VidLog Security & Risk Analysis

wordpress.org/plugins/vidlog

Track self-hosted video plays and page views inside WordPress with instant logging, watched time tracking, CSV exports, and clean monthly logs.

0 active installs v2.1.0 PHP 7.0+ WP 5.0+ Updated Apr 9, 2026
analyticsexportlogspage-viewsvideo-stats
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is VidLog Safe to Use in 2026?

Generally Safe

Score 100/100

VidLog has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "vidlog" v1.0 plugin exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of dangerous functions, the exclusive use of prepared statements for SQL queries, and 100% proper output escaping are significant strengths. Furthermore, all identified entry points (AJAX handlers) include capability checks, and nonce checks are present on a majority of them, demonstrating good security practices in handling user-initiated actions. The plugin also shows no history of known vulnerabilities, which is a positive indicator of its current security maturity.

While the static analysis reveals no critical or high-severity taint flows and no unpatched CVEs, there are minor areas for improvement. The presence of file operations and external HTTP requests, though not inherently insecure in this context, warrants careful review in more detailed audits. The fact that not all AJAX handlers have nonce checks, while there are capability checks, could potentially leave a small window for certain types of attacks if not thoroughly validated within the AJAX handler's logic. However, given the current data, the overall risk associated with "vidlog" v1.0 is low, with a strong foundation of secure coding practices evident.

Key Concerns

  • Missing nonce check on some AJAX handlers
Vulnerabilities
None known

VidLog Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

VidLog Release Timeline

v2.1.0Current
v2.0
v1.0
Code Analysis
Analyzed Mar 17, 2026

VidLog Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
61 escaped
Nonce Checks
6
Capability Checks
4
File Operations
8
External Requests
1
Bundled Libraries
0

Output Escaping

100% escaped61 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

3 flows
vidlog_handle_log_play (vidlog.php:171)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

VidLog Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 5

noprivwp_ajax_vidlog_log_playvidlog.php:29
authwp_ajax_vidlog_log_playvidlog.php:30
authwp_ajax_vidlog_delete_log_rowvidlog.php:31
authwp_ajax_vidlog_delete_selected_log_rowsvidlog.php:32
authwp_ajax_vidlog_delete_all_log_rowsvidlog.php:33
WordPress Hooks 4
actionwp_enqueue_scriptsvidlog.php:27
actionadmin_enqueue_scriptsvidlog.php:28
actionadmin_menuvidlog.php:34
actionadmin_enqueue_scriptsvidlog.php:35
Maintenance & Trust

VidLog Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 9, 2026
PHP min version7.0
Downloads342

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

VidLog Developer Profile

Lise Rasmussen

2 plugins · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect VidLog

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/vidlog/assets/js/vidlog.js/wp-content/plugins/vidlog/assets/css/vidlog.css/wp-content/plugins/vidlog/assets/js/vidlog-admin.js/wp-content/plugins/vidlog/assets/css/upgradepage.css
Script Paths
/wp-content/plugins/vidlog/assets/js/vidlog.js/wp-content/plugins/vidlog/assets/js/vidlog-admin.js
Version Parameters
vidlog/assets/js/vidlog.js?ver=vidlog/assets/css/vidlog.css?ver=vidlog/assets/js/vidlog-admin.js?ver=vidlog/assets/css/upgradepage.css?ver=

HTML / DOM Fingerprints

JS Globals
VidlogData
FAQ

Frequently Asked Questions about VidLog