Videojs HTML5 Player Security & Risk Analysis
wordpress.org/plugins/videojs-html5-playerEmbed video file beautifully in WordPress using Video.js HTML5 Player. Embed HTML5 compatible responsive video in your post/page with Video.js.
Is Videojs HTML5 Player Safe to Use in 2026?
Generally Safe
Score 99/100Videojs HTML5 Player has a strong security track record. Known vulnerabilities have been patched promptly.
The videojs-html5-player plugin version 1.1.13 exhibits a generally strong security posture based on the static analysis, demonstrating good development practices. The absence of dangerous functions, SQL injection vulnerabilities, file operations, and external HTTP requests is commendable. The plugin also shows a high percentage of properly escaped outputs and implements both nonce and capability checks for its entry points. However, the presence of known historical vulnerabilities, specifically two medium severity Cross-Site Scripting (XSS) issues, raises a significant concern. Although currently unpatched CVEs are zero, the pattern of XSS vulnerabilities suggests a potential ongoing weakness in input sanitization or output encoding that could be exploited if not vigilantly addressed. The single shortcode represents the entire attack surface, which is small and protected, mitigating some risk from this vector.
Key Concerns
- Medium severity XSS vulnerabilities in history
- Recent XSS vulnerability (2024-05-23)
Videojs HTML5 Player Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
Videojs HTML5 Player <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via videojs_video Shortcode
Videojs HTML5 Player <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Videojs HTML5 Player Code Analysis
Output Escaping
Data Flow Analysis
Videojs HTML5 Player Attack Surface
Shortcodes 1
WordPress Hooks 9
Maintenance & Trust
Videojs HTML5 Player Maintenance & Trust
Maintenance Signals
Community Trust
Videojs HTML5 Player Alternatives
Flowplayer Video Player
flowplayer6-video-player
Add a video file to WordPress with Flowplayer style. Embed a self-hosted, external or HTML5 compatible responsive video into a page with flowplayer.
HLS Player
hls-player
HLS Player is a lightweight HTTP Live Streaming player for WordPress, using video.js for easy embedding HLS videos into posts and pages.
HTML5 Video Player for WordPress
wp-video-html5-video-player
Embed MP4, M4V, OGG, Youtube, WebM, FLV, HLS, M3u8 videos in your post or page using HTML5. Self-hosted or CDN hosted responsive HTML5 Video player.
Gabfire Media Module
gabfire-media-module
Gabfire Media Module extends the functionality of WordPress Featured Image to support Videos and Default Post Images.
Easy Player – HTML5 Video,YouTube,Video.js
easy-player
Interactive video player on your posts and pages with Shortcode and Gutenberg block editor.
Videojs HTML5 Player Developer Profile
25 plugins · 157K total installs
How We Detect Videojs HTML5 Player
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/videojs-html5-player/videojs-html5-player.js/wp-content/plugins/videojs-html5-player/videojs-html5-player.css/wp-content/plugins/videojs-html5-player/addons/videojs-html5-player-addons.css/wp-content/plugins/videojs-html5-player/videojs-html5-player.jsvideojs-html5-player/videojs-html5-player.js?ver=videojs-html5-player/videojs-html5-player.css?ver=videojs-html5-player/addons/videojs-html5-player-addons.css?ver=HTML / DOM Fingerprints
videojs-html5-playervjs-big-play-centered<!-- VideoJS HTML5 Player Settings --><!-- Plugin Tabs --><!-- End Plugin Tabs --><!-- General Settings -->+10 moredata-setupvideojs_html5_player_settingsVideojsHtml5Player[videojs_video][/videojs_video]