Does WP YouTube Live have any unpatched vulnerabilities?

No. All known vulnerabilities in WP YouTube Live have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP YouTube Live compatible with WordPress 6.3.8?

According to WordPress.org data, WP YouTube Live 1.10.1 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

How often is WP YouTube Live updated?

WP YouTube Live was last updated on Dec 29, 2025. Frequent updates are generally a positive security signal.

What is WP YouTube Live's security score?

WP YouTube Live has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP YouTube Live Security & Risk Analysis

wordpress.org/plugins/wp-youtube-live

Displays the current YouTube live video from a specified channel.

1K active installs v1.10.1 PHP + WP 3.6+ Updated Dec 29, 2025

embedlivevideoyoutube

A · Safe

CVEs total3

Unpatched0

Last CVEJun 27, 2025

Plugin page Download

Safety Verdict

Is WP YouTube Live Safe to Use in 2026?

Generally Safe

Score 97/100

WP YouTube Live has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jun 27, 2025Updated 3mo ago

Risk Assessment

The wp-youtube-live plugin v1.10.1 exhibits a mixed security posture. On the positive side, the code demonstrates good practices with 100% of its SQL queries using prepared statements and a high percentage (95%) of outputs being properly escaped. The absence of file operations and dangerous functions is also reassuring. However, the presence of one unprotected AJAX handler is a significant concern, as it represents a direct entry point for unauthenticated attackers. While taint analysis shows no identified vulnerabilities, this is likely due to the limited scope of the analysis, as the plugin has a history of known vulnerabilities.

The vulnerability history reveals a past pattern of medium-severity issues, specifically Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS). The fact that there are no currently unpatched vulnerabilities is a positive sign, suggesting that developers are addressing past issues. However, the historical prevalence of these common web vulnerabilities, combined with the unprotected AJAX endpoint, indicates a potential for exploitation if new, undiscovered vulnerabilities exist or if the existing protection mechanisms are not robust. Overall, the plugin has some strengths in code hygiene but requires vigilance due to its attack surface and past vulnerability trends.

Key Concerns

Unprotected AJAX handler
Past medium severity vulnerabilities (3 total)
Large number of outputs, slight unescaped output risk

Vulnerabilities

WP YouTube Live Security Vulnerabilities

CVEs by Year

2 CVEs in 2022

2022

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-53261medium · 4.3Cross-Site Request Forgery (CSRF)

WP YouTube Live <= 1.10.0 - Cross-Site Request Forgery

Jun 27, 2025 Patched in 1.10.1 (194d)

CVE-2022-1334medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP YouTube Live <= 1.8.2 - Admin+ Stored Cross-Site Scripting

Apr 25, 2022 Patched in 1.8.3 (638d)

CVE-2022-1187medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP YouTube Live <= 1.7.21 - Reflected Cross-Site Scripting

Mar 31, 2022 Patched in 1.7.22 (663d)

Code Analysis

Analyzed Mar 16, 2026

WP YouTube Live Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

92 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

95% escaped97 total outputs

Attack Surface

1 unprotected

WP YouTube Live Attack Surface

Entry Points6

Unprotected1

AJAX Handlers 5

authwp_ajax_updatewpYTUpcomingCacheinc\admin.php:383

authwp_ajax_wp_youtube_live_dismiss_notice_1714inc\admin.php:455

authwp_ajax_load_youtube_livewp-youtube-live.php:82

noprivwp_ajax_load_youtube_livewp-youtube-live.php:83

authwp_ajax_youtube_live_flush_cachewp-youtube-live.php:281

Shortcodes 1

[youtube_live] wp-youtube-live.php:77

WordPress Hooks 10

actionadmin_enqueue_scriptsinc\admin.php:15

actionadmin_menuinc\admin.php:20

actionadmin_initinc\admin.php:21

actionadmin_noticesinc\admin.php:454

actionwp_enqueue_scriptswp-youtube-live.php:30

filteroembed_resultwp-youtube-live.php:161

filterembed_defaultswp-youtube-live.php:162

filteroembed_resultwp-youtube-live.php:180

filteroembed_resultwp-youtube-live.php:183

actionplugins_loadedwp-youtube-live.php:318

Maintenance & Trust

WP YouTube Live Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedDec 29, 2025

PHP min version

Downloads67K

Community Trust

Rating80/100

Number of ratings10

Active installs1K

Alternatives

WP YouTube Live Alternatives

VidLive

vidlive

Easily add your VidLive widgets in WordPress. VidLive is the easiest way to automatically stream “Currently Live" Facebook or YouTube video from …

90 No CVEs

SDAweb Channels for YouTube

sdaweb-channels-for-youtube

100

Display YouTube channels with grids, tabs, sliders, live stream badges, and lightbox playback.

40 No CVEs

Livestream Embedder

livestream-embedder

Embeds a YouTube live stream or the most recent video from a channel using a simple shortcode.

30 No CVEs

All-in-One Video Gallery

all-in-one-video-gallery

The ultimate video player & video gallery plugin for YouTubers, Video Bloggers, Course Creators, Podcasters, and anyone embedding videos on websites.

20K 11 CVEs

Video Gallery – YouTube Playlist, Channel Gallery by YotuWP

yotuwp-easy-youtube-embed

Modern responsive YouTube video gallery helps your website getting noticed from visitors, increase the reach and stand out from the competitors.

20K 5 CVEs

Developer Profile

WP YouTube Live Developer Profile

macbookandrew

11 plugins · 8K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

498 days

View full developer profile

Detection Fingerprints

How We Detect WP YouTube Live

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-youtube-live/js/wp-youtube-live.min.js/wp-content/plugins/wp-youtube-live/css/wp-youtube-live.css

Version Parameters

wp-youtube-live/js/wp-youtube-live.min.js?ver=wp-youtube-live/css/wp-youtube-live.css?ver=

HTML / DOM Fingerprints

CSS Classes

wp-youtube-livewp-youtube-live-terms

Data Attributes

data-channeliddata-apikeydata-widthdata-heightdata-autoplaydata-show_related+7 more

JS Globals

wpYouTubeLiveSettingsYT

REST Endpoints

/wp-json/wp-youtube-live

Shortcode Output

<div class="wp-youtube-live

See <a target="_blank" href="https://www.youtube.com/t/terms">YouTube Terms of Service</a> and <a target="blank" href="https://policies.google.com/privacy">Google Privacy Policy</a>.

FAQ