WP-Safety

IMDb API Security & Risk Analysis

wordpress.org/plugins/wp-imdb-api

The IMDb API is a RESTful web service to obtain movie information, all content and images on the site are contributed and maintained by our users.

20 active installs v1.2.0 PHP + WP 3.0.1+ Updated Unknown
imdbimdb-apimovie
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is IMDb API Safe to Use in 2026?

Generally Safe

Score 100/100

IMDb API has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "wp-imdb-api" plugin v1.2.0 exhibits a generally strong security posture based on the provided static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points significantly limits the plugin's attack surface. Furthermore, the code demonstrates good practices in database interaction, with all SQL queries utilizing prepared statements. The plugin also includes nonce and capability checks, indicating an awareness of WordPress security mechanisms.

However, a notable concern is the output escaping. With only 45% of the 128 total outputs properly escaped, there is a significant risk of Cross-Site Scripting (XSS) vulnerabilities. Attackers could potentially inject malicious scripts through user-controlled input that is not adequately sanitized before being displayed back to users. While the taint analysis shows no critical or high severity flows, this is based on a limited analysis (1 flow). The file operations and external HTTP requests, while not inherently insecure, are potential avenues that require careful oversight, especially if they interact with user-provided data.

The plugin's vulnerability history is remarkably clean, with zero recorded CVEs. This suggests a history of diligent security practices or perhaps a limited history of security scrutiny. While positive, it's important to remember that past security performance is not a guarantee of future security. The overall assessment is that the plugin has a solid foundation with good defensive coding, but the unescaped output presents a clear and present risk that needs immediate attention.

Key Concerns

  • Insufficient output escaping detected.
Vulnerabilities
None known

IMDb API Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

IMDb API Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
3 prepared
Unescaped Output
70
58 escaped
Nonce Checks
1
Capability Checks
2
File Operations
2
External Requests
3
Bundled Libraries
0

SQL Query Safety

100% prepared3 total queries

Output Escaping

45% escaped128 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<wp-imdb-api-admin> (includes\wp-imdb-api-admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

IMDb API Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 11
actionadd_meta_boxesincludes\wp-imdb-api-admin.php:139
actionsave_postincludes\wp-imdb-api-admin.php:142
actionplugins_loadedincludes\wp-imdb-api.php:56
actionadmin_enqueue_scriptsincludes\wp-imdb-api.php:65
actionadmin_enqueue_scriptsincludes\wp-imdb-api.php:66
actionadmin_menuincludes\wp-imdb-api.php:69
actionadmin_initincludes\wp-imdb-api.php:71
actionload-post.phpincludes\wp-imdb-api.php:77
actionload-post-new.phpincludes\wp-imdb-api.php:78
actionadmin_initincludes\wp-imdb-api.php:81
actionadmin_initincludes\wp-imdb-api.php:85
Maintenance & Trust

IMDb API Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedUnknown
PHP min version
Downloads6K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

IMDb API Alternatives

Lumière Movies

Lumière Movies

lumiere-movies

A
100

Lumière! Movies is a WordPress plugin that retrieves data from www.imdb.com and helps you include it in your posts and in your widgets.

40 No CVEs
FilmGetter

FilmGetter

filmgetter

A
85

FilmGetter uses tags to show information like Poster, plot, rating, release date, TMDb and imdb urls.

10 No CVEs
iCheckMovies Widget

iCheckMovies Widget

icheckmovies-widget

A
85

Looks cool to share your latest seen movies on your blog.

10 No CVEs
Movie Grabber

Movie Grabber

movie-grabber

A
85

A great plugin to you. If you want to open a movie website, you can have a movie website with a quality information pool from two different sources an &hellip;

10 No CVEs
NanTuki YiFy-Torrent Adder

NanTuki YiFy-Torrent Adder

nantuki-yify-torrent-adder

A
85

Display movie information from YTS in wordpress post, it includes all the fields that are in IMDB, including screenshots of the movie and direct torre &hellip;

10 No CVEs
Developer Profile

IMDb API Developer Profile

tuyenlaptrinh

2 plugins · 20 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect IMDb API

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-imdb-api/admin/css/style-rtl.css/wp-content/plugins/wp-imdb-api/admin/css/style.css/wp-content/plugins/wp-imdb-api/admin/js/wp-imdb-api.js
Script Paths
/wp-content/plugins/wp-imdb-api/admin/js/wp-imdb-api.js
Version Parameters
wp-imdb-api/admin/css/style-rtl.css?ver=wp-imdb-api/admin/css/style.css?ver=wp-imdb-api/admin/js/wp-imdb-api.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- Created by PhpStorm. * User: Tuyen Pham * Date: 5/31/2017 * Time: 6:56 PM -->
Data Attributes
data-custom
FAQ

Frequently Asked Questions about IMDb API