Does YT Player – Embed and Customize Video Players have any unpatched vulnerabilities?

No. All known vulnerabilities in YT Player – Embed and Customize Video Players have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is YT Player – Embed and Customize Video Players compatible with WordPress 6.8.5?

According to WordPress.org data, YT Player – Embed and Customize Video Players 2.0.6 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is YT Player – Embed and Customize Video Players compatible with PHP 7.1+?

YT Player – Embed and Customize Video Players requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is YT Player – Embed and Customize Video Players updated?

YT Player – Embed and Customize Video Players was last updated on Mar 3, 2026. Frequent updates are generally a positive security signal.

What is YT Player – Embed and Customize Video Players's security score?

YT Player – Embed and Customize Video Players has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

YT Player – Embed and Customize Video Players Security & Risk Analysis

wordpress.org/plugins/yt-player

A modern, accessible, fully customizable & user-friendly YouTube Video Player for WordPress.

1K active installs v2.0.6 PHP 7.1+ WP 6.2+ Updated Mar 3, 2026

plyrvideo-playeryoutubeyoutube-embedyoutube-video-player

A · Safe

CVEs total1

Unpatched0

Last CVESep 22, 2021

Plugin page Download

Safety Verdict

Is YT Player – Embed and Customize Video Players Safe to Use in 2026?

Generally Safe

Score 100/100

YT Player – Embed and Customize Video Players has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 22, 2021Updated 1mo ago

Risk Assessment

The yt-player v2.0.7 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by having no dangerous functions, file operations, or external HTTP requests. The majority of SQL queries utilize prepared statements, and a significant portion of outputs are properly escaped, indicating an awareness of common web security pitfalls. Furthermore, the plugin has no currently unpatched vulnerabilities, with its sole historical CVE being of medium severity and related to Cross-Site Scripting, which was addressed.

However, there are notable concerns. A significant attack surface exists with 14 AJAX handlers, four of which lack authentication checks. This presents a potential pathway for attackers to trigger plugin functionality without proper authorization. While taint analysis did not reveal critical or high-severity issues in this scan, the presence of unsanitized paths in four entry points (AJAX handlers) is a direct risk that could lead to vulnerabilities if exploited, especially in conjunction with the lack of proper authentication checks. The plugin also bundles an older version of Freemius (v1.0), which could potentially have unaddressed vulnerabilities.

In conclusion, while the plugin has a history of addressing vulnerabilities and implements some good security practices like prepared statements and output escaping, the unprotected AJAX handlers and the potential for unsanitized input in these handlers represent significant weaknesses. The bundled Freemius library also warrants attention. The overall risk is moderate, with specific areas requiring immediate review and potential remediation.

Key Concerns

Unprotected AJAX handlers
Bundled outdated library (Freemius v1.0)
SQL queries not using prepared statements (3/11)
Outputs not properly escaped (30%)

Vulnerabilities

YT Player – Embed and Customize Video Players Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2021-24414medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Video Player for YouTube <= 1.3 - Cross-Site Scripting

Sep 22, 2021 Patched in 1.4 (853d)

Code Analysis

Analyzed Mar 16, 2026

YT Player – Embed and Customize Video Players Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

467

1085 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

73% prepared11 total queries

Output Escaping

70% escaped1552 total outputs

Data Flows

All sanitized

Data Flow Analysis

6 flows

csf_export (admin\codestar-framework\functions\actions.php:62)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

