickets_submit.php\" rel=\"nofollow ugc\">Contact VideoWhisper Technical Support\u003C\u002Fa> for clarifications\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily add webcam, screen, and mic recordings to WordPress comments and forms with this shortcode-enabled plugin for video and audio submissions.",12593,"2025-04-01T06:10:00.000Z","6.7.5","5.0",[163,164,165,7,166],"comments","html5","recorder","webcam","https:\u002F\u002Ffanspaysite.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvideo-comments-webcam-recorder.zip","2014-06-12 00:00:00",{"slug":171,"name":172,"version":173,"author":174,"author_profile":175,"description":176,"short_description":177,"active_installs":178,"downloaded":179,"rating":28,"num_ratings":28,"last_updated":180,"tested_up_to":123,"requires_at_least":181,"requires_php":123,"tags":182,"homepage":123,"download_link":186,"security_score":151,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"press-tube","Press Tube","0.0.3","Erik","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodekraft\u002F","\u003Cp>Press Tube let you access YouTube content from your site administration panel, easily find them and embed in your posts content. You can access to your channel content and create custom playlists.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily select YouTube content from post edit page.\u003C\u002Fli>\n\u003Cli>Embed content in your posts with many options.\u003C\u002Fli>\n\u003Cli>Display YouTube playlists in various styles (default, list, slider, gallery).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcodes\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>[subscribe]: Display the YouTube subscribe button for a given Channel Id\u003C\u002Fli>\n\u003Cli>[playlist]: Display the playlist for a given Id that can be YouTube playlist Id or custom playlists Id\u003C\u002Fli>\n\u003Cli>[live-chat]: Display the live chat frame for a given Live video id.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Widgets\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>YouTube LiveStream: Display your live stream video with chat and many options\u003C\u002Fli>\n\u003Cli>YouTube Videos: Display a set of videos that match your options in different styles\u003C\u002Fli>\n\u003Cli>YouTube Subscribe: Display the YouTube Subscribe button for your channel or any channel with many options\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>More to come in next versions.\u003C\u002Fp>\n\u003Ch4>Please Vote and Enjoy\u003C\u002Fh4>\n\u003Cp>Your votes really make a difference! Thanks.\u003C\u002Fp>\n","With Press Tube you can easily access to YouTube content directly from your site administration panel.",50,3354,"2017-04-03T10:19:00.000Z","4.6",[183,184,21,22,185],"embed","playlist","youtube","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpress-tube.zip",{"slug":188,"name":189,"version":134,"author":135,"author_profile":136,"description":190,"short_description":191,"active_installs":192,"downloaded":193,"rating":141,"num_ratings":47,"last_updated":194,"tested_up_to":195,"requires_at_least":196,"requires_php":197,"tags":198,"homepage":201,"download_link":202,"security_score":151,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"spreebie-transcoder","Spreebie Transcoder – Resize, Compress and Store Video","\u003Cp>The  role of video as the premier mode of communication and information transmission in the year 2019 has now become uncontested. Video informs all aspects of our lives, from how we communicate with our loved ones to how radio stations stream content to their ‘listeners’. The monumental task for content providers today is to provide video in a manner in which it is accessible to everyone – not providing video is totally out of the question.