Does Video Uploads for Vimeo have any unpatched vulnerabilities?

No. All known vulnerabilities in Video Uploads for Vimeo have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Video Uploads for Vimeo compatible with WordPress 6.4.8?

According to WordPress.org data, Video Uploads for Vimeo 1.9.4 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is Video Uploads for Vimeo compatible with PHP 5.5.0+?

Video Uploads for Vimeo requires PHP 5.5.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Video Uploads for Vimeo updated?

Video Uploads for Vimeo was last updated on Nov 12, 2023. Frequent updates are generally a positive security signal.

What is Video Uploads for Vimeo's security score?

Video Uploads for Vimeo has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Video Uploads for Vimeo Security & Risk Analysis

wordpress.org/plugins/wp-vimeo-videos

Embed and upload videos to Vimeo directly from your WordPress site

100 active installs v1.9.4 PHP 5.5.0+ WP 4.2+ Updated Nov 12, 2023

embed-videouploadupload-vimeovideovimeo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Video Uploads for Vimeo Safe to Use in 2026?

Generally Safe

Score 85/100

Video Uploads for Vimeo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The wp-vimeo-videos plugin version 1.9.4 exhibits a mixed security posture. While it demonstrates good practices like a high percentage of prepared SQL statements and properly escaped output, there are significant concerns regarding its attack surface. A notable five out of seven entry points lack authentication checks, specifically all five AJAX handlers. This presents a considerable risk, as any user, even unauthenticated ones, could potentially trigger these handlers, leading to unintended actions or information disclosure.

The taint analysis reveals one flow with an unsanitized path. Although no critical or high severity taint issues were found, the presence of an unsanitized path, even if not immediately exploitable or leading to a low-severity issue in this analysis, warrants careful attention. The plugin's history is clean, with no recorded CVEs. This is a positive indicator of past security diligence, but it does not negate the risks identified in the current static analysis. The plugin utilizes bundled libraries such as Guzzle, TinyMCE, and Select2, which, if outdated, could introduce their own vulnerabilities. However, the provided data does not specify their versions.

In conclusion, the plugin's lack of authentication checks on its AJAX endpoints is the most critical security weakness identified. The presence of an unsanitized path, while not critical in this analysis, adds to the overall risk. The absence of known vulnerabilities is reassuring but should not lead to complacency. Addressing the unprotected AJAX handlers and investigating the unsanitized path are paramount to improving the plugin's security.

Key Concerns

AJAX handlers without auth checks
Flows with unsanitized paths

Vulnerabilities

None known

Video Uploads for Vimeo Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Video Uploads for Vimeo Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

91 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

GuzzleTinyMCESelect2

SQL Query Safety

83% prepared6 total queries

Output Escaping

75% escaped121 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths

<api> (admin\partials\api.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Video Uploads for Vimeo Attack Surface

Entry Points7

Unprotected5

AJAX Handlers 5

authwp_ajax_dgv_handle_uploadincludes\class-wp-dgv.php:308

authwp_ajax_dgv_handle_settingsincludes\class-wp-dgv.php:309

authwp_ajax_dgv_store_uploadincludes\class-wp-dgv.php:310

authwp_ajax_dgv_user_searchincludes\class-wp-dgv.php:311

authwp_ajax_dgv_get_uploadsincludes\class-wp-dgv.php:312

Shortcodes 2

[vimeo_video] includes\class-wp-dgv.php:351

[dgv_vimeo_video] includes\class-wp-dgv.php:352

WordPress Hooks 26

filtercron_schedulesincludes\class-wp-dgv-cron.php:40

actioninitincludes\class-wp-dgv-cron.php:41

actionadmin_initincludes\class-wp-dgv-notices-helper.php:74

actionadmin_noticesincludes\class-wp-dgv-notices-helper.php:75

actionadmin_footerincludes\class-wp-dgv-notices-helper.php:76

actionplugins_loadedincludes\class-wp-dgv.php:268

actioninitincludes\class-wp-dgv.php:290

actionadmin_enqueue_scriptsincludes\class-wp-dgv.php:293

actionadmin_enqueue_scriptsincludes\class-wp-dgv.php:294

actionadmin_menuincludes\class-wp-dgv.php:296

actionin_admin_headerincludes\class-wp-dgv.php:297

filterplugin_row_metaincludes\class-wp-dgv.php:299

actioninitincludes\class-wp-dgv.php:302

actiondgv_backend_after_uploadincludes\class-wp-dgv.php:315

actionwp_enqueue_scriptsincludes\class-wp-dgv.php:326

actionadmin_enqueue_scriptsincludes\class-wp-dgv.php:327

actionwp_enqueue_scriptsincludes\class-wp-dgv.php:328

actionadmin_enqueue_scriptsincludes\class-wp-dgv.php:329

actionbefore_wp_tiny_mceincludes\class-wp-dgv.php:330

actionafter_setup_themeincludes\class-wp-dgv.php:331

filtermce_buttonsincludes\class-wp-dgv.php:332

filtermce_external_pluginsincludes\class-wp-dgv.php:333

actionwp_enqueue_scriptsincludes\class-wp-dgv.php:347

actionwp_enqueue_scriptsincludes\class-wp-dgv.php:348

filterthe_contentincludes\class-wp-dgv.php:349

actionadmin_noticeswp-vimeo-videos.php:38

Maintenance & Trust

Video Uploads for Vimeo Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedNov 12, 2023