YT Player – Embed and Customize Video Players Attack Surface

Entry Points17

Unprotected4

AJAX Handlers 14

authwp_ajax_csf-get-iconsadmin\codestar-framework\functions\actions.php:50

authwp_ajax_csf-exportadmin\codestar-framework\functions\actions.php:87

authwp_ajax_csf-importadmin\codestar-framework\functions\actions.php:123

authwp_ajax_csf-resetadmin\codestar-framework\functions\actions.php:150

authwp_ajax_csf-chosenadmin\codestar-framework\functions\actions.php:189

authwp_ajax_csf-get-iconsadmin\framework\functions\actions.php:50

authwp_ajax_csf-exportadmin\framework\functions\actions.php:87

authwp_ajax_csf-importadmin\framework\functions\actions.php:123

authwp_ajax_csf-resetadmin\framework\functions\actions.php:150

authwp_ajax_csf-chosenadmin\framework\functions\actions.php:189

noprivwp_ajax_ytp_import_datainc\Model\Ajax.php:18

authwp_ajax_ytp_import_datainc\Model\Ajax.php:19

authwp_ajax_ytp_ajaxinc\Model\Ajax.php:21

noprivwp_ajax_ytp_ajaxinc\Model\Ajax.php:22

Shortcodes 3

[youtube_player] inc\Services\CommonShortcode.php:9

[ytp] inc\Services\Shortcode.php:10

[ytplayer] inc\Services\Shortcode.php:11

WordPress Hooks 114

actionwp_enqueue_scriptsadmin\codestar-framework\classes\abstract.class.php:20

actionadmin_menuadmin\codestar-framework\classes\admin-options.class.php:107

actionadmin_bar_menuadmin\codestar-framework\classes\admin-options.class.php:108

actionnetwork_admin_menuadmin\codestar-framework\classes\admin-options.class.php:112

filteradmin_footer_textadmin\codestar-framework\classes\admin-options.class.php:492

actionadd_meta_boxes_commentadmin\codestar-framework\classes\comment-options.class.php:38

actionedit_commentadmin\codestar-framework\classes\comment-options.class.php:39

actioncustomize_registeradmin\codestar-framework\classes\customize-options.class.php:43

actioncustomize_save_afteradmin\codestar-framework\classes\customize-options.class.php:44

actionwp_enqueue_scriptsadmin\codestar-framework\classes\customize-options.class.php:48

actionadd_meta_boxesadmin\codestar-framework\classes\metabox-options.class.php:50

actionsave_postadmin\codestar-framework\classes\metabox-options.class.php:51

actionedit_attachmentadmin\codestar-framework\classes\metabox-options.class.php:52

actionwp_nav_menu_item_custom_fieldsadmin\codestar-framework\classes\nav-menu-options.class.php:30

actionwp_update_nav_menu_itemadmin\codestar-framework\classes\nav-menu-options.class.php:31

filterwp_edit_nav_menu_walkeradmin\codestar-framework\classes\nav-menu-options.class.php:33

actionadmin_initadmin\codestar-framework\classes\profile-options.class.php:30

actionshow_user_profileadmin\codestar-framework\classes\profile-options.class.php:42

actionedit_user_profileadmin\codestar-framework\classes\profile-options.class.php:43

actionpersonal_options_updateadmin\codestar-framework\classes\profile-options.class.php:45

actionedit_user_profile_updateadmin\codestar-framework\classes\profile-options.class.php:46

actionafter_setup_themeadmin\codestar-framework\classes\setup.class.php:70

actioninitadmin\codestar-framework\classes\setup.class.php:71

actionswitch_themeadmin\codestar-framework\classes\setup.class.php:72

actionadmin_enqueue_scriptsadmin\codestar-framework\classes\setup.class.php:73

actionwp_enqueue_scriptsadmin\codestar-framework\classes\setup.class.php:74

actionwp_headadmin\codestar-framework\classes\setup.class.php:75

filteradmin_body_classadmin\codestar-framework\classes\setup.class.php:76

actionadmin_footeradmin\codestar-framework\classes\shortcode-options.class.php:47

actioncustomize_controls_print_footer_scriptsadmin\codestar-framework\classes\shortcode-options.class.php:48

actionelementor/editor/before_enqueue_scriptsadmin\codestar-framework\classes\shortcode-options.class.php:57

actionelementor/editor/footeradmin\codestar-framework\classes\shortcode-options.class.php:58

actionelementor/editor/footeradmin\codestar-framework\classes\shortcode-options.class.php:59

actionenqueue_block_editor_assetsadmin\codestar-framework\classes\shortcode-options.class.php:301

actionmedia_buttonsadmin\codestar-framework\classes\shortcode-options.class.php:305

actionadmin_initadmin\codestar-framework\classes\taxonomy-options.class.php:41

actionadmin_footeradmin\codestar-framework\fields\icon\icon.php:41

actioncustomize_controls_print_footer_scriptsadmin\codestar-framework\fields\icon\icon.php:42

