Does Workbox Video from Vimeo & Youtube Plugin have any unpatched vulnerabilities?

Yes — Workbox Video from Vimeo & Youtube Plugin currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Workbox Video from Vimeo & Youtube Plugin compatible with WordPress 4.9.29?

According to WordPress.org data, Workbox Video from Vimeo & Youtube Plugin 3.2.2 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Workbox Video from Vimeo & Youtube Plugin updated?

Workbox Video from Vimeo & Youtube Plugin was last updated on Mar 27, 2018. Frequent updates are generally a positive security signal.

What is Workbox Video from Vimeo & Youtube Plugin's security score?

Workbox Video from Vimeo & Youtube Plugin has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Workbox Video from Vimeo & Youtube Plugin Security & Risk Analysis

wordpress.org/plugins/workbox-video-from-vimeo-youtube-plugin

Quick and easy way to add and manage videos on your site or blog. Supports Vimeo, Wistia, YouTube.

200 active installs v3.2.2 PHP + WP 3.5+ Updated Mar 27, 2018

galleryvideovimeowistiayoutube

C · Use Caution

CVEs total1

Unpatched1

Last CVEApr 9, 2025

Plugin page Download

Safety Verdict

Is Workbox Video from Vimeo & Youtube Plugin Safe to Use in 2026?

Use With Caution

Score 63/100

Workbox Video from Vimeo & Youtube Plugin has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 9, 2025Updated 8yr ago

Risk Assessment

The 'workbox-video-from-vimeo-youtube-plugin' v3.2.2 exhibits a mixed security posture. While the plugin demonstrates good practices such as using prepared statements for all SQL queries and having a limited attack surface, significant concerns are present. The presence of an unprotected AJAX handler is a critical flaw, allowing unauthenticated users to potentially trigger actions within the plugin. The high percentage of unsanitized taint flows, particularly those with paths, suggests a risk of file path manipulation or directory traversal vulnerabilities, even though no critical or high severity taint flows were explicitly identified in this analysis. The plugin's vulnerability history, including a recent medium-severity Cross-Site Scripting (XSS) vulnerability that remains unpatched, indicates a pattern of security weaknesses that could be exploited. This unpatched vulnerability is a significant immediate risk. Overall, the plugin has strengths in its database interaction security but weaknesses in input validation and overall vulnerability management.

Key Concerns

Unprotected AJAX handler
Unsanitized taint flows with paths
Unpatched medium severity CVE
Lack of capability checks
Low output escaping coverage

Vulnerabilities

Workbox Video from Vimeo & Youtube Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-32534medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Workbox Video from Vimeo & Youtube <= 3.2.2 - Reflected Cross-Site Scripting

Apr 9, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Workbox Video from Vimeo & Youtube Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

26 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

63% escaped41 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

savePost (workbox_video.php:637)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Workbox Video from Vimeo & Youtube Plugin Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_wbsortdataworkbox_video.php:126

Shortcodes 1

[workbox_video_YV_list] workbox_video.php:144

WordPress Hooks 12

actioninitworkbox_video.php:57

actionadmin_menuworkbox_video.php:62

filterpost_row_actionsworkbox_video.php:84

actionadmin_enqueue_scriptsworkbox_video.php:118

actionadmin_footerworkbox_video.php:122

actionpre_get_postsworkbox_video.php:132

actionmanage_posts_extra_tablenavworkbox_video.php:138

actionwp_enqueue_scriptsworkbox_video.php:147

actioninitworkbox_video.php:151

actionwp_headworkbox_video.php:155

filterthe_contentworkbox_video.php:160

actionadmin_noticesworkbox_video.php:162

Maintenance & Trust

Workbox Video from Vimeo & Youtube Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedMar 27, 2018

PHP min version

Downloads28K

Community Trust

Rating74/100

Number of ratings10

Active installs200

Alternatives

Workbox Video from Vimeo & Youtube Plugin Alternatives

All-in-One Video Gallery

all-in-one-video-gallery

The ultimate video player & video gallery plugin for YouTubers, Video Bloggers, Course Creators, Podcasters, and anyone embedding videos on websites.

20K 11 CVEs

Video Gallery Block – Display your videos as a gallery in a professional way

video-gallery-block

Video Gallery Block lets you create responsive YouTube, Vimeo, and HTML5 video galleries with grid layouts, filters, and lightbox in Gutenberg.

2K 1 CVE

Video gallery and Player

html5-videogallery-plus-player

100

Easy to add and display your HTML5, YouTube, Vimeo vedio gallery with Magnific Popup to your website. Also work with Gutenberg shortcode block.

1K No CVEs

Video Gallery by Huzzaz

huzzaz-video-gallery

Create a beautiful video gallery with YouTube, Vimeo, Facebook, and Twitch videos. It looks great on mobile, tablet, or desktop screens and it support …

1K 1 unpatched

Video Gallery YouTube Vimeo

new-video-gallery

Create responsive YouTube and Vimeo video galleries with custom layouts, lightbox display, and easy shortcode embedding.

1K 1 CVE

Developer Profile

Workbox Video from Vimeo & Youtube Plugin Developer Profile

Workbox

3 plugins · 410 total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Workbox Video from Vimeo & Youtube Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/workbox-video-from-vimeo-youtube-plugin/css/style.css/wp-content/plugins/workbox-video-from-vimeo-youtube-plugin/js/admin.js/wp-content/plugins/workbox-video-from-vimeo-youtube-plugin/js/script.js/wp-content/plugins/workbox-video-from-vimeo-youtube-plugin/css/wb-video-styles.css/wp-content/plugins/workbox-video-from-vimeo-youtube-plugin/js/jquery-sortable.js

Script Paths

/wp-content/plugins/workbox-video-from-vimeo-youtube-plugin/js/admin.js/wp-content/plugins/workbox-video-from-vimeo-youtube-plugin/js/script.js/wp-content/plugins/workbox-video-from-vimeo-youtube-plugin/js/jquery-sortable.js

Version Parameters

workbox-video-from-vimeo-youtube-plugin/css/style.css?ver=workbox-video-from-vimeo-youtube-plugin/js/admin.js?ver=workbox-video-from-vimeo-youtube-plugin/js/script.js?ver=workbox-video-from-vimeo-youtube-plugin/css/wb-video-styles.css?ver=workbox-video-from-vimeo-youtube-plugin/js/jquery-sortable.js?ver=

HTML / DOM Fingerprints

CSS Classes

wb-video-pagerwb-video-pager-awb-video-containerwb-video-itemwb-video-list-titlewb-video-list-description

Data Attributes

data-wb-video-VY-page-lendata-class-wb-video-pagerdata-class-wb-video-pager-adata-class-wb-video-containerdata-class-wb-video-item

JS Globals

wb_video_VY_page_lenclass_wb_video_pagerclass_wb_video_pager_aclass_wb_video_containerclass_wb_video_itemwbsortdata

Shortcode Output

[workbox_video_YV_list

FAQ