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FGek1h29pyNU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>A large part of this is of course driven by the all internet-based media distribution platforms that have sprouted up since 2005. Video has become so instrumental and so effective that it has even triggered the biggest learning cycle in human history. So, the important test for content providers is fundamentally related to access – global access. Pertaining to internet infrastructure, different places in the world are at different stages of development – all those people have to have access to the same content. Providing video at resolutions that deal with these scenarios can be what separates a content providers from their competition.\u003C\u002Fp>\n\u003Cp>The MP4 video format and FFmpeg have matured tremendously over the past 15 years. MP4 has become the de facto video format on the web and FFmpeg is the goto transcoding tool for some of the biggest video distribution platforms in the world. Just because of the lay of the land in 2019, it is important to use video on your site to interact with your visitors in ways that they can relate to and understand. Communicating in a standard way using the MP4 video format and making sure those videos can be provided in sizes and rates that respond to individual users’ needs and circumstances is imperative.\u003C\u002Fp>\n\u003Cp>WordPress is now running on 30% of all websites – in a way, it has become a kind of web operating system. This means that it has become unavoidable and thinking about creating new products and dedicated implementations of existing products for WordPress is imperative.\u003C\u002Fp>\n\u003Cp>The combination of better video transcoding technology, standard (popular) video containers, cloud storage services and a web dominated by a very powerful WordPress was fertile soil to create Spreebie Transcoder.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\u003Cstrong>Resizing\u003C\u002Fstrong> – Spreebie Transcoder resizes video to lesser resolutions. For example, a 360p video will get 240p and 144p copies.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compression\u003C\u002Fstrong> – Spreebie Transcoder has adjustable settings to determine the quality of video and the speed at which transcoding happens. This results in compression to varying degrees depending on what settings have been chosen.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Cloud Storage\u003C\u002Fstrong> – If you choose to, transcoded video can be stored on Google Cloud Storage as a backup.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Folders\u003C\u002Fstrong> – Spreebie Transcoder supports WP Real Media Library that brings folder functionality to WordPress media.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Support and Manual\u003C\u002Fstrong> – Spreebie Transcoder provides a support tab through which users can request support from Spreebie representatives. A comprehensive manual is also provided to help users with most of the questions they may have.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>This plugin requires FFmpeg to work.\u003C\u002Fp>\n\u003Cp>THIRD PARTY PRODUCT AND SERVICE NOTE: When storing already transcoded video on the cloud with this plugin, a third party service called Google Cloud Storage (https:\u002F\u002Fcloud.google.com\u002Fstorage\u002F) is used for storage. A number of open-source PHP libraries from various sources are packaged within Spreebie Transcoder in the folder “vendor” in order to facilitate Google Cloud Storage functionality. Google Cloud Storage in this plugin ONLY works for cloud storage – the rest of the plugin can function without it.\u003C\u002Fp>\n\u003Cp>Another third party product which is not included with this plugin but is its centre is FFmpeg is (https:\u002F\u002Fwww.ffmpeg.org\u002F) – this is used to perform all the video analysis and transcoding. Without FFmpeg, this plugin cannot function.\u003C\u002Fp>\n\u003Cp>The last third party product that can be used in tandem with this plugin but is not included with it is WP Real Media Library (https:\u002F\u002Fmatthias-web.com\u002Fwordpress\u002Freal-media-library\u002F). This can be used to organise your transcoded media into folders. Spreebie Transcoder does not need WP Real Media Library to function.