WP-Safety

Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades Security & Risk Analysis

wordpress.org/plugins/youtube-embed-plus

A multi-featured plugin to embed YouTube in WordPress. Embed a video, YouTube channel gallery, playlist, or YouTube livestream. Defer JavaScript too!

100K active installs v14.2.6 PHP + WP 4.5+ Updated Apr 9, 2026
lazy-loadyoutubeyoutube-channelyoutube-galleryyoutube-live-stream
98
A · Safe
CVEs total2
Unpatched0
Last CVEMar 6, 2026
Plugin page Download
Safety Verdict

Is Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades Safe to Use in 2026?

Generally Safe

Score 98/100

Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Mar 6, 2026Updated 1mo ago
Risk Assessment

The "youtube-embed-plus" plugin v14.2.5 exhibits a mixed security posture. On the positive side, it shows good practices in SQL query preparation (67%) and a significant portion of output escaping (69%). The absence of dangerous functions and critical/high severity taint flows is also reassuring. However, concerns arise from its attack surface, particularly the presence of two AJAX handlers without authentication checks, which could be exploited if they handle user-supplied data without proper validation. The plugin also has a history of known vulnerabilities, although there are no currently unpatched CVEs. The last vulnerability was in 2017, and it was of medium severity and identified as CSRF, indicating a past weakness in handling user requests. While the code analysis reveals some potential weaknesses, the lack of critical issues and the aging vulnerability history suggest that this version might be relatively stable, but the unprotected entry points remain a notable risk.

Key Concerns

  • Unprotected AJAX handlers
  • Medium severity vulnerability history (past)
  • Less than 70% output escaping
Vulnerabilities
2 published

Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades Security Vulnerabilities

CVEs by Year

1 CVE in 2017
2017
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2026-39485medium · 4.3Missing Authorization

Youtube Embed Plus <= 14.2.4 - Missing Authorization

Mar 6, 2026 Patched in 14.2.5 (41d)
CVE-2017-1000224medium · 6.5Cross-Site Request Forgery (CSRF)

Embed Plus Plugin for YouTube <= 11.8.1 - Cross-Site Request Forgery

Jul 25, 2017 Patched in 11.8.2 (2373d)
Version History

Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades Release Timeline

v14.2.6Current
v14.2.5
v14.2.41 CVE
CVE-2026-39485
v14.2.3.31 CVE
CVE-2026-39485
v14.2.3.21 CVE
CVE-2026-39485
v14.2.3.11 CVE
CVE-2026-39485
v14.2.31 CVE
CVE-2026-39485
v14.2.21 CVE
CVE-2026-39485
v14.2.1.31 CVE
CVE-2026-39485
v14.2.1.21 CVE
CVE-2026-39485
v14.2.11 CVE
CVE-2026-39485
v14.21 CVE
CVE-2026-39485
v14.1.6.31 CVE
CVE-2026-39485
v14.1.6.21 CVE
CVE-2026-39485
v14.1.6.11 CVE
CVE-2026-39485
v14.1.61 CVE
CVE-2026-39485
v14.1.51 CVE
CVE-2026-39485
v14.1.4.11 CVE
CVE-2026-39485
v14.1.41 CVE
CVE-2026-39485
v14.1.31 CVE
CVE-2026-39485
Code Analysis
Analyzed Mar 16, 2026

Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
4 prepared
Unescaped Output
89
200 escaped
Nonce Checks
4
Capability Checks
17
File Operations
2
External Requests
7
Bundled Libraries
0

SQL Query Safety

67% prepared6 total queries

Output Escaping

69% escaped289 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths
my_embedplus_gallery_page (youtube.php:2463)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades Attack Surface

Entry Points12
Unprotected2

AJAX Handlers 8

authwp_ajax_my_embedplus_onboarding_save_ajaxyoutube.php:239
authwp_ajax_my_embedplus_settings_save_ajaxyoutube.php:240
authwp_ajax_my_embedplus_onboarding_save_apikey_ajaxyoutube.php:241
authwp_ajax_my_embedplus_glance_vidsyoutube.php:242
authwp_ajax_my_embedplus_glance_countyoutube.php:243
authwp_ajax_my_embedplus_dismiss_double_plugin_warningyoutube.php:244
authwp_ajax_my_embedplus_gallery_pageyoutube.php:245
noprivwp_ajax_my_embedplus_gallery_pageyoutube.php:246

