WP-Safety

Video Gallery – YouTube Gallery & Responsive Video Playlist Security & Risk Analysis

wordpress.org/plugins/youtube-showcase

Responsive video gallery and YouTube gallery for WordPress. Create a video grid or YouTube playlist visually in the block editor. No shortcodes!

2K active installs v4.0.2 PHP + WP 5.8+ Updated Feb 25, 2026
playlistvideo-galleryyoutubeyoutube-channelyoutube-gallery
96
A · Safe
CVEs total3
Unpatched0
Last CVEAug 25, 2025
Plugin page Download
Safety Verdict

Is Video Gallery – YouTube Gallery & Responsive Video Playlist Safe to Use in 2026?

Generally Safe

Score 96/100

Video Gallery – YouTube Gallery & Responsive Video Playlist has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Aug 25, 2025Updated 1mo ago
Risk Assessment

The 'youtube-showcase' v4.0.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for all SQL queries, making it resilient to traditional SQL injection attacks. Additionally, a high percentage of output is properly escaped, reducing the risk of cross-site scripting (XSS) vulnerabilities in the rendered content. The plugin also incorporates nonce and capability checks for most of its entry points.

However, significant concerns arise from the static analysis. The plugin exposes 9 AJAX handlers without any authentication checks, presenting a substantial attack surface for unauthorized actions. The taint analysis revealed 2 critical severity flows and 9 flows with unsanitized paths, indicating potential vulnerabilities that could be exploited if malicious data is introduced. While there are no currently unpatched CVEs, the historical vulnerability data shows a pattern of past issues including Deserialization of Untrusted Data, Missing Authorization, and Cross-Site Request Forgery (CSRF), suggesting a recurring tendency towards authorization and data handling weaknesses.

In conclusion, while the plugin has strengths in its database and output handling, the numerous unprotected AJAX endpoints and identified taint flow issues are serious risks that need immediate attention. The historical vulnerability data further underscores the need for rigorous security reviews and remediation efforts. The plugin's security is compromised by its unprotected entry points and the presence of critical taint flows.

Key Concerns

  • 9 AJAX handlers without auth checks
  • 2 critical severity taint flows
  • 9 flows with unsanitized paths
  • 1 high severity known CVE
  • 2 medium severity known CVEs
  • Bundled outdated library: Select2 v3.2
  • 16% of outputs not properly escaped
Vulnerabilities
3

Video Gallery – YouTube Gallery & Responsive Video Playlist Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2025-54731high · 8.1Deserialization of Untrusted Data

YouTube Showcase <= 3.5.1 - Unauthenticated PHP Object Injection

Aug 25, 2025 Patched in 3.5.2 (10d)
CVE-2024-3268medium · 5.3Missing Authorization

YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress <= 3.3.6 - Missing Authorization to Arbitrary Post/Page Creation

May 20, 2024 Patched in 3.4.0 (1d)
CVE-2023-40558medium · 4.3Cross-Site Request Forgery (CSRF)

Video Gallery & Management <= 3.3.5 - Cross-Site Request Forgery

Aug 16, 2023 Patched in 3.3.6 (160d)
Code Analysis
Analyzed Mar 16, 2026

Video Gallery – YouTube Gallery & Responsive Video Playlist Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
22 prepared
Unescaped Output
261
1384 escaped
Nonce Checks
27
Capability Checks
27
File Operations
0
External Requests
2
Bundled Libraries
1

Bundled Libraries

Select23.2

SQL Query Safety

100% prepared22 total queries

Output Escaping

84% escaped1645 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

17 flows9 with unsanitized paths
emd_form_builder_lite_get_field (includes\emd-form-builder-lite\emd-form-builder.php:831)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
9 unprotected

