Does WP Smart TV have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Smart TV have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Smart TV compatible with WordPress 6.6.5?

According to WordPress.org data, WP Smart TV 2.2.4 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is WP Smart TV compatible with PHP 7.4+?

WP Smart TV requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Smart TV updated?

WP Smart TV was last updated on Sep 15, 2025. Frequent updates are generally a positive security signal.

What is WP Smart TV's security score?

WP Smart TV has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Smart TV Security & Risk Analysis

wordpress.org/plugins/wp-smart-tv

The ultimate toolkit for video streaming services using WordPress. Turn your site into an video service similar to YouTube or Vimeo.

300 active installs v2.2.4 PHP 7.4+ WP 6.3+ Updated Sep 15, 2025

firetvhtml5-video-playeriptvrokuvideo-cms

A · Safe

CVEs total1

Unpatched0

Last CVEJan 14, 2025

Plugin page Download

Safety Verdict

Is WP Smart TV Safe to Use in 2026?

Generally Safe

Score 99/100

WP Smart TV has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 14, 2025Updated 6mo ago

Risk Assessment

The wp-smart-tv plugin v2.2.4 exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query handling (100% prepared statements) and a relatively low number of identified taint flows, several areas warrant concern. The presence of unprotected AJAX handlers significantly increases the attack surface, as these entry points could be exploited by unauthenticated users. Although no critical or high-severity taint flows were detected, the overall number of entry points is substantial, and the lack of authentication on two AJAX handlers is a notable weakness.

The vulnerability history indicates a past medium-severity Cross-Site Scripting (XSS) vulnerability, which has since been patched. While the absence of currently unpatched CVEs is positive, the prior existence of an XSS flaw suggests a need for ongoing vigilance regarding input sanitization and output escaping, especially given that 21% of outputs are not properly escaped.

In conclusion, the plugin has strengths in its SQL practices and lack of critical vulnerabilities. However, the unprotected AJAX endpoints and a portion of unescaped outputs present immediate risks that should be addressed to improve its overall security. The past XSS vulnerability also highlights the importance of continuous security review.

Key Concerns

Unprotected AJAX handlers present
Unescaped output detected
Bundled outdated jQuery v3.4.1
Past medium severity XSS vulnerability

Vulnerabilities

WP Smart TV Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-12818medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Smart TV <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 14, 2025 Patched in 2.1.9 (1d)

Code Analysis

Analyzed Mar 16, 2026

WP Smart TV Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

34 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCEDataTablesjQuery3.4.1Select2

Output Escaping

79% escaped43 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

start_json_import (includes\controls\class-wp-smart-tv-import-ajax.php:20)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

WP Smart TV Attack Surface

Entry Points5

Unprotected2

AJAX Handlers 3

authwp_ajax_rovidx_wpstv_validate_importincludes\controls\class-wp-smart-tv-import-ajax.php:11

authwp_ajax_rovidx_wpstv_import_rdpincludes\controls\class-wp-smart-tv-import-ajax.php:12

authwp_ajax_rovidx_start_json_importincludes\controls\class-wp-smart-tv-import-ajax.php:15

REST API Routes 1

GET/wp-json/tv/roku/includes\builders\class-wp-smart-tv-roku-dp.php:14

Shortcodes 1

[tv-video-player] includes\builders\class-wp-smart-tv-shortcodes.php:8

WordPress Hooks 16

actionrest_api_initincludes\builders\class-wp-smart-tv-roku-dp.php:9

actioncmb2_admin_initincludes\class-wp-smart-tv-roku-settings.php:25

filtersubmenu_fileincludes\class-wp-smart-tv-roku-settings.php:27

actionadmin_menuincludes\class-wp-smart-tv-settings.php:19

actionadmin_menuincludes\class-wp-smart-tv-settings.php:21

filtersubmenu_fileincludes\class-wp-smart-tv-settings.php:22

actionplugins_loadedincludes\class-wp-smart-tv.php:121

actionadmin_enqueue_scriptsincludes\class-wp-smart-tv.php:137

actionadmin_enqueue_scriptsincludes\class-wp-smart-tv.php:138

actioncmb2_admin_initincludes\class-wp-smart-tv.php:139

actionadmin_noticesincludes\class-wp-smart-tv.php:140

actionadmin_initincludes\class-wp-smart-tv.php:141

actionwp_enqueue_scriptsincludes\class-wp-smart-tv.php:157

actionwp_enqueue_scriptsincludes\class-wp-smart-tv.php:158

actioninitincludes\class-wp-smart-tv.php:159

actioninitpublic\class-wp-smart-tv-public.php:61

Maintenance & Trust

WP Smart TV Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedSep 15, 2025

PHP min version7.4

Downloads46K

Community Trust

Rating78/100

Number of ratings14

Active installs300

Alternatives

WP Smart TV Alternatives

HTML5 Video Player – Embed and Play Videos in Custom Player

html5-video-player

HTML5 Video Player Plugin lets you embed responsive videos in WordPress. It’s easy to use, fast, and supports MP4, WebM, OGG, FLV, Youtube and Vimeo.

20K 8 CVEs

Fluid Player

fluid-player

The plugin makes it easy to embed the VAST ready Fluid Player video player.

400 No CVEs

Platinium EPG for XMLTV and M3U

platinium-epg-xmltv

100

A powerful EPG for WordPress that builds a beautiful TV guide from any XMLTV or M3U source and makes channels playable with stream links.

50 No CVEs

Roku Direct Publisher

direct-publisher-for-roku

Curate content for Roku through the Direct Publisher program. https://developer.roku.com/publish

20 No CVEs

Blip TV Episodes Widget

blip-tv-episodes-widget

Blip TV Episodes plugin will allow you to setup a video widget, easily add videos to posts then watch them appear in the sidebar when viewing that pos …

10 No CVEs

Developer Profile

WP Smart TV Developer Profile

Rob Davenport

1 plugin · 300 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect WP Smart TV

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-smart-tv/admin/css/wp-smart-tv-admin.css/wp-content/plugins/wp-smart-tv/admin/js/wp-smart-tv-admin.js/wp-content/plugins/wp-smart-tv/admin/js/wp-smart-tv-importer.js/wp-content/plugins/wp-smart-tv/lib/assets/css/font-awesome.min.css

Script Paths

/wp-content/plugins/wp-smart-tv/admin/js/wp-smart-tv-admin.js/wp-content/plugins/wp-smart-tv/admin/js/wp-smart-tv-importer.js

Version Parameters

wp-smart-tv-admin.css?ver=wp-smart-tv-admin.js?ver=wp-smart-tv-importer.js?ver=font-awesome.min.css?ver=

HTML / DOM Fingerprints

HTML Comments

<!-- 
Start WP Smart TV
-->

Data Attributes

data-wpstv-ajax-urldata-wpstv-nonce

JS Globals

wpstvdata

FAQ