1271 comments found.
Version 11.0 Release Date 14.04.2026
- Added AJAX updates to the playlist manager and presets manager, allowing users to remain on the page while data is updated in the database without requiring a reload..
- Fixed all known vulnerabilities.
- Added Global Advertising: you can now create a set of pre-roll, mid-roll, post-roll, or VAST/VMAP advertisements that are automatically applied to all videos, video tutorial.
Tibi – FWD.
I need to use a dynamic shortcode (Content Egg) to display live prices and photos inside the video overlay. Does your plugin process PHP shortcodes inside the Custom HTML Overlay or does it only support static HTML?
Hi.
The overlays are not supoprted in the WordPress version.
Tibi – FWD.
Hello, Tibi!
I’m still getting security flags. Another user on here reported the files in question were still on his server despite you saying they were removed. Can you please remove them and provide an updated, patched version that I can install that will fix the flagged issues? Thanks.
https://really-simple-ssl.com/vulnerability/01368767-d126-4d8d-89df-5de5054e4622Hi.
What tool do you use becuaes the file that is causing that security issue is completely removed?
Tibi – FWD.
I just keep getting flags in Wordpress. I linked to you where it links me. Did you add an updated version without the files in question? I’m pretty sure I have the most updated version from you. Thanks, Tibi.
I did updated UVP so wihout the files. I will look into this in detail this weekend.
However not sure how ti works that is shwoing the issue it is possibel that the software that found that bug was not updated…
I will also add an update to have ajax based updates for the presets and playlists so that page will not refresh every time an update is done.
Tibi – FWD.
Here’s the error associated with 10.1 (Server Side Request Forgery): https://really-simple-ssl.com/vulnerability/978cbc76-366a-4f00-ad04-fab88b9876cb/
Or this from Wordfence for 10.1 (Missing Authorization): https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/fwduvp/ultimate-video-player-101-missing-authorization
Ok I will look into it this weekend
Tibi – FWD.
Thanks, Tibi!
Welcome!
I solved the issue—it wasn’t really an issue, but anyway. I added a safeguard to prevent someone from opening the PHP file directly in their browser. This was already handled by the PHP server, but this makes it more secure and essentially bulletproof.
Tibi – FWD.
Thanks, Tibi. Unfortunately, WordFence is still flagging it as a critical issue as of yesterday: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/fwduvp/ultimate-video-player-wordpress-woocommerce-plugin-101-unauthenticated-server-side-request-forgery
You ned to contanct them to scan the update that we have now on codecanyon…
Tibi – FWD.
On final of youtube video, on player, there is any way to mask the youtube video recommendations? Ty
I am sorry no, thje controls and other stuff can be done but the recomendations no… you can however set the video to end sooner like 10 seconds sooner, this way they willnever appear if it is something that you really need.
Tibi – FWD.
Hello. The videos can be full encrypt? Cant be viewed by source of browsers? Ty
HI.
Yes, the source can be encrypted in the source page.
Tibi – FWD.
Aún no han solucionado el problema de adaptación a pantalla completa que tienen los videos de youtube? sin que los recorte?
I don’t understand.
Tibi – FWD.
Have they still not fixed the problem with YouTube videos adapting to full screen without cropping them?
Please write to me and remind me about the issue at tibi_diablo@yahoo.com.
Tibi – FWD.
Please register to my website as well so that I can notify you if I have updates for UVP https://fwdapps.net/my-account/
Tibi – FWD.
This was solve s alog time ago, but they never updated the fix…
Tibi – FWD.
Your previous reply says this was fixed, but the issue is still present.
The following files remain directly accessible and vulnerable:
- content/vimeo/data.php Unauthenticated SSRF via user-controlled path parameter (no validation, no nonce, no auth)
- content/proxy.php SSRF still bypassable (DNS rebinding, IPv6, file:// and gopher:// schemes)
- content/proxyFolder.php Directory traversal via unvalidated dir parameter
- content/mp3.php Directory traversal via direct user input
- content/sendMailToAFriend.php Mail header injection (no email validation)
- content/sendMail.php Mail injection / input tampering
All these files lack authentication, nonce checks, and protection against direct access. So the vulnerability is not fully fixed and remains exploitable.
