Custom Plugin Heading is not sanitized so if a user has access to the BRANDING & CUSTOMIZATION page they can change this value to include html that will be displayed to any one on the admin side who goes to the videos manual pages.

The flash for playing videos is loaded from the plugin author’s website. If the author’s website were compromised, this could result in malicious content being loaded on all sites that use this plugin.

The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges: