1269 comments found.
Hello, Tibi!
I’m still getting security flags. Another user on here reported the files in question were still on his server despite you saying they were removed. Can you please remove them and provide an updated, patched version that I can install that will fix the flagged issues? Thanks.
https://really-simple-ssl.com/vulnerability/01368767-d126-4d8d-89df-5de5054e4622Hi.
What tool do you use becuaes the file that is causing that security issue is completely removed?
Tibi – FWD.
I just keep getting flags in Wordpress. I linked to you where it links me. Did you add an updated version without the files in question? I’m pretty sure I have the most updated version from you. Thanks, Tibi.
I did updated UVP so wihout the files. I will look into this in detail this weekend.
However not sure how ti works that is shwoing the issue it is possibel that the software that found that bug was not updated…
I will also add an update to have ajax based updates for the presets and playlists so that page will not refresh every time an update is done.
Tibi – FWD.
Here’s the error associated with 10.1 (Server Side Request Forgery): https://really-simple-ssl.com/vulnerability/978cbc76-366a-4f00-ad04-fab88b9876cb/
Or this from Wordfence for 10.1 (Missing Authorization): https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/fwduvp/ultimate-video-player-101-missing-authorization
Ok I will look into it this weekend
Tibi – FWD.
Thanks, Tibi!
Welcome!
I solved the issue—it wasn’t really an issue, but anyway. I added a safeguard to prevent someone from opening the PHP file directly in their browser. This was already handled by the PHP server, but this makes it more secure and essentially bulletproof.
Tibi – FWD.
Thanks, Tibi. Unfortunately, WordFence is still flagging it as a critical issue as of yesterday: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/fwduvp/ultimate-video-player-wordpress-woocommerce-plugin-101-unauthenticated-server-side-request-forgery
You ned to contanct them to scan the update that we have now on codecanyon…
Tibi – FWD.
On final of youtube video, on player, there is any way to mask the youtube video recommendations? Ty
I am sorry no, thje controls and other stuff can be done but the recomendations no… you can however set the video to end sooner like 10 seconds sooner, this way they willnever appear if it is something that you really need.
Tibi – FWD.
Hello. The videos can be full encrypt? Cant be viewed by source of browsers? Ty
HI.
Yes, the source can be encrypted in the source page.
Tibi – FWD.
Aún no han solucionado el problema de adaptación a pantalla completa que tienen los videos de youtube? sin que los recorte?
I don’t understand.
Tibi – FWD.
Have they still not fixed the problem with YouTube videos adapting to full screen without cropping them?
Please write to me and remind me about the issue at tibi_diablo@yahoo.com.
Tibi – FWD.
Please register to my website as well so that I can notify you if I have updates for UVP https://fwdapps.net/my-account/
Tibi – FWD.
This was solve s alog time ago, but they never updated the fix…
Tibi – FWD.
Your previous reply says this was fixed, but the issue is still present.
The following files remain directly accessible and vulnerable:
- content/vimeo/data.php Unauthenticated SSRF via user-controlled path parameter (no validation, no nonce, no auth)
- content/proxy.php SSRF still bypassable (DNS rebinding, IPv6, file:// and gopher:// schemes)
- content/proxyFolder.php Directory traversal via unvalidated dir parameter
- content/mp3.php Directory traversal via direct user input
- content/sendMailToAFriend.php Mail header injection (no email validation)
- content/sendMail.php Mail injection / input tampering
All these files lack authentication, nonce checks, and protection against direct access. So the vulnerability is not fully fixed and remains exploitable.
Please review these files and apply a complete patch.
Please note that these issues must be properly fixed in the code in order for security scanners to update their assessment and remove the warning.
Also, the plugin version number must be incremented after applying the fixes, otherwise automated security tools will not re-scan or recognize the patch.
Until then, the vulnerability status will remain active.
All those files have been completely removed from the plugin, not sure why you still get them, I will look into it asap.