Please review these files and apply a complete patch.
Please note that these issues must be properly fixed in the code in order for security scanners to update their assessment and remove the warning.
Also, the plugin version number must be incremented after applying the fixes, otherwise automated security tools will not re-scan or recognize the patch.
Until then, the vulnerability status will remain active.
All those files have been completely removed from the plugin, not sure why you still get them, I will look into it asap.
Tibi – FWD.
I am already using the latest version of the plugin, and the files mentioned are still present on my server.
To resolve this manually and re-run the security scan, please provide the exact file names and extensions, with their relative paths, that should have been removed.
I will delete them manually to ensure the issue is fully cleared.
Please delete them for now tehy are not needed anyway. I will look into this in detail asap I am not at the office now.
What security scan are you using?
Tibi – FWD.
Thanks for the update.
I’m using multiple AI-based security analyzers, mainly Claude Code, in addition to WordPress security plugins such as Really Simple SSL Security, Wordfence, and server/WAF checks.
All of them still report the same issues in the mentioned files on the latest version.
I’ve deleted the files for now as suggested and will re-run the scans. Looking forward to your detailed review.
Ok.
Those files are not required anymore so if you deleted them, it will be fine. I will see what is going on behind the scenes asap.
Tibi – FWD.
Please register to my website as well so that I can notify you if I have updates for UVP https://fwdapps.net/my-account/
Tibi – FWD.
Subject: Product inquiry: pre/mid/post-roll ads, live-like playlists, storage, limits and multi-site licensing
Hello, I’m evaluating your product for a WordPress-based project where videos are embedded via a custom plugin. On each page I insert a simple shortcode or embed code with a player/space ID, and the plugin takes care of rendering everything.
I would like to clarify the following functional and commercial/technical aspects:
1. Ads configured per “space/player”, independent from the video Is it possible to configure pre-roll, mid-roll and post-roll ads per player/space, so that the ad configuration is automatically applied to any video played in that space, without having to set ads on each single video?
2. Live-like playlist / linear channel from VOD Is it possible to create a channel / stream-like object that plays, in “live” mode, a sequence of pre-uploaded videos selected from your panel, so that:
all users see the same video at the same point in time (linear / synchronized playback), videos are played one after another automatically, pre-roll, mid-roll (at midpoint or configurable timestamp/percentage) and post-roll ads are always applied? In this case, does this channel/playlist have its own unique ID that can be embedded anywhere (similar to a single video ID)?
3. External storage (S3 or similar) Is it possible to host videos on external storage (e.g. Amazon S3, Cloudflare R2, Backblaze, etc.) and still use your player and ad system? If yes, which integrations are supported and are there any additional costs or limitations?
4. Licensing and multi-site usage On how many WordPress sites/domains can the product be used with a single license or plan? Is it possible to manage separate ad configurations per site, so that ad rules and rolls from one site are not shared with others?
If you have documentation or links covering these topics (ad scheduling, live/linear playlists, limits, multi-site licensing), feel free to share them.
Thank you, Marco
hi.
From your list 1 and 2 are not possible. I am not sure if I will implement them, but I noted your request.
3. S3 and other external host videos are supported.
4. A license is per website. This is how Envato licensing works for all its items.
Tibi – FWD.
When will you add view counts?
I have noted your request for a future update.
Tibi – FWD.
Thanks, love your products. Bought two at the moment and looking to get more when im in full operation, very worth it. It just with the new age of business, views on videos will really help.
I will add that feature, but I’m currently in the process of creating a video course and transitioning to my own website to sell my plugins. If everything goes well, this should happen sometime this summer.
I am honest about this…
Thank you for understanding.
Tibi – FWD.
Security Plugins still shows alert on security issues with pluign versions <= 10.1 It’s possible to fix this? It’s really annoying if this is fixed, and if still not fixed it’s really dangerous….
Hi.
The issue was solved a while back, I am not sure why it still appears. The files that were causing the issue were completely removed from the plugin.
