Does Vimeo have any unpatched vulnerabilities?

No. All known vulnerabilities in Vimeo have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Vimeo compatible with WordPress 6.3.8?

According to WordPress.org data, Vimeo 1.2.2 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is Vimeo compatible with PHP 5.6+?

Vimeo requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Vimeo updated?

Vimeo was last updated on Oct 30, 2023. Frequent updates are generally a positive security signal.

What is Vimeo's security score?

Vimeo has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Vimeo Security & Risk Analysis

wordpress.org/plugins/vimeo

Bring the power of video to your WordPress site and WooCommerce product pages by easily creating, uploading, and embedding videos to boost engagement …

5K active installs v1.2.2 PHP 5.6+ WP 5.4+ Updated Oct 30, 2023

blocksuploadvideovideo-libraryvimeo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Vimeo Safe to Use in 2026?

Generally Safe

Score 85/100

Vimeo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "vimeo" plugin v1.2.2 demonstrates a strong security posture based on the provided static analysis. It exhibits excellent practices by having no dangerous functions, using prepared statements exclusively for SQL queries, and ensuring all output is properly escaped. The plugin also appears to implement nonce checks and makes only two external HTTP requests, which is generally acceptable. The absence of any recorded vulnerabilities or CVEs in its history further reinforces this positive assessment, indicating a mature and well-maintained codebase.

Despite the strong showing, there is a single shortcode present, which, while currently unprotected, represents a potential entry point. The analysis found no critical or high-severity taint flows, and no unsanitized paths, which is a significant strength. However, the complete lack of capability checks on any entry points, including the shortcode, is a notable concern. While the current attack surface is minimal, future development or changes to the shortcode's functionality could introduce risks if capability checks are not implemented.

In conclusion, the "vimeo" plugin v1.2.2 is in good security standing with robust code hygiene and a clean vulnerability history. The primary area for improvement lies in implementing capability checks for its shortcode to fully secure its entry points and mitigate potential future risks. The absence of vulnerabilities to date is a strong indicator of developer diligence, but proactive security measures for all entry points remain crucial.

Key Concerns

Shortcode present without capability checks

Vulnerabilities

None known

Vimeo Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Vimeo Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

58 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped58 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<_profile> (Views\_profile.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Vimeo Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[vimeo_embed] src\Core.php:42

WordPress Hooks 19

actionplugins_loadedCore.php:28

actionenqueue_block_editor_assetssrc\Assets\Assets.php:19

actionadmin_enqueue_scriptssrc\Assets\Assets.php:20

actionwp_enqueue_scriptssrc\Assets\Assets.php:21

actionwp_enqueue_mediasrc\Assets\Assets.php:22

actionadmin_menusrc\Core.php:30

filterplugin_action_linkssrc\Core.php:31

actionadmin_initsrc\Core.php:33

actionadmin_initsrc\Core.php:34

actioninitsrc\Core.php:36

actioninitsrc\Core.php:38

actionmedia_buttonssrc\Core.php:41

actionadmin_initsrc\Core.php:46

actionwpsrc\Core.php:47

actionadd_meta_boxes_productsrc\WooCommerce\Vimeo_WC.php:15

actionsave_post_productsrc\WooCommerce\Vimeo_WC.php:16

actionvimeo_create_paramssrc\WooCommerce\Vimeo_WC.php:17

actionwoocommerce_product_thumbnailssrc\WooCommerce\Vimeo_WC_Gallery.php:28

filterwoocommerce_product_tabssrc\WooCommerce\Vimeo_WC_Video_Tab.php:13

Maintenance & Trust

Vimeo Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedOct 30, 2023

PHP min version5.6

Downloads47K

Community Trust

Rating90/100

Number of ratings6

Active installs5K

Alternatives

Vimeo Alternatives

Video Uploads for Vimeo

wp-vimeo-videos

Embed and upload videos to Vimeo directly from your WordPress site

100 No CVEs

N360Blocks

n360blocks

100

A modern Gutenberg block plugin for embedding YouTube and Vimeo videos with custom player controls.

0 No CVEs

Vimeify – Vimeo Integration: Upload, Embed, Gallery & Player

vimeify

100

Easily upload and embed Vimeo videos directly from your WordPress dashboard.

0 No CVEs

The Ultimate Video Player For WordPress – by Presto Player

presto-player

The Ultimate WordPress Video Player.

100K 2 CVEs

All-in-One Video Gallery

all-in-one-video-gallery

The ultimate video player & video gallery plugin for YouTubers, Video Bloggers, Course Creators, Podcasters, and anyone embedding videos on websites.

20K 11 CVEs

Developer Profile

Vimeo Developer Profile

vimeodev

1 plugin · 5K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Vimeo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/vimeo/build/editor.js/wp-content/plugins/vimeo/build/editor.css/wp-content/plugins/vimeo/build/index.js/wp-content/plugins/vimeo/build/style-index.css/wp-content/plugins/vimeo/build/media.js/wp-content/plugins/vimeo/build/settings.js

Script Paths

https://f.vimeocdn.com/vimeo-widgets/create/0.3/widget.jshttps://player.vimeo.com/api/player.js

Version Parameters

vimeo-for-wordpress1.2.2

HTML / DOM Fingerprints

Data Attributes

data-vimeo-iddata-vimeo-video-id

JS Globals

window.vimeoScript

Shortcode Output

[vimeo_embed]

FAQ