\u003C\u002Fp>\n","SPREEBIE TRANSCODER is a WordPress plugin that resizes, compresses and stores MP4 video via FFmpeg and Google Cloud Storage.",40,2879,"2019-03-26T12:41:00.000Z","5.1.22","4.1","5.5",[146,20,199,200,22],"google-cloud-storage","resizing","http:\u002F\u002Fopenbeacon.biz\u002Fspreebie-transcoder-video-transcoding-for-wordpress-with-ffmpeg\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspreebie-transcoder.zip",{"attackSurface":204,"codeSignals":385,"taintFlows":693,"riskAssessment":917,"analyzedAt":930},{"hooks":205,"ajaxHandlers":307,"restRoutes":336,"shortcodes":337,"cronEvents":380,"entryPointCount":383,"unprotectedCount":384},[206,211,214,219,223,226,230,233,236,240,243,246,250,252,255,258,261,265,268,272,276,279,282,285,288,291,294,297,301,304],{"type":207,"name":208,"callback":208,"file":209,"line":210},"filter","wp_get_attachment_image_src","video-share-vod.php",455,{"type":207,"name":212,"callback":212,"file":209,"line":213},"wp_get_attachment_url",456,{"type":215,"name":216,"callback":217,"file":209,"line":218},"action","wp_enqueue_scripts","scripts",458,{"type":207,"name":220,"callback":221,"priority":47,"file":209,"line":222},"the_content","wpautop",464,{"type":207,"name":220,"callback":224,"priority":141,"file":209,"line":225},"shortcode_unautop",467,{"type":215,"name":227,"callback":228,"file":209,"line":229},"load-post.php","post_meta_boxes_setup",470,{"type":215,"name":231,"callback":228,"file":209,"line":232},"load-post-new.php",471,{"type":207,"name":234,"callback":234,"file":209,"line":235},"pre_get_posts",474,{"type":207,"name":237,"callback":238,"file":209,"line":239},"request","duration_column_orderby",478,{"type":215,"name":241,"callback":241,"file":209,"line":242},"admin_head",481,{"type":207,"name":244,"callback":244,"file":209,"line":245},"parse_query",483,{"type":215,"name":247,"callback":248,"file":209,"line":249},"before_delete_post","video_delete",485,{"type":207,"name":220,"callback":220,"file":209,"line":251},490,{"type":207,"name":220,"callback":253,"file":209,"line":254},"channel_page",495,{"type":207,"name":220,"callback":256,"file":209,"line":257},"tvshow_page",499,{"type":207,"name":259,"callback":259,"file":209,"line":260},"query_vars",537,{"type":207,"name":262,"callback":262,"priority":263,"file":209,"line":264},"vw_ls_manage_channel",10,553,{"type":207,"name":266,"callback":266,"file":209,"line":267},"vw_ls_manage_channels_head",554,{"type":215,"name":269,"callback":270,"file":209,"line":271},"add_meta_boxes","add_post_meta_boxes",3264,{"type":215,"name":273,"callback":274,"priority":263,"file":209,"line":275},"save_post","save_post_meta",3267,{"type":215,"name":277,"callback":277,"priority":28,"file":209,"line":278},"init",3671,{"type":215,"name":280,"callback":280,"file":209,"line":281},"admin_menu",3672,{"type":215,"name":283,"callback":283,"priority":141,"file":209,"line":284},"admin_bar_menu",3673,{"type":215,"name":286,"callback":286,"file":209,"line":287},"plugins_loaded",3675,{"type":215,"name":289,"callback":289,"file":209,"line":290},"parse_request",3677,{"type":207,"name":292,"callback":292,"file":209,"line":293},"archive_template",3680,{"type":207,"name":295,"callback":295,"file":209,"line":296},"cron_schedules",3684,{"type":215,"name":298,"callback":299,"file":209,"line":300},"cron_4min_event","convertProcessQueue",3685,{"type":215,"name":277,"callback":302,"file":209,"line":303},"setup_schedule",3687,{"type":207,"name":305,"callback":305,"file":209,"line":306},"single_template",3690,[308,312,315,318,320,323,325,328,330,333],{"action":309,"nopriv":310,"callback":309,"hasNonce":310,"hasCapCheck":310,"file":209,"line":311},"vwvs_videos",false,524,{"action":309,"nopriv":313,"callback":309,"hasNonce":310,"hasCapCheck":310,"file":209,"line":314},true,525,{"action