Tibi – FWD
Hi, all security plugins like wordfence, solid security etc. reports your plugin with: Ultimate Video Player Plugin <= 10.1 – Server Side Request Forgery (SSRF) Vulnerability… Please fix this and update.
Regards
Hi.
This was fixed a while back; probably the database was not updated with the fix.
Tibi – FWD.
Pre-purchase questions
1. Is this plugin only useful for playlists or also for individual videos (I don’t need playlists)? 2. Does it support Cloudflare Stream embed code (of individual videos)? 3. Does it support links generated by Cloudflare Stream, such as https://customer-000000000000sumo.cloudflarestream.com/39b5cab13741320f32ecfc0577c44154/watch ? 4. My WP Foxiz template doesn’t have a video player, but it supports any embed code without any problems. Does this plugin output embed code to embed it in the specific video post field? Thank you
Hi.
1. It can work for single videos, but a playlist is needed. For single videos is best that you use Easy Video Player https://fwdapps.net/p/evp/, it has the same features as UVP but it was specially made for single videos.
2. Yes, but you need to get the video playable URL.
3. Yes, as long as the URL is returning a video, I have clients that are using similar streams.
4. The video is added via shortcode, is cleaner and straightforward, it dose have embed but it needs to be first addedin the page via shortcode.
Tibi – FWD.
ok, thanks, quick and very comprehensive response
Welcome!
Tibi – FWD.
I just upgrade my Php to 8.3 and i see this deprecated warning from your plugin , so could you please update your plugin to fix this issue
Deprecated: Creation of dynamic property FWDUVPData::$videoStartBehaviour is deprecated in public_html/wp-content/plugins/fwduvp/php/FWDUVPData.php on line 44
Hi.
i will take care of this asap.
Tibi – FWD.
Thank you
Welcome.
I will sort it out this weekend.
Tibi – FWD.
How do you fix direct mp4 link doesnt load correctly? I have a video with 9 hours length but it only loads 1 hour..
This is not related to the player but to the browser, I never had a client with videos so long, I will look into this.
Tibi – FWD.
that’s what I thought too, I’ve checked it and it seems the player seems miscatch length of video in real time. (i.e the duration is 15 hours, in progress bar it only displays 1 hour BUT overall duration progress like 01:00:00/15:00:00 plays exactly like the length)
I will look into this but I need a link to the video I don’t have a video with that duration.
Tibi – FWD.
i will give you the cdn link on discord
can you check discord? i have question -myxeria
yo bro how are you lately? hope youre having speedy recov anw i have an urgent problem in pre roll ads section, it doesn’t load the label at all. https://ibb.co/ZRDDGK7Q so I couldn’t update video with an ads in pre/mid/end roll.
Please write me at tibi-diablo@yahoo.com
Tibi – FWD.
alr sent but how about discord bro
your email is full bro just reply my discord
img1: https://ibb.co.com/MyHZBBV8 img2: https://ibb.co.com/s9x47Rcq
I checked Discord as well, and no message. Can you record a video to show me the issue and leave a link here?
Tibi – FWD.
Nah not cool bro you unfriend me out of nowhere, here is the vid (somehow i cant access streamable) https://jumpshare.com/s/NsRGTtJ4A1nOvkTR4Eh1
Please stop calling me bro!!!
I will look into it asap.
Tibi – FWD.
I have checked on my side is all in place. I think it is some other plugin or your theme that is not written correctly and hides the inputs.
I can help you, but I need to have credentials to see what is going on.
Tibi – FWD,
This comment is currently being reviewed.
The issue is on your side, I do not receive the email at tibi_diablo@yahoo.com! About Discord, I told you I do not use it, I don’t like it.
Try this email tibi@fwdapps.net, also be more polite if I am not asking too much!
Tiibi – FWD.
Hey i want to confirm this: are you truly ignorant replying someone with wrong email address or you’re doing it on purpose? your email is tibi_diablo@yahoo.com right? not tibi-diablo@yahoo.com
I apologize, I made a mistake and did not notice it, it is tibi_diablo@yahoo.com
Tibi – FWD.
Hello,
Is there a configuration to remove medium and tiny quality from quality settings? No matter how i switched the quality it always appears like its quality is bad eventhough user already chose 1080p quality.