Video Gallery – YouTube Gallery & Responsive Video Playlist Attack Surface

Entry Points34
Unprotected9

AJAX Handlers 29

authwp_ajax_emd_insert_new_shcincludes\admin\shortcode-list-functions.php:72
authwp_ajax_emd_load_fileincludes\class-install-deactivate.php:51
noprivwp_ajax_emd_load_fileincludes\class-install-deactivate.php:52
authwp_ajax_emd_delete_fileincludes\class-install-deactivate.php:53
noprivwp_ajax_emd_delete_fileincludes\class-install-deactivate.php:54
authwp_ajax_emd_check_userEmailincludes\common-functions.php:541
authwp_ajax_emd_check_uniqueincludes\common-functions.php:570
authwp_ajax_emd_form_builder_lite_get_fieldincludes\emd-form-builder-lite\emd-form-builder.php:830
authwp_ajax_emd_form_builder_lite_get_pageincludes\emd-form-builder-lite\emd-form-builder.php:1192
authwp_ajax_emd_form_builder_lite_get_rowincludes\emd-form-builder-lite\emd-form-builder.php:1245
authwp_ajax_emd_form_builder_lite_save_formincludes\emd-form-builder-lite\emd-form-builder.php:1272
authwp_ajax_emd_form_builder_lite_get_hrincludes\emd-form-builder-lite\emd-form-builder.php:1391
authwp_ajax_emd_form_builder_lite_get_htmlincludes\emd-form-builder-lite\emd-form-builder.php:1411
authwp_ajax_emd_formb_lite_submit_ajax_formincludes\emd-form-builder-lite\emd-form-frontend.php:9
noprivwp_ajax_emd_formb_lite_submit_ajax_formincludes\emd-form-builder-lite\emd-form-frontend.php:10
noprivwp_ajax_emd_check_userEmailincludes\emd-form-builder-lite\emd-form-frontend.php:11
noprivwp_ajax_emd_check_uniqueincludes\emd-form-builder-lite\emd-form-frontend.php:12
noprivwp_ajax_emd_lite_process_loginincludes\emd-form-builder-lite\emd-form-frontend.php:1931
authwp_ajax_emd_lite_process_loginincludes\emd-form-builder-lite\emd-form-frontend.php:1932
noprivwp_ajax_emd_lite_verify_registrationincludes\emd-form-builder-lite\emd-form-frontend.php:2019
authwp_ajax_emd_lite_verify_registrationincludes\emd-form-builder-lite\emd-form-frontend.php:2020
authwp_ajax_emd_form_builder_lite_pagenumincludes\emd-form-builder-lite\emd-form-functions.php:656
noprivwp_ajax_emd_form_builder_lite_pagenumincludes\emd-form-builder-lite\emd-form-functions.php:657
noprivwp_ajax_emd_verify_emailincludes\login-register-functions.php:106
authwp_ajax_emd_verify_emailincludes\login-register-functions.php:107
authwp_ajax_youtube_showcase_send_deactivate_reasonincludes\plugin-feedback-functions.php:11
authwp_ajax_youtube_showcase_show_ratemeincludes\plugin-feedback-functions.php:16
authwp_ajax_emd_get_widg_pagenumincludes\widget-functions.php:10
noprivwp_ajax_emd_get_widg_pagenumincludes\widget-functions.php:11

