Does WP YouTube Player have any unpatched vulnerabilities?

No. All known vulnerabilities in WP YouTube Player have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP YouTube Player compatible with WordPress 3.3.2?

According to WordPress.org data, WP YouTube Player 1.7 has been tested up to WordPress 3.3.2. Check the plugin's changelog for the latest compatibility information.

How often is WP YouTube Player updated?

WP YouTube Player was last updated on Nov 28, 2017. Frequent updates are generally a positive security signal.

What is WP YouTube Player's security score?

WP YouTube Player has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP YouTube Player Security & Risk Analysis

wordpress.org/plugins/wp-youtube-player

Insert Youtube Videos on WordPress blog.

1K active installs v1.7 PHP + WP 2.1+ Updated Nov 28, 2017

embediframeplayervideosyoutube

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP YouTube Player Safe to Use in 2026?

Generally Safe

Score 85/100

WP YouTube Player has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The wp-youtube-player v1.7 plugin exhibits a strong security posture in several key areas. The static analysis reveals a complete absence of exposed entry points like AJAX handlers, REST API routes, and shortcodes without authentication checks. Furthermore, all SQL queries are performed using prepared statements, and there are no dangerous functions identified in the code. The plugin also demonstrates good practice with a single nonce check present. However, a significant concern arises from the complete lack of output escaping across all identified output points. This means any data rendered by the plugin could potentially be injected with malicious scripts, leading to Cross-Site Scripting (XSS) vulnerabilities. The vulnerability history is clean, with no recorded CVEs, which is a positive indicator of the plugin's past security. Despite the lack of direct vulnerabilities in its history, the unescaped output represents a notable weakness that could be exploited. Overall, while the plugin has a solid foundation regarding attack surface and data handling, the lack of output sanitization is a critical oversight that requires immediate attention.

Key Concerns

Output escaping is not properly implemented

Vulnerabilities

None known

WP YouTube Player Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP YouTube Player Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped8 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

showConfigPageTube (wp-youtube-player.php:254)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP YouTube Player Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

filterthe_contentwp-youtube-player.php:549

filterwidget_textwp-youtube-player.php:550

actionwp_headwp-youtube-player.php:552

actionadmin_menuwp-youtube-player.php:553

Maintenance & Trust

WP YouTube Player Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2

Last updatedNov 28, 2017

PHP min version

Downloads104K

Community Trust

Rating100/100

Number of ratings3

Active installs1K

Alternatives

WP YouTube Player Alternatives

Player with Playlist Block for WordPress Editor

video-playlist-lite

Simply add single youtube videos, youtube playlists or create youtube playlists on your WordPress blog.

10 No CVEs

A.R.M.Y. VideoSlider Plugin – Insert Online Videos Using Shortcodes

army-video-slider

The A.R.M.Y. VideoSlider Plugin allows you to easily add a video slider to your WordPress site,

0 No CVEs

iframe

[iframe src="http://www.youtube.com/embed/7_nAZQt9qu0" width="100%" height="500"] shortcode

70K 6 CVEs

Video Gallery – YouTube Playlist, Channel Gallery by YotuWP

yotuwp-easy-youtube-embed

Modern responsive YouTube video gallery helps your website getting noticed from visitors, increase the reach and stand out from the competitors.

20K 5 CVEs

Simple YouTube Embed

simple-youtube-embed

100

Embed YouTube videos in WordPress beautifully. Embed YouTube video with a URL or shortcode and customize the player using this YouTube embed plugin.

5K No CVEs

Developer Profile

WP YouTube Player Developer Profile

Kodetop

4 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP YouTube Player

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-youtube-player/tubeplayer.swf

Version Parameters

wp-youtube-player/style.css?ver=wp-youtube-player/js/script.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-iddata-widthdata-heightdata-autoplaydata-showinfodata-theme+7 more

JS Globals

window.WP_TUBE_SETTINGS

Shortcode Output

[tube][/tube]

FAQ