":316,"nopriv":310,"callback":316,"hasNonce":310,"hasCapCheck":310,"file":209,"line":317},"vwvs_playlist_m3u",528,{"action":316,"nopriv":313,"callback":316,"hasNonce":310,"hasCapCheck":310,"file":209,"line":319},529,{"action":321,"nopriv":310,"callback":321,"hasNonce":310,"hasCapCheck":310,"file":209,"line":322},"vwvs_embed",531,{"action":321,"nopriv":313,"callback":321,"hasNonce":310,"hasCapCheck":310,"file":209,"line":324},532,{"action":326,"nopriv":310,"callback":326,"hasNonce":310,"hasCapCheck":310,"file":209,"line":327},"vwvs_mbr",534,{"action":326,"nopriv":313,"callback":326,"hasNonce":310,"hasCapCheck":310,"file":209,"line":329},535,{"action":331,"nopriv":310,"callback":331,"hasNonce":310,"hasCapCheck":313,"file":209,"line":332},"vwvs_upload",540,{"action":334,"nopriv":310,"callback":334,"hasNonce":310,"hasCapCheck":310,"file":209,"line":335},"vwvs_plupload",541,[],[338,341,344,347,350,354,357,360,364,368,371,374,377],{"tag":339,"callback":339,"file":209,"line":340},"videowhisper_plupload",503,{"tag":342,"callback":342,"file":209,"line":343},"videowhisper_player",505,{"tag":345,"callback":345,"file":209,"line":346},"videowhisper_videos",506,{"tag":348,"callback":348,"file":209,"line":349},"videowhisper_upload",507,{"tag":351,"callback":352,"file":209,"line":353},"videowhisper_preview","shortcode_preview",508,{"tag":355,"callback":355,"file":209,"line":356},"videowhisper_player_html",509,{"tag":358,"callback":358,"file":209,"line":359},"videowhisper_import",510,{"tag":361,"callback":362,"file":209,"line":363},"videowhisper_playlist","shortcode_playlist",511,{"tag":365,"callback":366,"file":209,"line":367},"videowhisper_embed_code","shortcode_embed_code",513,{"tag":369,"callback":369,"file":209,"line":370},"videowhisper_postvideos",515,{"tag":372,"callback":372,"file":209,"line":373},"videowhisper_postvideos_process",516,{"tag":375,"callback":375,"file":209,"line":376},"videowhisper_postvideo_assign",518,{"tag":378,"callback":378,"file":209,"line":379},"videowhisper_embed",520,[381],{"hook":298,"callback":298,"file":209,"line":382},406,23,9,{"dangerousFunctions":386,"sqlUsage":457,"outputEscaping":463,"fileOperations":689,"externalRequests":28,"nonceChecks":690,"capabilityChecks":691,"bundledLibraries":692},[387,392,395,397,399,403,405,407,409,411,413,415,417,419,421,423,425,428,431,434,436,439,442,444,446,448,450,452,455],{"fn":388,"file":389,"line":390,"context":391},"exec","inc\\options.php",714,"if ( exec( 'echo EXEC' ) == 'EXEC' ) {",{"fn":388,"file":389,"line":393,"context":394},728,"exec( escapeshellcmd( $cmd ), $output, $returnvalue );",{"fn":388,"file":389,"line":396,"context":394},737,{"fn":388,"file":389,"line":398,"context":394},780,{"fn":400,"file":389,"line":401,"context":402},"unserialize",861,"$spaceStats = unserialize( $meta );",{"fn":388,"file":389,"line":404,"context":391},2030,{"fn":388,"file":389,"line":406,"context":394},2044,{"fn":388,"file":389,"line":408,"context":391},2230,{"fn":388,"file":389,"line":410,"context":394},2244,{"fn":388,"file":389,"line":412,"context":394},2253,{"fn":388,"file":389,"line":414,"context":394},2294,{"fn":388,"file":389,"line":416,"context":394},2380,{"fn":388,"file":389,"line":418,"context":391},2407,{"fn":388,"file":389,"line":420,"context":394},2431,{"fn":388,"file":389,"line":422,"context":394},2440,{"fn":388,"file":389,"line":424,"context":394},2520,{"fn":400,"file":209,"line":426,"context":427},1778,"$videoAlts = unserialize( $videoAdaptive );",{"fn":388,"file":209,"line":429,"context":430},2023,"exec( escapeshellcmd( \"echo '$cmd' >> $cmdPath\" ), $output, $returnvalue );",{"fn":388,"file":209,"line":432,"context":433},2077,"exec( escapeshellcmd( \"echo '$cmdH' >> $cmdPath\" ), $output, $returnvalue );",{"fn":388,"file":209,"line":435,"context":430},2102,{"fn":388,"file":209,"line":437,"context":438},2146,"exec( $cmd, $output, $returnvalue );",{"fn":400,"file":209,"line":440,"context":441},2167,"return unserialize( file_get_contents( $path ) );",{"fn":388,"file":209,"line":443,"context":438},2198,{"fn":388,"file":209,"line":445,"context":438},2228,{"fn":388,"file":209,"line":447,"context":438},2297,{"fn":388,"file":209,"line":449,"context":430},2300,{"fn":388,"file":209,"line":451,"context":438},2522,{"fn":388,"file":209,"line":453,"context":454},2526,"exec( escapeshellcmd( \"echo '$info' >> $logPath\" ), $output, $returnvalue );",{"fn":388,"file":209,"line":456,"context":430},2529,{"prepared":458,"raw":47,"locations":459},15,[460],{"file":209,"line":461,"context":462},3630,"$wpdb->get_results() with variable interpolation",{"escaped":464,"rawEcho":465,"locations":466},813,113,[467,469,470,472,474,476,478,480,482,484,486,488,490,492,494,496,498,500,502,504,506,508,510,512,514,516,518,520,522,524,526,528,530,532,534,536,538,540,542,544,546,548,550,552,554,556,558,560,562,564,566,568,570,572,574,576,578,580,582,584,586,588,590,592,594,596,598,600,602,604,607,609,611,613,615,617,619,621,623,625,627,629,631,633,635,637,639,641,643,645,647,649,651,652,654,655,656,657,660,662,664,666,668,670,671,673,675,677,679,681,683,685,687],{"file":389,"line":379,"context":468},"raw output",{"file":389,"line":324,"context":468},{"file":389,"line":471,"context":468},562,{"file":389,"line":473,"context":468},581,{"file":389,"line":475,"context":468},589,{"file":389,"line":477,"context":468},603,{"file":389,"line":479,"context":468},604,{"file":389,"line":481,"context":468},605,{"file":389,"line":483,"context":468},612,{"file":389,"line":485,"context":468},667,{"file":389,"line":487,"context":468},675,{"file":389,"line":489,"context":468},679,{"file":389,"line":491,"context":468},696,{"file":389,"line":493,"context":468},797,{"file":389,"line":495,"context":468},804,{"file":389,"line":497,"context":468},805,{"file":389,"line":499,"context":468},806,{"file":389,"line":501,"context":468},807,{"file":389,"line":503,"context":468},808,{"file":389,"line":505,"context":468},857,{"file":389,"line":507,"context":468},870,{"file":389,"line":509,"context":468},876,{"file":389,"line":511,"context":468},880,{"file":389,"line":513,"context":468},884,{"file":389,"line":515,"context":468},888,{"file":389,"line":517,"context":468},892,{"file":389,"line":519,"context":468},896,{"file":389,"line":521,"context":468},1018,{"file":389,"line":523,"context":468},1020,{"file":389,"line":525,"context":468},1032,{"file":389,"line":527,"context":468},1060,{"file":389,"line":529,"context":468},1070,{"file":389,"line":531,"context":468},1084,{"file":389,"line":533,"context":468},1090,{"file":389,"line":535,"context":468},1114,{"file":389,"line":537,"context":468},1125,{"file":389,"line":539,"context":468},1128,{"file":389,"line":541,"context":468},1130,{"file":389,"line":543,"context":468},1138,{"file":389,"line":545,"context":468},1150,{"file":389,"line":547,"context":468},1158,{"file":389,"line":549,"context":468},1172,{"file":389,"line":551,"context":468},1173,{"file":389,"line":553,"context":468},1174,{"file":389,"line":555,"context":468},1237,{"file":389,"line":557,"context":468},1241,{"file":389,"line":559,"context":468},1245,{"file":389,"line":561,"context":468},1248,{"file":389,"line":563,"context":468},1363,{"file":389,"line":565,"context":468},1372,{"file":389,"line":567,"context":468},1389,{"file":389,"line":569,"context":468},1395,{"file":389,"line":571,"context":468},1401,{"file":389,"line":573,"context":468},1407,{"file":389,"line":575,"context":468},1413,{"file":389,"line":577,"context":468},1831,{"file":389,"line":579,"context":468},1890,{"file":389,"line":581,"context":468},1984,{"file":389,"line":583,"context":468},2062,{"file":389,"line":585,"context":468},2352,{"file":389,"line":587,"context":468},2353,{"file":389,"line":589,"context":468},2894,{"file":389,"line":591,"context":468},2895,{"file":389,"line":593,"context":468},2896,{"file":389,"line":595,"context":468},2998,{"file":389,"line":597,"context":468},2999,{"file":389,"line":599,"context":468},3000,{"file":389,"line