Shortcodes 5

[emd_form] includes\emd-form-builder-lite\emd-form-frontend.php:400
[video_grid] includes\entities\emd-video-shortcodes.php:56
[video_indicators] includes\entities\emd-video-shortcodes.php:121
[video_items] includes\entities\emd-video-shortcodes.php:186
[video_gallery] includes\integration-shortcodes.php:9
WordPress Hooks 89
actionyoutube_showcase_getting_startedincludes\admin\getting-started.php:9
actionyoutube_showcase_settings_glossaryincludes\admin\glossary.php:9
actionemd_ext_registerincludes\admin\settings-functions-globs.php:11
filteremd_add_settings_tabincludes\admin\settings-functions-globs.php:12
actionemd_show_settings_tabincludes\admin\settings-functions-globs.php:13
actionemd_ext_registerincludes\admin\settings-functions-misc.php:11
filteremd_add_settings_tabincludes\admin\settings-functions-misc.php:12
actionemd_show_settings_tabincludes\admin\settings-functions-misc.php:13
actionemd_ext_registerincludes\admin\settings-functions.php:11
actionemd_show_settings_pageincludes\admin\settings-functions.php:12
actionemd_show_shortcodes_pageincludes\admin\shortcode-list-functions.php:4
actionemd_create_shc_with_filtersincludes\admin\shortcode-list-functions.php:53
filtermedia_buttonsincludes\admin\wpas-btn-functions.php:10
actionadmin_footerincludes\admin\wpas-btn-functions.php:11
filterkses_allowed_protocolsincludes\admin\wpas-btn-functions.php:222
actioninitincludes\blocks\block.php:75
actionenqueue_block_editor_assetsincludes\blocks\block.php:163
filterposts_whereincludes\class-emd-query.php:91
filterposts_joinincludes\class-emd-query.php:94
filteremd_wp_session_cookie_secureincludes\class-emd-session.php:59
filteremd_wp_session_cookie_httponlyincludes\class-emd-session.php:60
filteremd_wp_session_delete_batch_sizeincludes\class-emd-session.php:61
filtersafe_style_cssincludes\class-emd-widget.php:57
actionadmin_initincludes\class-install-deactivate.php:21
actionwp_headincludes\class-install-deactivate.php:33
actionadmin_initincludes\class-install-deactivate.php:37
actionadmin_noticesincludes\class-install-deactivate.php:41
actiongenerate_rewrite_rulesincludes\class-install-deactivate.php:45
filterquery_varsincludes\class-install-deactivate.php:46
actionadmin_initincludes\class-install-deactivate.php:47
actioninitincludes\class-install-deactivate.php:55
filtertiny_mce_before_initincludes\class-install-deactivate.php:60
actionemd_ext_set_confincludes\emd-form-builder-lite\emd-form-builder.php:12
actionemd_ext_initincludes\emd-form-builder-lite\emd-form-builder.php:22
filterposts_whereincludes\emd-form-builder-lite\emd-form-builder.php:48
actionemd_ext_admin_enqincludes\emd-form-builder-lite\emd-form-builder.php:50
actionemd_show_forms_lite_pageincludes\emd-form-builder-lite\emd-form-builder.php:282
actioninitincludes\emd-form-builder-lite\emd-form-frontend.php:44
filteremd_ext_parse_tagsincludes\emd-form-builder-lite\emd-form-functions.php:340
actioninitincludes\emd-form-builder-lite\emd-form-functions.php:366
filterkses_allowed_protocolsincludes\emd-form-builder-lite\emd-form-functions.php:734
actionemd_ext_registerincludes\emd-form-builder-lite\settings-functions-login.php:12
filteremd_add_settings_tabincludes\emd-form-builder-lite\settings-functions-login.php:13
actionemd_show_settings_tabincludes\emd-form-builder-lite\settings-functions-login.php:14
actionemd_ext_admin_enqincludes\emd-lite\emd-lite.php:8
filteremd_lite_modalincludes\emd-lite\emd-lite.php:26
actionsave_postincludes\entities\class-emd-entity.php:96
actionsave_postincludes\entities\class-emd-entity.php:133
actioninitincludes\entities\class-emd-video.php:27
actionadmin_initincludes\entities\class-emd-video.php:31
filterpost_updated_messagesincludes\entities\class-emd-video.php:35
actionadmin_menuincludes\entities\class-emd-video.php:39
actionadmin_head-edit.phpincludes\entities\class-emd-video.php:43
actionmanage_emd_video_posts_custom_columnincludes\entities\class-emd-video.php:49
filtermanage_emd_video_posts_columnsincludes\entities\class-emd-video.php:53
filterpost_row_actionsincludes\entities\class-emd-video.php:58
actionadmin_action_emd_duplicate_entityincludes\entities\class-emd-video.php:62
actionadmin_noticesincludes\entities\class-emd-video.php:372
filterthe_titleincludes\entities\class-emd-video.php:403
actionwp_footerincludes\entities\emd-video-shortcodes.php:65
actionwp_footerincludes\entities\emd-video-shortcodes.php:130
actionwp_footerincludes\entities\emd-video-shortcodes.php:193
filterwidget_textincludes\entities\emd-video-shortcodes.php:249
filterwidget_textincludes\entities\emd-video-shortcodes.php:250
actionwp_footerincludes\integration-shortcodes.php:26
filteremd_show_temp_sidebarincludes\layout-functions.php:166
actionemd_sidebarincludes\layout-functions.php:196
actionwidgets_initincludes\layout-functions.php:213
filteremd_show_temp_navigationincludes\layout-functions.php:290
filteremd_show_single_edit_linkincludes\layout-functions.php:320
filteremd_change_containerincludes\layout-functions.php:332
filteremd_get_login_register_option_for_viewsincludes\login-register-functions.php:8
actionemd_show_login_register_formsincludes\login-register-functions.php:22
filteremd_lite_upgrade_urlincludes\plugin-app-functions.php:8
filteremd_lite_upgrade_messageincludes\plugin-app-functions.php:15
filteremd_lite_upgrade_modalincludes\plugin-app-functions.php:22
filterplugin_row_metaincludes\plugin-feedback-functions.php:9
filterplugin_action_linksincludes\plugin-feedback-functions.php:10
actionadmin_footerincludes\plugin-feedback-functions.php:14
actionadmin_noticesincludes\plugin-feedback-functions.php:17
actionadmin_post_youtube-showcase_check_optinincludes\plugin-feedback-functions.php:18
actionpre_get_postsincludes\query-filters.php:34
actionadmin_enqueue_scriptsincludes\scripts.php:9
actionwp_enqueue_scriptsincludes\scripts.php:138
actionadmin_print_footer_scriptsincludes\scripts.php:220
filterthe_contentyoutube-showcase.php:60
actionadmin_menuyoutube-showcase.php:64
filtertemplate_includeyoutube-showcase.php:68
actionwidgets_inityoutube-showcase.php:72
Maintenance & Trust