actionadmin_print_footer_scriptsadmin\codestar-framework\fields\link\link.php:65

actionprint_default_editor_scriptsadmin\codestar-framework\fields\wp_editor\wp_editor.php:62

actionadmin_menuadmin\codestar-framework\views\welcome.php:19

filterplugin_action_linksadmin\codestar-framework\views\welcome.php:20

filterplugin_row_metaadmin\codestar-framework\views\welcome.php:21

actionwp_enqueue_scriptsadmin\framework\classes\abstract.class.php:20

actionadmin_menuadmin\framework\classes\admin-options.class.php:107

actionadmin_bar_menuadmin\framework\classes\admin-options.class.php:108

actionnetwork_admin_menuadmin\framework\classes\admin-options.class.php:112

filteradmin_footer_textadmin\framework\classes\admin-options.class.php:492

actionadd_meta_boxes_commentadmin\framework\classes\comment-options.class.php:38

actionedit_commentadmin\framework\classes\comment-options.class.php:39

actioncustomize_registeradmin\framework\classes\customize-options.class.php:43

actioncustomize_save_afteradmin\framework\classes\customize-options.class.php:44

actionwp_enqueue_scriptsadmin\framework\classes\customize-options.class.php:48

actionadd_meta_boxesadmin\framework\classes\metabox-options.class.php:52

actionsave_postadmin\framework\classes\metabox-options.class.php:53

actionedit_attachmentadmin\framework\classes\metabox-options.class.php:54

actionwp_nav_menu_item_custom_fieldsadmin\framework\classes\nav-menu-options.class.php:30

actionwp_update_nav_menu_itemadmin\framework\classes\nav-menu-options.class.php:31

filterwp_edit_nav_menu_walkeradmin\framework\classes\nav-menu-options.class.php:33

actionadmin_initadmin\framework\classes\profile-options.class.php:30

actionshow_user_profileadmin\framework\classes\profile-options.class.php:42

actionedit_user_profileadmin\framework\classes\profile-options.class.php:43

actionpersonal_options_updateadmin\framework\classes\profile-options.class.php:45

actionedit_user_profile_updateadmin\framework\classes\profile-options.class.php:46

actionafter_setup_themeadmin\framework\classes\setup.class.php:70

actioninitadmin\framework\classes\setup.class.php:71

actionswitch_themeadmin\framework\classes\setup.class.php:72

actionadmin_enqueue_scriptsadmin\framework\classes\setup.class.php:73

actionwp_enqueue_scriptsadmin\framework\classes\setup.class.php:74

actionwp_headadmin\framework\classes\setup.class.php:75

filteradmin_body_classadmin\framework\classes\setup.class.php:76

actionadmin_footeradmin\framework\classes\shortcode-options.class.php:47

actioncustomize_controls_print_footer_scriptsadmin\framework\classes\shortcode-options.class.php:48

actionelementor/editor/before_enqueue_scriptsadmin\framework\classes\shortcode-options.class.php:57

actionelementor/editor/footeradmin\framework\classes\shortcode-options.class.php:58

actionelementor/editor/footeradmin\framework\classes\shortcode-options.class.php:59

actionenqueue_block_editor_assetsadmin\framework\classes\shortcode-options.class.php:301

actionmedia_buttonsadmin\framework\classes\shortcode-options.class.php:305

actionadmin_initadmin\framework\classes\taxonomy-options.class.php:41

actionadmin_footeradmin\framework\fields\icon\icon.php:41

actioncustomize_controls_print_footer_scriptsadmin\framework\fields\icon\icon.php:42

actionadmin_print_footer_scriptsadmin\framework\fields\link\link.php:65

actionprint_default_editor_scriptsadmin\framework\fields\wp_editor\wp_editor.php:62

