VOD Infomaniak Security & Risk Analysis
wordpress.org/plugins/vod-infomaniakEasily embed and manage videos from Infomaniak VOD in your posts, comments and RSS feeds. You need an Infomaniak VOD account to use this plugin.
Is VOD Infomaniak Safe to Use in 2026?
Generally Safe
Score 95/100VOD Infomaniak has a strong security track record. Known vulnerabilities have been patched promptly.
The "vod-infomaniak" plugin v1.5.13 exhibits a concerning security posture, primarily due to a significant number of unprotected AJAX handlers. The static analysis reveals 10 AJAX handlers with a staggering 8 lacking any form of authentication checks. This creates a large attack surface that could be exploited by unauthenticated users to trigger plugin functionality. Furthermore, the taint analysis shows 8 flows with unsanitized paths, and while no critical or high severity taint flows were detected in this specific analysis, the presence of 8 unsanitized paths is a significant indicator of potential vulnerabilities, especially when combined with the unprotected AJAX endpoints. This suggests a high risk of cross-site scripting (XSS) or other injection attacks if user-supplied data is not properly validated and sanitized before being used in dynamic contexts.
The vulnerability history further compounds these concerns. With a total of 4 known CVEs, including one high-severity and three medium-severity issues, the plugin has a history of security flaws. Common vulnerability types like Cross-Site Scripting, Missing Authorization, and Cross-Site Request Forgery point to recurring weaknesses in how the plugin handles user input and manages access control. The fact that the last vulnerability was dated September 2025 suggests that while there are no currently unpatched CVEs for this version, the plugin has had recent security issues that may indicate a pattern of development that is not prioritizing robust security practices.
In conclusion, while the plugin shows some positive signs like the absence of dangerous functions and a moderate use of prepared statements for SQL queries, the overwhelming number of unprotected AJAX endpoints and the concerning taint analysis results, coupled with a history of multiple vulnerabilities, present a significant risk. The lack of proper authorization on a majority of its entry points is a critical flaw that needs immediate attention. The output escaping is also a weak point, with only 38% properly escaped, increasing the likelihood of XSS vulnerabilities when combined with unsanitized input.
Key Concerns
- 8 unprotected AJAX handlers
- 8 unsanitized paths in taint analysis
- 1 high severity CVE in history
- 3 medium severity CVEs in history
- Only 38% properly escaped output
- 2 file operations
- Missing nonce checks on 8 AJAX handlers
VOD Infomaniak Security Vulnerabilities
CVEs by Year
Severity Breakdown
4 total CVEs
VOD Infomaniak <= 1.5.11 - Unauthenticated Stored Cross-Site Scripting
VOD Infomaniak <= 1.5.9 - Missing Authorization
VOD Infomaniak <= 1.5.7 - Cross-Site Request Forgery
VOD Infomaniak <= 1.5.6 - Reflected Cross-Site Scripting
VOD Infomaniak Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
VOD Infomaniak Attack Surface
AJAX Handlers 10
WordPress Hooks 13
Maintenance & Trust
VOD Infomaniak Maintenance & Trust
Maintenance Signals
Community Trust
VOD Infomaniak Alternatives
GoDAM – Organize WordPress Media Library & File Manager with Unlimited Folders for Images, Videos & more
godam
Manage and optimize digital assets with GoDAM – featuring transcoding, adaptive streaming, interactive video layers, and video analytics.
Video Share VOD – Turnkey Video Site Builder Script
video-share-vod
Build your own VOD platform with Video Share VOD, featuring extensive video management, monetization, and HTML5 support.
CM Video Lessons Manager – Simplify video lessons management for better education
cm-video-lesson-manager
Create and display video lessons on your site by importing Vimeo videos. Organize content and track students with this efficient LMS plugin.
Video Player
playwire
Upload, manage and embed videos with Video Player. All-in-one video content management, HTML5 video player and monetization.
Post Format Options
post-format-options
Easily disable post formats or allow certain roles access to only certain formats.
VOD Infomaniak Developer Profile
1 plugin · 20K total installs
How We Detect VOD Infomaniak
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/vod-infomaniak/css/jquery-ui.css/wp-content/plugins/vod-infomaniak/css/jquery.ui.tabs.css/wp-content/plugins/vod-infomaniak/js/editor_plugin.jsvod-infomaniak/css/jquery-ui.css?ver=vod-infomaniak/js/editor_plugin.js?ver=HTML / DOM Fingerprints
vod_infomaniak_share_link_modalvod_infomaniak_share_buttonvod_infomaniak_player_wrapper<!-- VOD Infomaniak video player --><!-- /VOD Infomaniak video player --><!-- VOD Infomaniak video -->data-vod-iddata-vod-player-iddata-vod-playlist-idvod_infomaniak_ajax_urlvod_infomaniak_nonce/wp-json/vod-infomaniak/v1/get_video/wp-json/vod-infomaniak/v1/get_playlist/wp-json/vod-infomaniak/v1/search[vod_video][vod_playlist]