PHP min version5.5.0

Downloads11K

Community Trust

Rating100/100

Number of ratings6

Active installs100

Alternatives

Video Uploads for Vimeo Alternatives

Vimeo

vimeo

Bring the power of video to your WordPress site and WooCommerce product pages by easily creating, uploading, and embedding videos to boost engagement …

5K No CVEs

Activity Plus Reloaded for BuddyPress

bp-activity-plus-reloaded

Note: This plugin will be discontinued by March 31st, 2025 in favor of BuddyPress Attachment plugin. Please migrate to the new plugin before that date …

1K 2 unpatched

Vimeify – Vimeo Integration: Upload, Embed, Gallery & Player

vimeify

100

Easily upload and embed Vimeo videos directly from your WordPress dashboard.

0 No CVEs

The Ultimate Video Player For WordPress – by Presto Player

presto-player

The Ultimate WordPress Video Player.

100K 2 CVEs

All-in-One Video Gallery

all-in-one-video-gallery

The ultimate video player & video gallery plugin for YouTubers, Video Bloggers, Course Creators, Podcasters, and anyone embedding videos on websites.

20K 11 CVEs

Developer Profile

Video Uploads for Vimeo Developer Profile

Darko G.

4 plugins · 10K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Video Uploads for Vimeo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-vimeo-videos/admin/js/wp-dgv-admin.js/wp-content/plugins/wp-vimeo-videos/admin/js/wp-dgv-api-helper.js/wp-content/plugins/wp-vimeo-videos/admin/js/wp-dgv-db-helper.js/wp-content/plugins/wp-vimeo-videos/admin/js/wp-dgv-settings-helper.js/wp-content/plugins/wp-vimeo-videos/admin/js/wp-dgv-activator.js/wp-content/plugins/wp-vimeo-videos/admin/js/wp-dgv-deactivator.js/wp-content/plugins/wp-vimeo-videos/admin/js/class-wp-dgv.js/wp-content/plugins/wp-vimeo-videos/admin/js/wp-dgv-uploader.js+6 more

Script Paths

wp-content/plugins/wp-vimeo-videos/admin/js/wp-dgv-admin.jswp-content/plugins/wp-vimeo-videos/admin/js/wp-dgv-api-helper.jswp-content/plugins/wp-vimeo-videos/admin/js/wp-dgv-db-helper.jswp-content/plugins/wp-vimeo-videos/admin/js/wp-dgv-settings-helper.jswp-content/plugins/wp-vimeo-videos/admin/js/wp-dgv-activator.jswp-content/plugins/wp-vimeo-videos/admin/js/wp-dgv-deactivator.js+6 more

Version Parameters

wp-vimeo-videos/admin/js/wp-dgv-admin.js?ver=wp-vimeo-videos/admin/js/wp-dgv-api-helper.js?ver=wp-vimeo-videos/admin/js/wp-dgv-db-helper.js?ver=wp-vimeo-videos/admin/js/wp-dgv-settings-helper.js?ver=wp-vimeo-videos/admin/js/wp-dgv-activator.js?ver=wp-vimeo-videos/admin/js/wp-dgv-deactivator.js?ver=wp-vimeo-videos/admin/js/class-wp-dgv.js?ver=wp-vimeo-videos/admin/js/wp-dgv-uploader.js?ver=wp-vimeo-videos/admin/js/wp-dgv-upload-modal.js?ver=wp-vimeo-videos/admin/js/wp-dgv-tus.js?ver=wp-vimeo-videos/admin/js/wp-dgv-swal.js?ver=wp-vimeo-videos/admin/js/wp-vimeo-upload-block.js?ver=wp-vimeo-videos/admin/css/wp-dgv-admin.css?ver=wp-vimeo-videos/admin/css/wp-dgv-upload-modal.css?ver=

HTML / DOM Fingerprints

CSS Classes

dgv-librarydgv-settingsdgv-upload-modal

HTML Comments

Copyright (C) 2020 Darko Gjorgjijoski (https://codeverve.com)This file is part of Video Uploads for VimeoVideo Uploads for Vimeo is free software: you can redistribute and/or modifyVideo Uploads for Vimeo is distributed in the hope that it will be useful,+18 more

Data Attributes

data-noncedata-access_tokendata-enable_vimeo_searchdata-default_privacydata-ajax_url

JS Globals

DGVGTB

REST Endpoints

/wp-json/wp-vimeo-videos/v1/upload

FAQ