Video Gallery – YouTube Gallery & Responsive Video Playlist Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 25, 2026
PHP min version
Downloads216K

Community Trust

Rating98/100
Number of ratings127
Active installs2K
Alternatives

Video Gallery – YouTube Gallery & Responsive Video Playlist Alternatives

Video Gallery – YouTube Playlist, Channel Gallery by YotuWP

Video Gallery – YouTube Playlist, Channel Gallery by YotuWP

yotuwp-easy-youtube-embed

A
86

Modern responsive YouTube video gallery helps your website getting noticed from visitors, increase the reach and stand out from the competitors.

20K 5 CVEs
Automatic YouTube Gallery

Automatic YouTube Gallery

automatic-youtube-gallery

A
100

Build dynamic video galleries by simply adding a YouTube USERNAME, CHANNEL, PLAYLIST, SEARCH KEYWORDS, or a custom list of video URLs.

9K 1 CVE
FancyTube – Video Gallery, Video Slider, and Playlist Slider for YouTube

FancyTube – Video Gallery, Video Slider, and Playlist Slider for YouTube

video-gallery-playlist

A
100

Create stunning YouTube video galleries, sliders, and playlists. Perfect for bloggers, vloggers, and businesses.

1K No CVEs
GS YouTube Gallery – Video Feed, Channel Playlist & YouTube Slider

GS YouTube Gallery – Video Feed, Channel Playlist & YouTube Slider

gs-youtube-gallery

A
100

Create a Stunning & Responsive Video Gallery for Channel or Playlist Videos.

80 No CVEs
Feeds for YouTube (YouTube video, channel, and gallery plugin)

Feeds for YouTube (YouTube video, channel, and gallery plugin)

feeds-for-youtube

A
95

The Feeds for YouTube plugin allows you to display customizable YouTube feeds from any YouTube channel.

100K 4 CVEs
Developer Profile

Video Gallery – YouTube Gallery & Responsive Video Playlist Developer Profile

emarket-design

10 plugins · 4K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
251 days
View full developer profile
Detection Fingerprints

How We Detect Video Gallery – YouTube Gallery & Responsive Video Playlist

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/youtube-showcase/assets/css/emd-video-list.css/wp-content/plugins/youtube-showcase/assets/css/emd-video-single.css/wp-content/plugins/youtube-showcase/assets/css/responsive-video.css/wp-content/plugins/youtube-showcase/assets/js/emd-video-helpers.js/wp-content/plugins/youtube-showcase/assets/js/emd-video-list.js/wp-content/plugins/youtube-showcase/assets/js/emd-video-single.js/wp-content/plugins/youtube-showcase/assets/js/jquery.fitvids.js
Script Paths
/wp-content/plugins/youtube-showcase/assets/js/emd-video-helpers.js/wp-content/plugins/youtube-showcase/assets/js/emd-video-list.js/wp-content/plugins/youtube-showcase/assets/js/emd-video-single.js/wp-content/plugins/youtube-showcase/assets/js/jquery.fitvids.js
Version Parameters
/wp-content/plugins/youtube-showcase/assets/css/emd-video-list.css?ver=/wp-content/plugins/youtube-showcase/assets/css/emd-video-single.css?ver=/wp-content/plugins/youtube-showcase/assets/css/responsive-video.css?ver=/wp-content/plugins/youtube-showcase/assets/js/emd-video-helpers.js?ver=/wp-content/plugins/youtube-showcase/assets/js/emd-video-list.js?ver=/wp-content/plugins/youtube-showcase/assets/js/emd-video-single.js?ver=/wp-content/plugins/youtube-showcase/assets/js/jquery.fitvids.js?ver=

HTML / DOM Fingerprints

CSS Classes
emd-video-listemd-single-video-wrapperemd-video-player-wrapper
HTML Comments
Youtube Showcase - Video Galleryemd_video_gallery
Data Attributes
data-emd-video-listdata-emd-video-iddata-video-autoplaydata-video-reldata-video-controlsdata-video-showinfo+3 more
JS Globals
emd_video_globalemd_video_players
REST Endpoints
/wp-json/youtube-showcase/v1/videos/wp-json/youtube-showcase/v1/settings
Shortcode Output
[emd_video_gallery[emd_single_video
FAQ

Frequently Asked Questions about Video Gallery – YouTube Gallery & Responsive Video Playlist