Tibi – FWD.
I am already using the latest version of the plugin, and the files mentioned are still present on my server.
To resolve this manually and re-run the security scan, please provide the exact file names and extensions, with their relative paths, that should have been removed.
I will delete them manually to ensure the issue is fully cleared.
Please delete them for now tehy are not needed anyway. I will look into this in detail asap I am not at the office now.
What security scan are you using?
Tibi – FWD.
Thanks for the update.
I’m using multiple AI-based security analyzers, mainly Claude Code, in addition to WordPress security plugins such as Really Simple SSL Security, Wordfence, and server/WAF checks.
All of them still report the same issues in the mentioned files on the latest version.
I’ve deleted the files for now as suggested and will re-run the scans. Looking forward to your detailed review.
Ok.
Those files are not required anymore so if you deleted them, it will be fine. I will see what is going on behind the scenes asap.
Tibi – FWD.
Please register to my website as well so that I can notify you if I have updates for UVP https://fwdapps.net/my-account/
Tibi – FWD.
Subject: Product inquiry: pre/mid/post-roll ads, live-like playlists, storage, limits and multi-site licensing
Hello, I’m evaluating your product for a WordPress-based project where videos are embedded via a custom plugin. On each page I insert a simple shortcode or embed code with a player/space ID, and the plugin takes care of rendering everything.
I would like to clarify the following functional and commercial/technical aspects:
1. Ads configured per “space/player”, independent from the video Is it possible to configure pre-roll, mid-roll and post-roll ads per player/space, so that the ad configuration is automatically applied to any video played in that space, without having to set ads on each single video?
2. Live-like playlist / linear channel from VOD Is it possible to create a channel / stream-like object that plays, in “live” mode, a sequence of pre-uploaded videos selected from your panel, so that:
all users see the same video at the same point in time (linear / synchronized playback), videos are played one after another automatically, pre-roll, mid-roll (at midpoint or configurable timestamp/percentage) and post-roll ads are always applied? In this case, does this channel/playlist have its own unique ID that can be embedded anywhere (similar to a single video ID)?
3. External storage (S3 or similar) Is it possible to host videos on external storage (e.g. Amazon S3, Cloudflare R2, Backblaze, etc.) and still use your player and ad system? If yes, which integrations are supported and are there any additional costs or limitations?
4. Licensing and multi-site usage On how many WordPress sites/domains can the product be used with a single license or plan? Is it possible to manage separate ad configurations per site, so that ad rules and rolls from one site are not shared with others?
If you have documentation or links covering these topics (ad scheduling, live/linear playlists, limits, multi-site licensing), feel free to share them.
Thank you, Marco
hi.
From your list 1 and 2 are not possible. I am not sure if I will implement them, but I noted your request.
3. S3 and other external host videos are supported.
4. A license is per website. This is how Envato licensing works for all its items.
Tibi – FWD.
When will you add view counts?
I have noted your request for a future update.
Tibi – FWD.
Thanks, love your products. Bought two at the moment and looking to get more when im in full operation, very worth it. It just with the new age of business, views on videos will really help.
I will add that feature, but I’m currently in the process of creating a video course and transitioning to my own website to sell my plugins. If everything goes well, this should happen sometime this summer.
I am honest about this…
Thank you for understanding.
Tibi – FWD.
Security Plugins still shows alert on security issues with pluign versions <= 10.1 It’s possible to fix this? It’s really annoying if this is fixed, and if still not fixed it’s really dangerous….
Hi.
The issue was solved a while back, I am not sure why it still appears. The files that were causing the issue were completely removed from the plugin.
Tibi – FWD
Hi, all security plugins like wordfence, solid security etc. reports your plugin with: Ultimate Video Player Plugin <= 10.1 – Server Side Request Forgery (SSRF) Vulnerability… Please fix this and update.
Regards
Hi.
This was fixed a while back; probably the database was not updated with the fix.