":601,"context":468},3001,{"file":389,"line":603,"context":468},3002,{"file":605,"line":606,"context":468},"inc\\shortcodes.php",214,{"file":605,"line":608,"context":468},224,{"file":605,"line":610,"context":468},228,{"file":605,"line":612,"context":468},259,{"file":605,"line":614,"context":468},271,{"file":605,"line":616,"context":468},301,{"file":605,"line":618,"context":468},302,{"file":605,"line":620,"context":468},307,{"file":605,"line":622,"context":468},308,{"file":605,"line":624,"context":468},309,{"file":605,"line":626,"context":468},310,{"file":605,"line":628,"context":468},311,{"file":605,"line":630,"context":468},314,{"file":605,"line":632,"context":468},315,{"file":605,"line":634,"context":468},316,{"file":605,"line":636,"context":468},319,{"file":605,"line":638,"context":468},328,{"file":605,"line":640,"context":468},333,{"file":605,"line":642,"context":468},341,{"file":605,"line":644,"context":468},347,{"file":605,"line":646,"context":468},423,{"file":605,"line":648,"context":468},439,{"file":605,"line":650,"context":468},465,{"file":605,"line":239,"context":468},{"file":605,"line":653,"context":468},512,{"file":605,"line":370,"context":468},{"file":605,"line":376,"context":468},{"file":605,"line":317,"context":468},{"file":658,"line":659,"context":468},"taxonomy-playlist.php",7,{"file":209,"line":661,"context":468},235,{"file":209,"line":663,"context":468},782,{"file":209,"line":665,"context":468},783,{"file":209,"line":667,"context":468},784,{"file":209,"line":669,"context":468},859,{"file":209,"line":401,"context":468},{"file":209,"line":672,"context":468},1027,{"file":209,"line":674,"context":468},1041,{"file":209,"line":676,"context":468},2475,{"file":209,"line":678,"context":468},3408,{"file":209,"line":680,"context":468},3409,{"file":209,"line":682,"context":468},3410,{"file":209,"line":684,"context":468},3585,{"file":209,"line":686,"context":468},3642,{"file":209,"line":688,"context":468},3648,57,6,13,[],[694,712,722,737,754,763,779,790,801,896,904],{"entryPoint":695,"graph":696,"unsanitizedCount":711,"severity":40},"adminManage (inc\\options.php:1044)",{"nodes":697,"edges":709},[698,703],{"id":699,"type":700,"label":701,"file":389,"line":702},"n0","source","$_GET (x16)",1062,{"id":704,"type":705,"label":706,"file":389,"line":707,"wp_function":708},"n1","sink","echo() [XSS]",1064,"echo",[710],{"from":699,"to":704,"sanitized":310},16,{"entryPoint":713,"graph":714,"unsanitizedCount":28,"severity":721},"adminImport (inc\\options.php:1334)",{"nodes":715,"edges":719},[716,718],{"id":699,"type":700,"label":717,"file":389,"line":565},"$_SERVER['REQUEST_URI']",{"id":704,"type":705,"label":706,"file":389,"line":565,"wp_function":708},[720],{"from":699,"to":704,"sanitized":313},"low",{"entryPoint":723,"graph":724,"unsanitizedCount":28,"severity":721},"adminOptions (inc\\options.php:1771)",{"nodes":725,"edges":734},[726,727,728,732],{"id":699,"type":700,"label":717,"file":389,"line":577},{"id":704,"type":705,"label":706,"file":389,"line":577,"wp_function":708},{"id":729,"type":700,"label":730,"file":389,"line":731},"n2","$_SERVER['DOCUMENT_ROOT']",2360,{"id":733,"type":705,"label":706,"file":389,"line":731,"wp_function":708},"n3",[735,736],{"from":699,"to":704,"sanitized":313},{"from":729,"to":733,"sanitized":313},{"entryPoint":738,"graph":739,"unsanitizedCount":28,"severity":721},"\u003Coptions> (inc\\options.php:0)",{"nodes":740,"edges":750},[741,742,743,745,746,748],{"id":699,"type":700,"label":701,"file":389,"line":702},{"id":704,"type":705,"label":706,"file":389,"line":707,"wp_function":708},{"id":729,"type":700,"label":744,"file":389,"line":565},"$_SERVER['REQUEST_URI'] (x2)",{"id":733,"type":705,"label":706,"file":389,"line":565,"wp_function":708},{"id":747,"type":700,"label":730,"file":389,"line":731},"n4",{"id":749,"type":705,"label":706,"file":389,"line":731,"wp_function":708},"n5",[751,752,753],{"from":699,"to":704,"sanitized":313},{"from":729,"to":733,"sanitized":313},{"from":747,"to":749,"sanitized":313},{"entryPoint":755,"graph":756,"unsanitizedCount":28,"severity":721},"vwvs_videos (inc\\shortcodes.php:15)",{"nodes":757,"edges":761},[758,760],{"id":699,"type":700,"label":759,"file":605,"line":192},"$_GET (x13)",{"id":704,"type":705,"label":706,"file":605,"line":608,"wp_function":708},[762],{"from":699,"to":704,"sanitized":313},{"entryPoint":764,"graph":765,"unsanitizedCount":28,"severity":721},"\u003Cshortcodes> (inc\\shortcodes.php:0)",{"nodes":766,"edges":776},[767,768,769,772],{"id":699,"type":700,"label":759,"file":605,"line":192},{"id":704,"type":705,"label":706,"file":605,"line":608,"wp_function":708},{"id":729,"type":700,"label":770,"file":605,"line":771},"$_GET",1626,{"id":733,"type":705,"label":773,"file":605,"line":774,"wp_function":775},"get_var() [SQLi]",1651,"get_var",[777,778],{"from":699,"to":704,"sanitized":313},{"from":729,"to":733,"sanitized":313},{"entryPoint":780,"graph":781,"unsanitizedCount":28,"severity":721},"widget_videowhisper_videos_control (video-share-vod.php:685)",{"nodes":782,"edges":788},[783,786],{"id":699,"type":700,"label":784,"file":209,"line":785},"$_POST (x6)",723,{"id":704,"type":705,"label":706,"file":209,"line":787,"wp_function":708},764,[789],{"from":699,"to":704,"sanitized":313},{"entryPoint":791,"graph":792,"unsanitizedCount":28,"severity":721},"vwvs_upload (video-share-vod.php:1127)",{"nodes":793,"edges":799},[794,797],{"id":699,"type":700,"label":795,"file":209,"line":796},"$_SERVER (x2)",1195,{"id":704,"type":705,"label":706,"file":209,"line":798,"wp_function":708},1205,[800],{"from":699,"to":704,"sanitized":313},{"entryPoint":802,"graph":803,"unsanitizedCount":28,"severity":721},"\u003Cvideo-share-vod> (video-share-vod.php:0)",{"nodes":804,"edges":882},[805,807,808,810,813,815,819,822,827,831,834,837,840,842,845,847,849,852,855,857,862,864,869,873,876,879],{"id":699,"type":700,"label":806,"file":209,"line":785},"$_POST (x21)",{"id":704,"type":705,"label":706,"file":209,"line":787,"wp_function":708},{"id":729,"type":700,"label":809,"file":209,"line":785},"$_POST (x4)",{"id":733,"type":705,"label":811,"file":209,"line":517,"wp_function":812},"update_option() [Settings Manipulation]","update_option",{"id":747,"type":700,"label":814,"file":209,"line":785},"$_POST (x3)",{"id":749,"type":705,"label":816,"file":209,"line":817,"wp_function":818},"file_get_contents() [SSRF\u002FLFI]",1554,"file_get_contents",{"id":820,"type":700,"label":821,"file":209,"line":785},"n6","$_POST",{"id":823,"type":705,"label":824,"file":209,"line":825,"wp_function":826},"n7","file_put_contents() [File Write]",1564,"file_put_contents",{"id":828,"type":700,"label":829,"file":209,"line":830},"n8","$_GET (x2)",943,{"id":832,"type":705,"label":833,"file":209,"line":426,"wp_function":400},"n9","unserialize() [Object Injection]",{"id":835,"type":700,"label":836,"file":209,"line":785},"n10","$_POST (x5)",{"id":838,"type":705,"label":839,"file":209,"line":437,"wp_function":388},"n11","exec() [RCE]",{"id":841,"type":700,"label":770,"file":209,"line":830},"n12",{"id":843,"type":705,"label":824,"file":209,"line":844,"wp_function":826},"n13",2158,{"id":846,"type":700,"label":829,"file":209,"line":830},"n14",{"id":848,"type":705,"label":816,"file":209,"line":440,"wp_function":818},"n15",{"id":850,"type":700,"label":851,"file":209,"line":830},"n16","$_GET (x8)",{"id":853,"type":705,"label":706,"file":209,"line":854,"wp_function":708},"n17",2312,{"id":856,"type":700,"label":821,"file":209,"line":785},"n18",{"id":858,"type":705,"label":859,"file":209,"line":860,"wp_function":861},"n19","fopen() [File