WP-Safety

Wubtitle Security & Risk Analysis

wordpress.org/plugins/wubtitle

Wubtitle is a plugin that generates subtitles and transcript of uploaded videos in media library, Youtube and Vimeo videos.

40 active installs v1.2.4 PHP 7.4+ WP 5.3+ Updated Oct 17, 2022
seosubtitlesubtitlestranscriptionvideo
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Wubtitle Safe to Use in 2026?

Generally Safe

Score 85/100

Wubtitle has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The 'wubtitle' plugin version 1.2.4 demonstrates a generally positive security posture with several good practices in place. The complete absence of known CVEs and a consistent use of prepared statements for all SQL queries are strong indicators of responsible development. Furthermore, the plugin exhibits a high rate of output escaping, which is crucial for preventing cross-site scripting vulnerabilities. However, there are notable areas of concern. The presence of two unprotected entry points, specifically an AJAX handler and a REST API route lacking proper authorization checks, presents a direct attack vector. While taint analysis did not reveal critical or high severity issues, the two flows with unsanitized paths are a cause for concern and warrant further investigation. The plugin's vulnerability history is clean, suggesting recent development efforts have been security-conscious. Overall, 'wubtitle' benefits from a lack of historical vulnerabilities and robust SQL and output handling. Nevertheless, the unprotected AJAX and REST API endpoints are significant weaknesses that expose the plugin to potential unauthorized actions and require immediate attention.

Key Concerns

  • AJAX handler without auth checks
  • REST API route without permission callbacks
  • Flows with unsanitized paths
Vulnerabilities
None known

Wubtitle Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Wubtitle Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
18
208 escaped
Nonce Checks
19
Capability Checks
16
File Operations
0
External Requests
24
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

92% escaped226 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
change_plan_template (includes\Dashboard\PaymentTemplate.php:50)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Wubtitle Attack Surface

Entry Points27
Unprotected2

AJAX Handlers 20

authwp_ajax_cancel_subscriptionincludes\Api\ApiCancelSubscription.php:24
authwp_ajax_get_transcript_embedincludes\Api\ApiGetTranscript.php:26
authwp_ajax_get_transcript_internal_videoincludes\Api\ApiGetTranscript.php:27
authwp_ajax_get_video_infoincludes\Api\ApiGetTranscript.php:28
authwp_ajax_reactivate_planincludes\Api\ApiPricingPlan.php:24
authwp_ajax_change_planincludes\Api\ApiPricingPlan.php:25
authwp_ajax_create_subscriptionincludes\Api\ApiPricingPlan.php:26
authwp_ajax_confirm_subscriptionincludes\Api\ApiPricingPlan.php:27
authwp_ajax_check_plan_changeincludes\Api\ApiPricingPlan.php:28
authwp_ajax_submitVideoincludes\Api\ApiRequest.php:22
noprivwp_ajax_submitVideoincludes\Api\ApiRequest.php:23
authwp_ajax_cancel_templateincludes\Dashboard\CancelPage.php:22
authwp_ajax_payment_templateincludes\Dashboard\PaymentTemplate.php:36
authwp_ajax_update_templateincludes\Dashboard\PaymentTemplate.php:37
authwp_ajax_change_plan_templateincludes\Dashboard\PaymentTemplate.php:38
authwp_ajax_custom_form_templateincludes\Dashboard\PaymentTemplate.php:39
authwp_ajax_thankyou_pageincludes\Dashboard\PaymentTemplate.php:40
authwp_ajax_check_vat_codeincludes\Utils\InvoiceHelper.php:23
authwp_ajax_check_fiscal_codeincludes\Utils\InvoiceHelper.php:24
authwp_ajax_check_couponincludes\Utils\InvoiceHelper.php:25

REST API Routes 6

POST/wp-json/wubtitle/v1/auth-planincludes\Api\ApiAuthUpgradePlan.php:44
POST/wp-json/wubtitle/v1/reactivate-planincludes\Api\ApiAuthUpgradePlan.php:62
GET/wp-json/wubtitle/v1/job-listincludes\Api\ApiLicenseValidation.php:45
POST/wp-json/wubtitle/v1/reset-userincludes\Api\ApiLicenseValidation.php:64
POST/wp-json/wubtitle/v1/store-subtitleincludes\Api\ApiStoreSubtitle.php:44
POST/wp-json/wubtitle/v1/error-jobsincludes\Api\ApiStoreSubtitle.php:177