Tibi – FWD.
Pre-purchase questions
1. Is this plugin only useful for playlists or also for individual videos (I don’t need playlists)? 2. Does it support Cloudflare Stream embed code (of individual videos)? 3. Does it support links generated by Cloudflare Stream, such as https://customer-000000000000sumo.cloudflarestream.com/39b5cab13741320f32ecfc0577c44154/watch ? 4. My WP Foxiz template doesn’t have a video player, but it supports any embed code without any problems. Does this plugin output embed code to embed it in the specific video post field? Thank you
Hi.
1. It can work for single videos, but a playlist is needed. For single videos is best that you use Easy Video Player https://fwdapps.net/p/evp/, it has the same features as UVP but it was specially made for single videos.
2. Yes, but you need to get the video playable URL.
3. Yes, as long as the URL is returning a video, I have clients that are using similar streams.
4. The video is added via shortcode, is cleaner and straightforward, it dose have embed but it needs to be first addedin the page via shortcode.
Tibi – FWD.
ok, thanks, quick and very comprehensive response
Welcome!
Tibi – FWD.
I just upgrade my Php to 8.3 and i see this deprecated warning from your plugin , so could you please update your plugin to fix this issue
Deprecated: Creation of dynamic property FWDUVPData::$videoStartBehaviour is deprecated in public_html/wp-content/plugins/fwduvp/php/FWDUVPData.php on line 44
Hi.
i will take care of this asap.
Tibi – FWD.
Thank you
Welcome.
I will sort it out this weekend.
Tibi – FWD.
How do you fix direct mp4 link doesnt load correctly? I have a video with 9 hours length but it only loads 1 hour..
This is not related to the player but to the browser, I never had a client with videos so long, I will look into this.
Tibi – FWD.
that’s what I thought too, I’ve checked it and it seems the player seems miscatch length of video in real time. (i.e the duration is 15 hours, in progress bar it only displays 1 hour BUT overall duration progress like 01:00:00/15:00:00 plays exactly like the length)
I will look into this but I need a link to the video I don’t have a video with that duration.
Tibi – FWD.
i will give you the cdn link on discord
can you check discord? i have question -myxeria
yo bro how are you lately? hope youre having speedy recov anw i have an urgent problem in pre roll ads section, it doesn’t load the label at all. https://ibb.co/ZRDDGK7Q so I couldn’t update video with an ads in pre/mid/end roll.
Please write me at tibi-diablo@yahoo.com
Tibi – FWD.
alr sent but how about discord bro
your email is full bro just reply my discord
img1: https://ibb.co.com/MyHZBBV8 img2: https://ibb.co.com/s9x47Rcq
I checked Discord as well, and no message. Can you record a video to show me the issue and leave a link here?
Tibi – FWD.
Nah not cool bro you unfriend me out of nowhere, here is the vid (somehow i cant access streamable) https://jumpshare.com/s/NsRGTtJ4A1nOvkTR4Eh1
Please stop calling me bro!!!
I will look into it asap.
Tibi – FWD.
I have checked on my side is all in place. I think it is some other plugin or your theme that is not written correctly and hides the inputs.
I can help you, but I need to have credentials to see what is going on.
Tibi – FWD,
how come i give you creds when i dont even have your discord or your email is full nigga
The issue is on your side, I do not receive the email at tibi_diablo@yahoo.com! About Discord, I told you I do not use it, I don’t like it.
Try this email tibi@fwdapps.net, also be more polite if I am not asking too much!
Tiibi – FWD.
Hey i want to confirm this: are you truly ignorant replying someone with wrong email address or you’re doing it on purpose? your email is tibi_diablo@yahoo.com right? not tibi-diablo@yahoo.com
I apologize, I made a mistake and did not notice it, it is tibi_diablo@yahoo.com
Tibi – FWD.
