Does WP Videos have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Videos have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Videos compatible with WordPress 6.6.5?

According to WordPress.org data, WP Videos 3.0.9 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

How often is WP Videos updated?

WP Videos was last updated on Unknown. Frequent updates are generally a positive security signal.

What is WP Videos's security score?

WP Videos has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Videos Security & Risk Analysis

wordpress.org/plugins/video-sync-for-vimeo

WP Videos creates Video post types that you can easily add Vimeo, YouTube, WordPress, Shortcode or custom embed (third party) HTML and JS videos to.

100 active installs v3.0.9 PHP + WP 4.0+ Updated Unknown

video-playervideo-post-typevimeowp-videosyoutube

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Videos Safe to Use in 2026?

Generally Safe

Score 100/100

WP Videos has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "video-sync-for-vimeo" plugin version 3.0.9 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and has no recorded vulnerabilities or CVEs. The plugin also implements nonce and capability checks, suggesting an awareness of common WordPress security mechanisms. However, several concerns warrant attention. The presence of one AJAX handler without authentication checks represents a significant direct entry point for potential unauthorized actions. Additionally, the use of the `unserialize` function, especially if handling user-supplied data, is a known risk for deserialization vulnerabilities. The taint analysis, while showing no critical or high severity flows, did identify two flows with unsanitized paths, indicating potential weaknesses in how data is processed. The low percentage of properly escaped output (23%) is also a notable concern, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities when content is displayed.

While the plugin's history of zero vulnerabilities is encouraging, it should not be viewed as a guarantee of future security. The identified issues, particularly the unprotected AJAX handler and the use of `unserialize`, are common vectors for attacks. The lack of proper output escaping significantly broadens the potential impact of any data handling flaws. Therefore, despite the absence of known CVEs and its SQL hygiene, the plugin should be considered to have moderate risks that require remediation to improve its overall security posture. Addressing the unprotected AJAX handler, scrutinizing the use of `unserialize`, and significantly improving output escaping are critical steps for hardening this plugin.

Key Concerns

AJAX handler without authentication
Use of unserialize function
Low percentage of output escaping
Unsanitized paths in taint analysis

Vulnerabilities

None known

WP Videos Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Videos Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

136

41 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$display_term_memberships[] = unserialize($membership);includes\wpvs-rest-api-functions.php:201

Output Escaping

23% escaped177 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

wpvs_create_video_html_request (includes\rvs-ajax.php:4)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

WP Videos Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 3

authwp_ajax_wpvs_vimeosync_activate_customer_accessincludes\admin\activation-manager.php:6

authwp_ajax_wpvs_vimeosync_deactivate_customer_accessincludes\admin\activation-manager.php:7