Shortcodes 1

[transcript] includes\Core\Shortcode.php:31
WordPress Hooks 49
actionrest_api_initincludes\Api\ApiAuthUpgradePlan.php:33
actionrest_api_initincludes\Api\ApiAuthUpgradePlan.php:34
actionrest_api_initincludes\Api\ApiLicenseValidation.php:34
actionrest_api_initincludes\Api\ApiLicenseValidation.php:35
actioninitincludes\Api\ApiRequest.php:24
actionrest_api_initincludes\Api\ApiStoreSubtitle.php:33
actionrest_api_initincludes\Api\ApiStoreSubtitle.php:34
action_core_updated_successfullyincludes\Core\Activation.php:23
filterupgrader_post_installincludes\Core\Activation.php:24
actione2w_cronincludes\Core\Cron.php:25
actioninitincludes\Core\Cron.php:28
actioninitincludes\Core\CustomPostTypes\Transcript.php:24
actionsave_post_transcriptincludes\Core\CustomPostTypes\Transcript.php:26
filtermanage_transcript_posts_columnsincludes\Core\CustomPostTypes\Transcript.php:28
actionmanage_transcript_posts_custom_columnincludes\Core\CustomPostTypes\Transcript.php:29
actioninitincludes\Core\Shortcode.php:22
actiondelete_attachmentincludes\Core\Subtitle.php:22
filterpre_set_site_transient_update_pluginsincludes\Core\Updater.php:54
filterplugins_apiincludes\Core\Updater.php:55
filterupgrader_pre_installincludes\Core\Updater.php:56
filterupgrader_post_installincludes\Core\Updater.php:57
actionadmin_menuincludes\Dashboard\Settings.php:31
actionadmin_initincludes\Dashboard\Settings.php:32
actionadmin_initincludes\Dashboard\Settings.php:33
actionupdate_option_wubtitle_license_keyincludes\Dashboard\Settings.php:34
actionadmin_enqueue_scriptsincludes\Dashboard\Settings.php:35
actionadmin_enqueue_scriptsincludes\Dashboard\Settings.php:36
actionadmin_noticesincludes\Dashboard\Settings.php:37
actioninitincludes\Gutenberg\TranscriptionBlock.php:22
filterrest_transcript_queryincludes\Gutenberg\TranscriptionBlock.php:23
actionenqueue_block_editor_assetsincludes\Gutenberg\VideoBlock.php:25
filterrender_blockincludes\Gutenberg\VideoBlock.php:26
filtermanage_media_columnsincludes\MediaLibrary\ListingSubtitles.php:23
actionmanage_media_custom_columnincludes\MediaLibrary\ListingSubtitles.php:24
actionadmin_print_styles-upload.phpincludes\MediaLibrary\ListingSubtitles.php:25
actionpre_get_postsincludes\MediaLibrary\ListingSubtitles.php:26
actionattachment_fields_to_editincludes\MediaLibrary\MediaLibraryExtented.php:28
actionattachment_fields_to_editincludes\MediaLibrary\MediaLibraryExtented.php:30
actionadmin_enqueue_scriptsincludes\MediaLibrary\MediaLibraryExtented.php:31
filterattachment_fields_to_saveincludes\MediaLibrary\MediaLibraryExtented.php:32
filterwp_video_shortcode_overrideincludes\MediaLibrary\MediaLibraryExtented.php:33
filterwp_video_shortcode_overrideincludes\MediaLibrary\MediaLibraryExtented.php:339
actionmedia_buttonsincludes\MediaLibrary\TrascriptionsExtends.php:25
actionwp_enqueue_mediaincludes\MediaLibrary\TrascriptionsExtends.php:26
actionadmin_noticesincludes\MediaLibrary\TrascriptionsExtends.php:27
actionupdated_post_metaincludes\Utils\SyncAttachments.php:23
actionadded_post_metaincludes\Utils\SyncAttachments.php:24
actionupdated_post_metaincludes\Utils\SyncAttachments.php:95
actionadded_post_metaincludes\Utils\SyncAttachments.php:96

Scheduled Events 1

e2w_cron
Maintenance & Trust

Wubtitle Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedOct 17, 2022
PHP min version7.4
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs40
Alternatives

Wubtitle Alternatives

JW Player for WordPress

JW Player for WordPress

jw-player-7-for-wp

A
99

JW Player for WordPress enables you to publish videos on your WordPress posts and pages using the most popular video player on the web.

1K 1 CVE
WP Amara Shortcode

WP Amara Shortcode

wp-amara-shortcode

A
100

A simple wordpress plugin to enable Amara.org shortcode

10 No CVEs
XML Sitemap Generator for Google

XML Sitemap Generator for Google

google-sitemap-generator

A
96

Generate multiple types of sitemaps to improve SEO and get your website indexed quickly.

1.0M 3 CVEs
Sitemap Generator Professional

Sitemap Generator Professional

mb-sitemap-generator

A
85

An easy to use XML sitemap generator with support for image and video sitemaps for WordPress.

4K No CVEs
Subtitles

Subtitles

subtitles

A
85

Add subtitles into your WordPress posts, pages, custom post types, and themes. No coding required. Simply activate Subtitles and you're ready.

3K No CVEs
Developer Profile

Wubtitle Developer Profile

giuseppectmobi

1 plugin · 40 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Wubtitle

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wubtitle/assets/css/payment_template.css/wp-content/plugins/wubtitle/assets/payment/payment_template.js/wp-content/plugins/wubtitle/assets/payment/change_plan_script.js
Script Paths
https://fonts.googleapis.com/css?family=Days+One|Open+Sans&display=swaphttps://js.stripe.com/v3/https://kit.fontawesome.com/b78c2a4b89.js
Version Parameters
wubtitle/assets/css/payment_template.css?ver=wubtitle/assets/payment/payment_template.js?ver=wubtitle/assets/payment/change_plan_script.js?ver=

HTML / DOM Fingerprints

JS Globals
WP_GLOBALS
FAQ

Frequently Asked Questions about Wubtitle