actionadmin_menuadmin\framework\views\welcome.php:19

filterplugin_action_linksadmin\framework\views\welcome.php:20

filterplugin_row_metaadmin\framework\views\welcome.php:21

actionenqueue_block_assetsinc\Base\EnqueueAssets.php:10

actionwp_footerinc\Base\Initialize.php:13

actionadmin_footerinc\Base\Initialize.php:14

actionadmin_initinc\Base\Initialize.php:15

actioninitinc\Block\TimelinePro.php:9

actioninitinc\Block\Video.php:9

actionadmin_enqueue_scriptsinc\Page\Dashboard.php:6

actionadmin_menuinc\Page\Dashboard.php:7

actioninitinc\PostType\YTPlayer.php:12

actioninitinc\PostType\YTPlayer.php:13

filterpost_row_actionsinc\PostType\YTPlayer.php:15

actionedit_form_after_titleinc\PostType\YTPlayer.php:16

filtermanage_ytplayer_posts_columnsinc\PostType\YTPlayer.php:17

actionmanage_ytplayer_posts_custom_columninc\PostType\YTPlayer.php:18

filterpost_updated_messagesinc\PostType\YTPlayer.php:19

actionadmin_head-post.phpinc\PostType\YTPlayer.php:21

actionadmin_head-post-new.phpinc\PostType\YTPlayer.php:22

filtergettextinc\PostType\YTPlayer.php:23

filteradmin_footer_textinc\PostType\YTPlayer.php:25

filterfilter_block_editor_meta_boxesinc\PostType\YTPlayer.php:28

actionuse_block_editor_for_postinc\PostType\YTPlayer.php:29

actionadmin_enqueue_scriptsinc\PostType\YTPlayer.php:31

actionadmin_enqueue_scriptsinc\Services\EnqueueAssets.php:7

actionwp_enqueue_scriptsinc\Services\EnqueueAssets.php:8

actionenqueue_block_assetsyoutube-player.php:6

actioninityoutube-player.php:7

actionplugins_loadedyt-player.php:67

actioninityt-player.php:77

Maintenance & Trust

YT Player – Embed and Customize Video Players Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMar 3, 2026

PHP min version7.1

Downloads56K

Community Trust

Rating96/100

Number of ratings12

Active installs1K

Alternatives

YT Player – Embed and Customize Video Players Alternatives

Wonder Video Embed

wonderplugin-video-embed

Embed MP4, Youtube, Vimeo, Wistia videos to the sidebar widget, WordPress posts and pages.

5K 2 CVEs

Gosign – Youtube Video Player Block

gosign-youtube-video-player-block

Fügen Sie einmal einen Youtube-Videoplayerblock mit benutzerdefiniertem Splash-Bild anstelle des Youtube-Standards hinzu und können Sie auch Optionen …

40 No CVEs

All-in-One Video Gallery

all-in-one-video-gallery

The ultimate video player & video gallery plugin for YouTubers, Video Bloggers, Course Creators, Podcasters, and anyone embedding videos on websites.

20K 11 CVEs

HTML5 Video Player – Embed and Play Videos in Custom Player

html5-video-player

HTML5 Video Player Plugin lets you embed responsive videos in WordPress. It’s easy to use, fast, and supports MP4, WebM, OGG, FLV, Youtube and Vimeo.

20K 8 CVEs

Video Gallery – YouTube Playlist, Channel Gallery by YotuWP

yotuwp-easy-youtube-embed

Modern responsive YouTube video gallery helps your website getting noticed from visitors, increase the reach and stand out from the competitors.

20K 5 CVEs

Developer Profile

YT Player – Embed and Customize Video Players Developer Profile

colorlibplugins

120 plugins · 738K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

140 days

View full developer profile

Detection Fingerprints

How We Detect YT Player – Embed and Customize Video Players

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/yt-player/assets/css/yt-player.css/wp-content/plugins/yt-player/assets/js/yt-player.js

Script Paths

/wp-content/plugins/yt-player/assets/js/yt-player.js

Version Parameters

yt-player/assets/css/yt-player.css?ver=yt-player/assets/js/yt-player.js?ver=

HTML / DOM Fingerprints

CSS Classes

ytp-player-wrapperytp-modal-contentytp-btn-playytp-btn-volumeytp-btn-fullscreenytp-progress-barytp-current-timeytp-duration

HTML Comments

Data Attributes

data-ytp-iddata-video-iddata-player-options

JS Globals

window.ytpPlayerConfig

Shortcode Output

[yt_player

FAQ