Hello,
Is there a configuration to remove medium and tiny quality from quality settings? No matter how i switched the quality it always appears like its quality is bad eventhough user already chose 1080p quality.
Hi.
For YouTube?
Tibi – FWD.
yes
imma be honest and direct.. how do you remove this garbage medium/tiny quality settings from options? this quality is like 90s quality
I need to see how you use the player, pleaes leave me your email I will try to write you.
Tibi – FWD.
i can give you sub-admin credentials of my website, can we connect via discord instead? I rarely check email except for workdays
hello, any demo of audio player in woocommerce? does it display waveforms? working both in product and shop page?
Is the player made only for landscape videos, or does it also show vertical ones? Thank you!
hello,
another question.. is there an option or guide to activate play back where visitor left off like youtube? example visitor a watched a 5 mins video but left at mins 3 and then come back while player starts the video not from beginning but from mins 3? I will explain more if you dont understand.
Regards
Hi..
Yes, this is an optional feature included in the player.
Tibi – FWD.
if I may know what’s the name of it in IT terms? Thanks
Resume / remember function
Marks the last play position of the video when the browser is closed and remembers it when you come back to watch the video again.
Tibi – FWD.
Which tab i can activate this feature? Also can you explain more and some use cases for cuepoint except for ads? I have long question after purchasing.. can i have your email or discord?
Please write to me at tibi_diablo@yahoo.com
TIbi – FWD.
okay you will receive email from rent.ewarnet@gmail.com so i dont need to write introduction, proof, etc
also can you answer my question about the tab settings for resume function and cuepoint here?
Yes it is in the Main Settings- Use resume / remember on play:
Tibi – FWD.
(1) is there a way to display single video only without displaying playlist? if there is how to? (2) skip ads button somehow isnt working, is it a bug?
I tried to reach you via email but you dont reply mine
1. Yes you can disable the playlist visually, but the video still needs to be part of a playlist. If you want a single video, you can use Easy Video Player https://fwdapps.net/p/evp
2. I need to see what is going on; the skip button should work.
I did not receive any email, I checked spam as well, try again at tibi_diablo@yahoo.com
Tibi – FWD.
it seems you havent replied to my email, I’ve emailed you thrice with double checking of address but you just dont answer my email. I will ask everything here instead
I am sorry but I did not receive your email, I checked spam as well, leave your email here if you can, I wil write you.
Tibi – FWD.
email me at my given address above
What email address?
Tibi – FWD
duh if you read up i’ve given mine. Alas maybe yahoo blocked it out nowhere, email me at myxeria@ewarnet.com.
(please reply this message to confirm you’ve read this!)
Yes Yahoo is blocking your email…
Can you send from a different email?
Tibi – FWD.
how about discord?
Tyr FWDDesign on discrod, I don’t really use it.
Tibi -
sent by myxeria
Hello,
Is it possible to have chapter timestamp like how a youtube video did with chaptered video so it could be linked like an index/link? if you dont understand I will explain more.
Regards
Hi.
I am sorry no.
Tibi – FWD.
Do you understand what I mean? let’s say there is a review video and minute 1 until 3 is introduction; minute 3 and beyond are content; 3 last minutes are closing statement. in other words, visitor can visit their desired minutes without looking full video.
(I think you already understood this but i just want to make sure)
Thank you
That file was completely removed some time ago, so that warning is false… I have no idea why is still showing that, probably some old cache thing… but the issue was solved and the file with the issuewas completely removed from the plugin.
TIbi – FWD.
Hi Tibi,
Thanks for quick reply and glad to hear the issue is resolved but I think you should contact wordfence team as well and let them know to refresh the status of issue. As said above until wordfence stop showing this as issue on it’s firewall I can’t suggest it.
It’s mentioned in the above vulnerability link
Have information to add, or spot any errors? Contact us at wfi-support@wordfence.com so we can make any appropriate adjustments.
