WP-Safety

Vimeo Everywhere Security & Risk Analysis

wordpress.org/plugins/vimeo-everywhere

Display your public Vimeo videos on your WordPress website via shortcode, widget, or dashboard menu. Perfect for making a custom training library

60 active installs v2.1 PHP + WP 4.0+ Updated Dec 16, 2016
learning-centervideo-trainingvideosvimeovimeo-shortcode
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Vimeo Everywhere Safe to Use in 2026?

Generally Safe

Score 85/100

Vimeo Everywhere has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The "vimeo-everywhere" plugin, version 2.1, presents a mixed security posture. On the positive side, the plugin has no known historical vulnerabilities (CVEs) and demonstrates a clean record with no unpatched issues. The static analysis reveals a limited attack surface, with only one shortcode entry point and no AJAX handlers, REST API routes, or cron events. Furthermore, all identified SQL queries utilize prepared statements, which is a strong indicator of secure database interaction. However, there are significant concerns raised by the static analysis. The presence of 14 instances of the dangerous `unserialize` function is a major red flag, as it can lead to remote code execution if used with untrusted data. The extremely low percentage of properly escaped output (5%) suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data is likely being rendered directly without adequate sanitization. The absence of nonce checks and capability checks across the plugin's codebase is also concerning, as it indicates a lack of protection against common WordPress attacks like Cross-Site Request Forgery (CSRF) and privilege escalation, especially in conjunction with the `unserialize` function.

Key Concerns

  • Use of unserialize function
  • Low output escaping percentage
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

Vimeo Everywhere Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Vimeo Everywhere Code Analysis

Dangerous Functions
14
Raw SQL Queries
0
0 prepared
Unescaped Output
114
6 escaped
Nonce Checks
0
Capability Checks
0
File Operations
14
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$pyd_vimeo_album_info = unserialize( file_get_contents( 'httincludes\pyd-admin_videos.php:30
unserialize$pyd_vimeo_album = unserialize( file_get_contents( 'httincludes\pyd-admin_videos.php:31
unserialize$pyd_vimeo_album_ids = unserialize( file_get_contents( 'http://vimeo.com/api/v2/' . $pyd_vimeo_user_includes\pyd-settings.php:125
unserialize$pyd_vimeo_album_ids = unserialize( file_get_contents( 'http://vimeo.com/api/v2/' . $pyd_vimeo_user_includes\pyd-settings.php:128
unserialize$pyd_vimeo_albums_raw = unserialize( file_get_contents( 'http://vimeo.com/api/v2/album/' . $albuincludes\pyd-shortcode.php:47
unserialize$pyd_vimeo_album_info_raw = unserialize( file_get_contents( 'http://vimeo.com/api/v2/album/' . $albuincludes\pyd-shortcode.php:48
unserialize$pyd_vimeo_video_raw = unserialize( file_get_contents( 'http://vimeo.com/api/v2/video/' . $videoid .includes\pyd-shortcode.php:137
unserialize$pyd_vimeo_channels_raw = unserialize( file_get_contents( 'http://vimeo.com/api/v2/channel/' . includes\pyd-shortcode.php:216
unserialize$pyd_vimeo_channels_info_raw = unserialize( file_get_contents( 'http://vimeo.com/api/v2/channel/' . includes\pyd-shortcode.php:217
unserialize$pyd_vimeo_album_ids = unserialize( file_get_contents( 'http://vimeo.com/api/v2/' . $pyd_vimeo_usincludes\pyd-shortcode.php:330
unserialize$pyd_vimeo_video_ids = unserialize( file_get_contents( 'http://vimeo.com/api/v2/' . $pyd_vimeo_usincludes\pyd-shortcode.php:331
unserialize$pyd_vimeo_channels_ids = unserialize( file_get_contents( 'http://vimeo.com/api/v2/' . $pyd_vimeo_usincludes\pyd-shortcode.php:332
unserialize$pyd_vimeo_album_ids = unserialize( file_get_contents( 'http://vimeo.com/api/v2/' . $pyd_vimeo_user_includes\pyd-widgets.php:28
unserialize$pyd_vimeo_albums_raw = unserialize( file_get_contents( 'http://vimeo.com/api/v2/album/' . $album . includes\pyd-widgets.php:122

Output Escaping

5% escaped120 total outputs
Attack Surface

Vimeo Everywhere Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[pydvimeovideos] includes\pyd-shortcode.php:7
WordPress Hooks 11
actionadmin_menuincludes\pyd-admin_videos.php:13
actionadmin_menuincludes\pyd-settings.php:174
filtermedia_upload_tabsincludes\pyd-shortcode.php:311
actionmedia_upload_pyd_vimeo_videos_insert_tabincludes\pyd-shortcode.php:320
actionwidgets_initincludes\pyd-widgets.php:12
actionadmin_enqueue_scriptspyd-vimeo_everywhere.php:38
actionwp_enqueue_scriptspyd-vimeo_everywhere.php:50
actionwp_footerpyd-vimeo_everywhere.php:58
actionadmin_initpyd-vimeo_everywhere.php:79
actionadmin_noticespyd-vimeo_everywhere.php:104
actionsave_postpyd-vimeo_everywhere.php:111
Maintenance & Trust

Vimeo Everywhere Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedDec 16, 2016
PHP min version
Downloads9K

Community Trust

Rating60/100
Number of ratings2
Active installs60
Alternatives

Vimeo Everywhere Alternatives

Easy Support Videos – Embed videos in the admin

Easy Support Videos – Embed videos in the admin

easy-support-videos

A
85

Easy Support Videos for embedding helpful tutorials, training videos, and screencasts in the Admin dashboard. Works with YouTube, Vimeo, Wistia, Video …

600 No CVEs
Responsive videos – Fitvids

Responsive videos – Fitvids

responsive-videos-fitvids

A
85

Make your Embedded videos responsive on mobile devices with jQuery FitVids plugin

600 No CVEs
WP Theater

WP Theater

wp-theater

A
85

Shortcodes for YouTube and Vimeo. Includes embeds, "Theater" embed, thumbed previews, playlist, channel, user uploads and groups.

200 No CVEs
WP Videos

WP Videos

video-sync-for-vimeo

A
100

WP Videos creates Video post types that you can easily add Vimeo, YouTube, WordPress, Shortcode or custom embed (third party) HTML and JS videos to.

100 No CVEs
Advanced Videos Feed for Elementor

Advanced Videos Feed for Elementor

advanced-videos-feed-for-elementor

A
100

Display beautiful video feeds from various sources using Elementor widgets.

10 No CVEs
Developer Profile

Vimeo Everywhere Developer Profile

Michael

4 plugins · 280 total installs

94
trust score
Avg Security Score
92/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Vimeo Everywhere

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/vimeo-everywhere/includes/adminstyle.css/wp-content/plugins/vimeo-everywhere/includes/style.css

HTML / DOM Fingerprints

CSS Classes
pyd_left
Data Attributes
data-albumiddata-videoiddata-channeliddata-albumtitledata-vidtitledata-iconsize+3 more
JS Globals
add_my_script
Shortcode Output
[pydvimeovideos]
FAQ

Frequently Asked Questions about Vimeo Everywhere