Access]",2773,"fopen",{"id":863,"type":700,"label":821,"file":209,"line":785},"n20",{"id":865,"type":705,"label":866,"file":209,"line":867,"wp_function":868},"n21","get_results() [SQLi]",2979,"get_results",{"id":870,"type":700,"label":871,"file":209,"line":872},"n22","$_SERVER",2702,{"id":874,"type":705,"label":706,"file":209,"line":875,"wp_function":708},"n23",3583,{"id":877,"type":700,"label":770,"file":209,"line":878},"n24",3579,{"id":880,"type":705,"label":773,"file":209,"line":881,"wp_function":775},"n25",3588,[883,884,885,886,887,888,889,890,891,892,893,894,895],{"from":699,"to":704,"sanitized":313},{"from":729,"to":733,"sanitized":313},{"from":747,"to":749,"sanitized":313},{"from":820,"to":823,"sanitized":313},{"from":828,"to":832,"sanitized":313},{"from":835,"to":838,"sanitized":313},{"from":841,"to":843,"sanitized":313},{"from":846,"to":848,"sanitized":313},{"from":850,"to":853,"sanitized":313},{"from":856,"to":858,"sanitized":313},{"from":863,"to":865,"sanitized":313},{"from":870,"to":874,"sanitized":313},{"from":877,"to":880,"sanitized":313},{"entryPoint":897,"graph":898,"unsanitizedCount":47,"severity":55},"videowhisper_postvideos_process (inc\\shortcodes.php:1597)",{"nodes":899,"edges":902},[900,901],{"id":699,"type":700,"label":770,"file":605,"line":771},{"id":704,"type":705,"label":773,"file":605,"line":774,"wp_function":775},[903],{"from":699,"to":704,"sanitized":310},{"entryPoint":905,"graph":906,"unsanitizedCount":690,"severity":55},"adminLiveStreaming (video-share-vod.php:3569)",{"nodes":907,"edges":914},[908,910,912,913],{"id":699,"type":700,"label":909,"file":209,"line":878},"$_GET (x5)",{"id":704,"type":705,"label":706,"file":209,"line":911,"wp_function":708},3584,{"id":729,"type":700,"label":770,"file":209,"line":878},{"id":733,"type":705,"label":773,"file":209,"line":881,"wp_function":775},[915,916],{"from":699,"to":704,"sanitized":310},{"from":729,"to":733,"sanitized":310},{"summary":918,"deductions":919},"The video-share-vod plugin v3.1.1 presents a mixed security posture. While it demonstrates good practices with a high percentage of SQL prepared statements and properly escaped outputs, significant concerns arise from its attack surface and historical vulnerability patterns. A substantial number of AJAX handlers (9 out of 10) lack authentication checks, creating potential entry points for unauthorized actions. The taint analysis reveals two high-severity flows with unsanitized paths, which could lead to serious security issues if exploited. The plugin's history of five known CVEs, including a high-severity one, and the recent vulnerability dating to 2026, suggest a recurring pattern of exploitable weaknesses. Although there are currently no unpatched vulnerabilities, the plugin's track record and the identified code-level risks indicate a need for caution and diligent security management.",[920,922,924,926,928],{"reason":921,"points":263},"Unprotected AJAX handlers",{"reason":923,"points":14},"High severity taint flows",{"reason":925,"points":458},"Known CVEs (historically)",{"reason":927,"points":659},"Dangerous functions found (exec, unserialize)",{"reason":929,"points":27},"Limited nonce checks","2026-03-16T21:44:34.997Z",{"wat":932,"direct":945},{"assetPaths":933,"generatorPatterns":938,"scriptPaths":939,"versionParams":940},[934,935,936,937],"\u002Fwp-content\u002Fplugins\u002Fvideo-share-vod\u002Finc\u002Fcss\u002Fvideo-share-vod.css","\u002Fwp-content\u002Fplugins\u002Fvideo-share-vod\u002Finc\u002Fcss\u002Fvideo-share-vod-admin.css","\u002Fwp-content\u002Fplugins\u002Fvideo-share-vod\u002Finc\u002Fjs\u002Fvideo-share-vod-admin.js","\u002Fwp-content\u002Fplugins\u002Fvideo-share-vod\u002Finc\u002Fjs\u002Fvideo-share-vod.js",[],[937,936],[941,942,943,944],"video-share-vod\u002Finc\u002Fcss\u002Fvideo-share-vod.css?ver=","video-share-vod\u002Finc\u002Fcss\u002Fvideo-share-vod-admin.css?ver=","video-share-vod\u002Finc\u002Fjs\u002Fvideo-share-vod-admin.js?ver=","video-share-vod\u002Finc\u002Fjs\u002Fvideo-share-vod.js?ver=",{"cssClasses":946,"htmlComments":947,"htmlAttributes":948,"restEndpoints":950,"jsGlobals":951,"shortcodeOutput":953},[4],[],[949],"data-plugin=\"video-share-vod\"",[],[952],"videoShareVOD_js",[954,955,956,957,958,959,960],"[video id=\"","[vod_browse]","[vod_featured]","[vod_latest]","[vod_popular]","[vod_related]","[vod_search]"]