authwp_ajax_wpvs_create_video_html_requestincludes\rvs-ajax.php:2

Shortcodes 2

[wpvs_video_list] includes\shortcodes.php:6

[wpvs_single_video] includes\shortcodes.php:7

WordPress Hooks 60

actioninitblocks\index.php:10

actioninitblocks\index.php:11

filterrender_blockblocks\index.php:12

actionadmin_initincludes\admin\activation-manager.php:10

actionadmin_initincludes\admin\admin-pages.php:9

actionadmin_menuincludes\admin\admin-pages.php:10

actionupdate_option_wpvs-video-slug-settingsincludes\admin\admin-pages.php:12

actionupdate_option_wpvs-genre-slug-settingsincludes\admin\admin-pages.php:13

actionupdate_option_wpvs-actor-slug-settingsincludes\admin\admin-pages.php:14

actionupdate_option_wpvs-director-slug-settingsincludes\admin\admin-pages.php:15

actionwpvs_run_flush_rewrite_eventincludes\admin\admin-pages.php:17

actionadmin_noticesincludes\admin\rvs-admin-functions.php:143

actionadmin_noticesincludes\admin\rvs-admin-functions.php:152

actionadmin_initincludes\admin\rvs-admin-functions.php:162

actionadmin_noticesincludes\admin\rvs-admin-functions.php:172

actionadmin_noticesincludes\admin\rvs-admin-functions.php:187

actionadmin_initincludes\admin\rvs-admin-functions.php:197

actionrvs_actors_add_form_fieldsincludes\admin\wp-videos-term-meta.php:14

actionrvs_directors_add_form_fieldsincludes\admin\wp-videos-term-meta.php:15

actionrvs_actors_edit_form_fieldsincludes\admin\wp-videos-term-meta.php:36

actionrvs_directors_edit_form_fieldsincludes\admin\wp-videos-term-meta.php:37

actionedited_rvs_actorsincludes\admin\wp-videos-term-meta.php:47

actioncreate_rvs_actorsincludes\admin\wp-videos-term-meta.php:48

actionedited_rvs_directorsincludes\admin\wp-videos-term-meta.php:49

actioncreate_rvs_directorsincludes\admin\wp-videos-term-meta.php:50

actionwidgets_initincludes\custom-widgets.php:214

actionadd_meta_boxesincludes\rvs-post-options.php:2

actionsave_postincludes\rvs-post-options.php:302

filtermanage_rvs_video_posts_columnsincludes\rvs-post-options.php:424

actionmanage_rvs_video_posts_custom_columnincludes\rvs-post-options.php:436

actionquick_edit_custom_boxincludes\rvs-post-options.php:440

actionsave_postincludes\rvs-post-options.php:463

actionadmin_enqueue_scriptsincludes\rvs-post-options.php:497

actionadmin_enqueue_scriptsincludes\rvs-post-options.php:512

actionwp_enqueue_scriptsincludes\wpvs-functions.php:12

actionwp_enqueue_scriptsincludes\wpvs-functions.php:13

actionpre_get_postsincludes\wpvs-functions.php:14

filtersingle_templateincludes\wpvs-functions.php:16

filterthe_contentincludes\wpvs-functions.php:57

actioninitincludes\wpvs-post-types.php:5

actioninitincludes\wpvs-post-types.php:6

actioninitincludes\wpvs-post-types.php:7

actioninitincludes\wpvs-post-types.php:8

actioninitincludes\wpvs-post-types.php:9

filterpost_linkincludes\wpvs-post-types.php:10

filterpost_type_linkincludes\wpvs-post-types.php:11

actionrest_api_initincludes\wpvs-rest-api-functions.php:215

actionwp_enqueue_scriptsincludes\wpvs-scripts.php:3

actionwp_footerincludes\wpvs-scripts.php:193

actionadmin_footerincludes\wpvs-scripts.php:194

actionwp_headincludes\wpvs-scripts.php:197

actionadmin_headincludes\wpvs-scripts.php:198

actionwp_headincludes\wpvs-scripts.php:217

actionadmin_headincludes\wpvs-scripts.php:218

actionadmin_enqueue_scriptsincludes\wpvs-scripts.php:245

actionadmin_enqueue_scriptsincludes\wpvs-scripts.php:246

actionwp_loadedvimeo-sync.php:94

actioninitvimeo-sync.php:106

actionadmin_noticesvimeo-sync.php:140

actionadmin_initvimeo-sync.php:149

Scheduled Events 1

wpvs_run_flush_rewrite_event

Maintenance & Trust

WP Videos Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedUnknown

PHP min version

Downloads26K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

WP Videos Alternatives

All-in-One Video Gallery

all-in-one-video-gallery

The ultimate video player & video gallery plugin for YouTubers, Video Bloggers, Course Creators, Podcasters, and anyone embedding videos on websites.

20K 11 CVEs

Video Gallery YouTube Vimeo

new-video-gallery

Create responsive YouTube and Vimeo video galleries with custom layouts, lightbox display, and easy shortcode embedding.

1K 1 CVE

VideoIgniter – Video Player

videoigniter

100

VideoIgniter lets you create video playlists and embed them in your WordPress posts, pages or custom post types and serve your video content in style!

100 No CVEs

Frames Video Player

frames-video-gallery

100

Donate link: http://plugin.builders/frames/?d=donate Requires at least: 3.5 Tested up to: 4.7.2 Stable tag: 0.2.9.1 License: GPLv2 or later License UR …

20 No CVEs

Lean Video and Audio Player

lean-video-and-audio-player

100

Simple shortcode-based video and audio player supporting HTML5, YouTube, Vimeo and MP3 files with clean, modern interface.

0 No CVEs

Developer Profile

WP Videos Developer Profile

RogueWebDesign

2 plugins · 180 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Videos

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/video-sync-for-vimeo/includes/wpvs-scripts.php/wp-content/plugins/video-sync-for-vimeo/includes/wpvs-slug-settings.php/wp-content/plugins/video-sync-for-vimeo/includes/admin/admin-pages.php/wp-content/plugins/video-sync-for-vimeo/includes/wpvs-post-types.php/wp-content/plugins/video-sync-for-vimeo/includes/rvs-post-options.php/wp-content/plugins/video-sync-for-vimeo/includes/wpvs-video-class.php/wp-content/plugins/video-sync-for-vimeo/includes/wpvs-rest-api-functions.php/wp-content/plugins/video-sync-for-vimeo/includes/wpvs-functions.php+7 more

HTML / DOM Fingerprints

CSS Classes

wpvs_videos_update_nag

HTML Comments

<!-- IMPORTANT: Version <strong>5.0.0</strong> of the <strong>VS Netflix Theme</strong> no longer requires the WP Videos plugin. -->

<!-- Please <a href="

"><strong>deactivate</strong></a> the <strong>WP Videos</strong> plugin if you are using version 5.0.0 or higher of the VS Netflix Theme. -->

Data Attributes

wpvs-video-slug-settingswpvs-genre-slug-settingswpvs-actor-slug-settingswpvs-director-slug-settingsvimeo-sync-accesswpvs-access-check-t

JS Globals

WPVS_VIDEOS_PLUGIN_URLWPVS_VIDEOS_PLUGIN_DIRwpvs_plugin_text_domainwpvs_custom_playerwpvs_vimeo_api_keywpvs_videos_plugin_version+3 more

REST Endpoints

/wp-json/wpvs/v1/videos

FAQ