WP-Safety

Audio Player with Playlist Ultimate Security & Risk Analysis

wordpress.org/plugins/audio-player-with-playlist-ultimate

Audio Player with Playlist Ultimate is a Music/Audio Player with Playlist and options like shuffle, repeat, volume control, progress-bar, song info.

600 active installs v1.3.3 PHP + WP 4.0+ Updated Feb 19, 2026
album-artaudio-player-with-playlistmultiple-playermusic-playerrepeat-single-player
100
A · Safe
CVEs total1
Unpatched0
Last CVEJul 20, 2023
Plugin page Download
Safety Verdict

Is Audio Player with Playlist Ultimate Safe to Use in 2026?

Generally Safe

Score 100/100

Audio Player with Playlist Ultimate has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 20, 2023Updated 1mo ago
Risk Assessment

The "audio-player-with-playlist-ultimate" plugin version 1.3.3 exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, SQL injection vulnerabilities, file operations, and external HTTP requests is commendable. The plugin also demonstrates good practices by utilizing prepared statements for all SQL queries and showing a high percentage of properly escaped output. The presence of nonce and capability checks on its entry points further strengthens its defense against common WordPress attacks.

However, the plugin's vulnerability history raises a flag. With one known CVE, specifically a Cross-site Scripting (XSS) vulnerability recorded in July 2023, it indicates that the plugin has had exploitable flaws in the past. While this specific vulnerability is noted as currently unpatched, the fact that it's a medium severity XSS suggests a potential for attackers to inject malicious scripts if the flaw were to reappear or if this version is still susceptible.

In conclusion, the plugin has strong defensive coding practices in place for this version, with a minimal attack surface and good input/output handling. The primary weakness lies in its historical vulnerability pattern, which necessitates vigilance for potential future or unaddressed issues. While current analysis shows no immediate critical threats, the past XSS vulnerability warrants attention and a proactive approach to ensuring it remains patched and secure.

Key Concerns

  • Vulnerability history: 1 known CVE (Medium XSS)
Vulnerabilities
1

Audio Player with Playlist Ultimate Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-38516medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Audio Player with Playlist Ultimate <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 20, 2023 Patched in 1.3 (187d)
Code Analysis
Analyzed Mar 16, 2026

Audio Player with Playlist Ultimate Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
74 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

91% escaped81 total outputs
Attack Surface

Audio Player with Playlist Ultimate Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[apwp_player_grid] includes\shortcode\apwpultimate-grid-shortcode.php:116
[apwp_player] includes\shortcode\apwpultimate-shortcode.php:119
WordPress Hooks 16
actionplugins_loadedaudio-player-with-playlist-ultimate.php:84
actionupdate_option_active_pluginsaudio-player-with-playlist-ultimate.php:140
actionadmin_noticesaudio-player-with-playlist-ultimate.php:204
actionadd_meta_boxesincludes\admin\class-apwpultimate-admin.php:20
actionsave_postincludes\admin\class-apwpultimate-admin.php:23
actionadmin_menuincludes\admin\class-apwpultimate-admin.php:26
actionadmin_initincludes\admin\class-apwpultimate-admin.php:29
filterpost_row_actionsincludes\admin\class-apwpultimate-admin.php:35
actioninitincludes\apwpultimate-post-types.php:55
actioninitincludes\apwpultimate-post-types.php:94
filterpost_updated_messagesincludes\apwpultimate-post-types.php:123
actionwp_enqueue_scriptsincludes\class-apwpultimate-script.php:19
actionwp_enqueue_scriptsincludes\class-apwpultimate-script.php:22
actionadmin_enqueue_scriptsincludes\class-apwpultimate-script.php:25
actionadmin_enqueue_scriptsincludes\class-apwpultimate-script.php:28
actionwp_headincludes\class-apwpultimate-script.php:31
Maintenance & Trust

Audio Player with Playlist Ultimate Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 19, 2026
PHP min version
Downloads34K

Community Trust

Rating64/100
Number of ratings12
Active installs600
Alternatives

Audio Player with Playlist Ultimate Alternatives

MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

mp3-music-player-by-sonaar

A
92

The most advanced Audio Player for Music & Podcast. For Elementor, Gutenberg, WooCommerce and more. Add unlimited players to any pages!

20K 13 CVEs
Music Player for Elementor – Audio Player & Podcast Player

Music Player for Elementor – Audio Player & Podcast Player

music-player-for-elementor

A
98

Audio Player for Elementor – the go-to plugin for adding MP3s, podcasts & playlists. Fully customizable, WooCommerce-ready, and mobile-friendly.

10K 2 CVEs
CP Media Player – Audio Player and Video Player

CP Media Player – Audio Player and Video Player

audio-and-video-player

A
100

CP Media Player - Audio and Video Player supported by major browsers, such as IE, Firefox, Opera, Safari, Chrome, and mobile devices: iPhone, iPad, An &hellip;

3K 1 CVE
Player for SoundCloud – Embed and Play Audio Tracks

Player for SoundCloud – Embed and Play Audio Tracks

embed-soundcloud-block

A
100

SoundCloud is the new music network on the block that allows users to create, record and share sounds and music with family, friends and the world.

1K No CVEs
HTML5 jQuery Audio Player

HTML5 jQuery Audio Player

html5-jquery-audio-player

C
64

Finally, a trendy looking audio player plugin. Works on all modern browsers including iPhone/iPad.

1K 1 unpatched
Developer Profile

Audio Player with Playlist Ultimate Developer Profile

Essential Plugin

33 plugins · 205K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
219 days
View full developer profile
Detection Fingerprints

How We Detect Audio Player with Playlist Ultimate

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/audio-player-with-playlist-ultimate/assets/css/apwp-ultimate.css/wp-content/plugins/audio-player-with-playlist-ultimate/assets/js/apwp-ultimate.js/wp-content/plugins/audio-player-with-playlist-ultimate/assets/js/apwp-ultimate.min.js
Script Paths
/wp-content/plugins/audio-player-with-playlist-ultimate/assets/js/apwp-ultimate.js/wp-content/plugins/audio-player-with-playlist-ultimate/assets/js/apwp-ultimate.min.js
Version Parameters
/wp-content/plugins/audio-player-with-playlist-ultimate/assets/css/apwp-ultimate.css?ver=/wp-content/plugins/audio-player-with-playlist-ultimate/assets/js/apwp-ultimate.js?ver=

HTML / DOM Fingerprints

CSS Classes
apwp-ultimate-playlist
JS Globals
apwp_ultimate_object
Shortcode Output
[apwp-ultimate-playlist[apwp-ultimate-grid
FAQ

Frequently Asked Questions about Audio Player with Playlist Ultimate