Hi.
For YouTube?
Tibi – FWD.
yes
imma be honest and direct.. how do you remove this garbage medium/tiny quality settings from options? this quality is like 90s quality
I need to see how you use the player, pleaes leave me your email I will try to write you.
Tibi – FWD.
i can give you sub-admin credentials of my website, can we connect via discord instead? I rarely check email except for workdays
hello, any demo of audio player in woocommerce? does it display waveforms? working both in product and shop page?
Is the player made only for landscape videos, or does it also show vertical ones? Thank you!
hello,
another question.. is there an option or guide to activate play back where visitor left off like youtube? example visitor a watched a 5 mins video but left at mins 3 and then come back while player starts the video not from beginning but from mins 3? I will explain more if you dont understand.
Regards
Hi..
Yes, this is an optional feature included in the player.
Tibi – FWD.
if I may know what’s the name of it in IT terms? Thanks
Resume / remember function
Marks the last play position of the video when the browser is closed and remembers it when you come back to watch the video again.
Tibi – FWD.
Which tab i can activate this feature? Also can you explain more and some use cases for cuepoint except for ads? I have long question after purchasing.. can i have your email or discord?
Please write to me at tibi_diablo@yahoo.com
TIbi – FWD.
okay you will receive email from rent.ewarnet@gmail.com so i dont need to write introduction, proof, etc
also can you answer my question about the tab settings for resume function and cuepoint here?
Yes it is in the Main Settings- Use resume / remember on play:
Tibi – FWD.
(1) is there a way to display single video only without displaying playlist? if there is how to? (2) skip ads button somehow isnt working, is it a bug?
I tried to reach you via email but you dont reply mine
1. Yes you can disable the playlist visually, but the video still needs to be part of a playlist. If you want a single video, you can use Easy Video Player https://fwdapps.net/p/evp
2. I need to see what is going on; the skip button should work.
I did not receive any email, I checked spam as well, try again at tibi_diablo@yahoo.com
Tibi – FWD.
it seems you havent replied to my email, I’ve emailed you thrice with double checking of address but you just dont answer my email. I will ask everything here instead
I am sorry but I did not receive your email, I checked spam as well, leave your email here if you can, I wil write you.
Tibi – FWD.
email me at my given address above
What email address?
Tibi – FWD
duh if you read up i’ve given mine. Alas maybe yahoo blocked it out nowhere, email me at myxeria@ewarnet.com.
(please reply this message to confirm you’ve read this!)
Yes Yahoo is blocking your email…
Can you send from a different email?
Tibi – FWD.
how about discord?
Tyr FWDDesign on discrod, I don’t really use it.
Tibi -
sent by myxeria
Hello,
Is it possible to have chapter timestamp like how a youtube video did with chaptered video so it could be linked like an index/link? if you dont understand I will explain more.
Regards
Hi.
I am sorry no.
Tibi – FWD.
Do you understand what I mean? let’s say there is a review video and minute 1 until 3 is introduction; minute 3 and beyond are content; 3 last minutes are closing statement. in other words, visitor can visit their desired minutes without looking full video.
(I think you already understood this but i just want to make sure)
Thank you
That file was completely removed some time ago, so that warning is false… I have no idea why is still showing that, probably some old cache thing… but the issue was solved and the file with the issuewas completely removed from the plugin.
TIbi – FWD.
Hi Tibi,
Thanks for quick reply and glad to hear the issue is resolved but I think you should contact wordfence team as well and let them know to refresh the status of issue. As said above until wordfence stop showing this as issue on it’s firewall I can’t suggest it.
It’s mentioned in the above vulnerability link
Have information to add, or spot any errors? Contact us at wfi-support@wordfence.com so we can make any appropriate adjustments.
Thank you
Ok… as I said, the issue is fixed, I think you should trust me since I have been doing this for almost 25 years now… I think I know what I’m doing… even so, that risk that they found is not critical… but these tools like to make a big fuss from nothing, after all, this is how they make money…
Tibi – FWD.
Just want to let you know the issue was solved, wrote them and they will remove the issue.
Tibi -FWD.