Shortcodes 4

[embedyt] youtube.php:2125
[youtube] youtube.php:2130
[youtube_video] youtube.php:2131
[embedplusvideo] youtube.php:2135
WordPress Hooks 25
actionenqueue_block_editor_assetsincludes\gutenberg\gutenberg_hooks.php:7
actionadmin_footerincludes\gutenberg\gutenberg_hooks.php:9
actioninitincludes\gutenberg\gutenberg_hooks.php:11
actionadmin_initincludes\gutenberg\gutenberg_hooks.php:13
actionadmin_inityoutube.php:172
actionadmin_noticesyoutube.php:173
actionmedia_buttonsyoutube.php:218
actionadmin_menuyoutube.php:222
actionwp_print_scriptsyoutube.php:229
actionwp_enqueue_scriptsyoutube.php:230
actionwp_enqueue_scriptsyoutube.php:233
actionwp_enqueue_scriptsyoutube.php:234
filterytprefs_filter_the_content_lightyoutube.php:237
actionadmin_enqueue_scriptsyoutube.php:247
actionwp_footeryoutube.php:251
actionadmin_noticesyoutube.php:1687
filterthe_contentyoutube.php:2119
filterwidget_textyoutube.php:2120
filtersgo_lazy_load_exclude_classesyoutube.php:2123
filterscript_loader_tagyoutube.php:2142
actionadmin_print_footer_scriptsyoutube.php:5929
actionadmin_print_footer_scriptsyoutube.php:5936
actionadmin_print_footer_scriptsyoutube.php:6019
filtermce_external_pluginsyoutube.php:6050
filtermce_buttons_2youtube.php:6051
Maintenance & Trust

Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 9, 2026
PHP min version
Downloads8.5M

Community Trust

Rating92/100
Number of ratings570
Active installs100K
Alternatives

Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades Alternatives

Feeds for YouTube (YouTube video, channel, and gallery plugin)

Feeds for YouTube (YouTube video, channel, and gallery plugin)

feeds-for-youtube

A
96

The Feeds for YouTube plugin allows you to display customizable YouTube feeds from any YouTube channel.

100K 4 CVEs
Video Gallery – YouTube Playlist, Channel Gallery by YotuWP

Video Gallery – YouTube Playlist, Channel Gallery by YotuWP

yotuwp-easy-youtube-embed

A
86

Modern responsive YouTube video gallery helps your website getting noticed from visitors, increase the reach and stand out from the competitors.

20K 5 CVEs
Automatic YouTube Gallery

Automatic YouTube Gallery

automatic-youtube-gallery

A
100

Build dynamic video galleries by simply adding a YouTube USERNAME, CHANNEL, PLAYLIST, SEARCH KEYWORDS, or a custom list of video URLs.

9K 1 CVE
Video Gallery – YouTube Gallery & Responsive Video Playlist

Video Gallery – YouTube Gallery & Responsive Video Playlist

youtube-showcase

A
93

Responsive video gallery and YouTube gallery for WordPress. Create a video grid or YouTube playlist visually in the block editor. No shortcodes!

2K 4 CVEs
Youtube Channel Plugin

Youtube Channel Plugin

youtube-channel-showcase

A
85

Youtube channel gallery - displays list of youtube videos from a channel and showcases a selected video at the top which can be rotated

90 No CVEs
Developer Profile

Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades Developer Profile

embedplus

1 plugin · 100K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
1207 days
View full developer profile
Detection Fingerprints

How We Detect Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/youtube-embed-plus/assets/css/style.css/wp-content/plugins/youtube-embed-plus/assets/js/youtube-embed-plus.min.js
Script Paths
/wp-content/plugins/youtube-embed-plus/assets/js/youtube-embed-plus.min.js
Version Parameters
youtube-embed-plus/assets/css/style.css?ver=youtube-embed-plus/assets/js/youtube-embed-plus.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
youtube-embed-plus-lazy-load-facade
Data Attributes
data-youtube-embed-plus
JS Globals
YTPlayerList
FAQ

Frequently Asked Questions about Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades