VideoADShtml5 Security & Risk Analysis
wordpress.org/plugins/videoadshtml5VideoADShtml5 is a WordPress video Player where you can insert ads on your WordPress site.
Is VideoADShtml5 Safe to Use in 2026?
Generally Safe
Score 100/100VideoADShtml5 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "videoadshtml5" v2.9 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, the exclusive use of prepared statements for SQL queries, and the complete output escaping suggest adherence to secure coding practices. Furthermore, the plugin has no recorded vulnerability history, including critical or high severity CVEs, which is a positive indicator. The limited attack surface, with only one shortcode and no unprotected entry points, further contributes to its perceived security.
However, there are notable concerns. The complete lack of nonce checks and capability checks is a significant weakness. While the static analysis didn't identify any direct exploitable flows, this absence of authorization and integrity checks on potential entry points like the shortcode means that malicious actors could potentially trigger plugin functionality in unintended ways or with unauthorized data. The file operations, although not explicitly detailed, could also pose a risk if not handled securely, especially in conjunction with the missing capability checks. The lack of external HTTP requests is a positive aspect, reducing the risk of supply chain attacks or content injection through external resources.
In conclusion, while the plugin demonstrates good practices in areas like SQL and output handling, the absence of critical security mechanisms like nonce and capability checks presents a substantial risk. This oversight creates potential vulnerabilities that could be exploited if a suitable attack vector is discovered, despite the current lack of recorded history or identified taint flows. Prioritizing the implementation of these checks would significantly improve the plugin's overall security.
Key Concerns
- No nonce checks on entry points
- No capability checks on entry points
- Potential risk from file operations without checks
VideoADShtml5 Security Vulnerabilities
VideoADShtml5 Code Analysis
Output Escaping
VideoADShtml5 Attack Surface
Shortcodes 1
WordPress Hooks 8
Maintenance & Trust
VideoADShtml5 Maintenance & Trust
Maintenance Signals
Community Trust
VideoADShtml5 Alternatives
Fluid Player
fluid-player
The plugin makes it easy to embed the VAST ready Fluid Player video player.
Target Video Easy Publish
brid-video-easy-publish
Seamlessly embed your videos (YouTube, streaming, HTML5, Flash) using TargetVideo video players into your WordPress site or blog.
Mowplayer
mowplayer
Easily intract with mowplayer videos and get player inserted in your page in a few clicks.
Video Block with Ads
video-block-with-ads
Video Gutenberg Block and video player on steroids and low fat.
All-in-One Video Gallery
all-in-one-video-gallery
The ultimate video player & video gallery plugin for YouTubers, Video Bloggers, Course Creators, Podcasters, and anyone embedding videos on websites.
VideoADShtml5 Developer Profile
2 plugins · 10 total installs
How We Detect VideoADShtml5
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/videoadshtml5/js/videoadshtml5.js/wp-content/plugins/videoadshtml5/css/videoadshtml5.css/wp-content/plugins/videoadshtml5/js/videoadshtml5.jsvideoadshtml5/js/videoadshtml5.js?ver=videoadshtml5/css/videoadshtml5.css?ver=HTML / DOM Fingerprints
videoadshtml5_player<!-- VIDEO ADS HTML5 -->data-videoadshtml5-idVideoADSHtml5Player[videoads]