Thank you
Ok… as I said, the issue is fixed, I think you should trust me since I have been doing this for almost 25 years now… I think I know what I’m doing… even so, that risk that they found is not critical… but these tools like to make a big fuss from nothing, after all, this is how they make money…
Tibi – FWD.
Just want to let you know the issue was solved, wrote them and they will remove the issue.
Tibi -FWD.
Hello! I have been using UVP for years and love it! Thanks so for developing it. I want to know how to have the Youtube playlists collapsed upon load. Not the playlist window, just the playlists themselves. I want the user to be able to see what playlist options are there. If one playlist opens by default then the user can’t see the other playlists that are listed and might not know they are there. Thanks so much!
Hi.
I understand, I will think about this, see if I can come up with something…
Tibi – FWD.
Thanks so much, Tibi! I look forward to hearing back from you on this.
I am really busy finishing my own website to sell my work, so this will take some time.
Thank you for understanding.
Tibi – FWD.
Thanks, Tibi. No worries. Would it be a CSS thing that could do it, you think, or is it a deeper code adjustment you would need to make? If CSS, I might be able to figure it out since you’re super busy at the moment…
Is not just about CSS, some code and some brain neurons need to be fired to make this work without breaking the other player functionality.
Tibi – FWD.
Haha, gotcha. Well, no big deal – just whenever you have some spare time to fire some brain neurons, it would be much appreciated!
I will address this asap!
Tibi – FWD.
Thanks so much, Tibi!
Hey again, Tibi! I emailed you with some screenshots, but my web host flagged Ultimate Video plugin as being vulnerable or unsafe just a couple of days ago. Please check your email and let me know what you think the issue may be. Thanks, Tibi!
That issue was fixed a while back…
Tibi – FWD.
Thanks, Tibi! I will go and try and download the latest version and see if that does it. I appreciate your prompt responses as always! Hope the website is coming along well!
Welcome.
Tibi – FWD.
Tibi, sorry to be a bother! It looks like I have version 8.4, and I’m trying to update to the latest version, but after downloading the ZIP installer in My Downloads in Envato, it keeps saying installation failed on Wordpress. Any ideas? Is there a different place where I can download the latest version that has this security issue fixed?
Unzip the main zip file and inside that you will find the installable WordPress file.
Tibi – FWD.
Nevermind! Figured it out. It had been so long that I forgot that I had to get the compressed folder within the compressed folder where the plugin installer actually was. Thanks, Tibi!!!
Appreciate it!
Tibi, after updating to version 10, my hPanel at my web host is still flagging UVP as a security threat. As a second opinion, I just installed Wordfence and did a scan, and same thing. It’s flagged as a high-risk security issue. What do you think?
The file with the risk was completely removed, maybe it has some sort of cache, please send me an email at tibi_diablo@yahoo.com and give me more details…
Tibi – FWD.
I just emailed you the full Wordfence breakdown, but it’s saying Unauthenticated Arbitrary File Download, Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) and that no known patch is available up to and including version 10.
Yeah, I find it weird too that it keeps flagging. I just emailed you the breakdown! Feel free to email me back there. I will look into the cache now. Thanks for the good communication on this!
Fully cleared all site cache and security flag persists unfortunately. It is listed as “critical.”
OK.
I will look into this tomorrow not sure what exactly is causing this, but I am sure it’s not serious…
Tibi – FWD.
Thanks, Tibi! Did you get my email okay? Feel free to email me back there.
Yes got it.
Tibi – FWD.
Hello, I would like to suggest two corrections: 1. Keep the address bar intact, without manipulation when opening the player, the URL looks bad, especially if the video is on the home page. Avoid #/?playlistId=0&videoId=0 2. When pausing the video using the player button, it does not return to the initial hidden state, only if you press the larger video button, which is annoying. Best regards
Hi.
1. That is optional is called deeplinkig it creates unique URL’s for the videos, ti can be disabled in your preset.
2. I will look into it asap.
Tibi – FWD.
Yes! =)
