Compact WP Audio Player Security & Risk Analysis
wordpress.org/plugins/compact-wp-audio-playerA Compact WP Audio Player Plugin that is compatible with all major browsers and devices (Android, iPhone, iPad)
Is Compact WP Audio Player Safe to Use in 2026?
Generally Safe
Score 97/100Compact WP Audio Player has a strong security track record. Known vulnerabilities have been patched promptly.
The 'compact-wp-audio-player' plugin v1.9.15 presents a mixed security posture. Static analysis reveals a generally good implementation of secure coding practices, with 100% of SQL queries using prepared statements and a high percentage of output being properly escaped. The limited attack surface of two shortcodes, with no apparent direct vulnerabilities found in the static analysis for AJAX or REST API, is also a positive sign. However, the plugin's vulnerability history is a significant concern. With a total of 6 known CVEs, all categorized as medium severity and primarily involving SSRF, CSRF, and XSS, this indicates a recurring pattern of exploitable weaknesses. The fact that these are all currently unpatched, despite the latest vulnerability being dated in the future (2025-01-03), is highly problematic and suggests a lack of ongoing maintenance or a potential data anomaly regarding the patch status.
Key Concerns
- Significant vulnerability history (6 CVEs)
- Vulnerabilities of common types (SSRF, CSRF, XSS)
- All known CVEs currently unpatched
- External HTTP requests detected
- Capability checks missing
Compact WP Audio Player Security Vulnerabilities
CVEs by Year
Severity Breakdown
6 total CVEs
Compact WP Audio Player <= 1.9.14 - Authenticated (Contributor+) Server-Side Request Forgery
Compact WP Audio Player <= 1.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_embed_player Shortcode
Compact WP Audio Player <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fileurl
Compact WP Audio Player <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Compact WP Audio Player <= 1.9.6 - Setting Change via Cross-Site Request Forgery
Compact WP Audio Player <= 1.9.6 - Contributor+ Stored Cross-Site Scripting
Compact WP Audio Player Code Analysis
Output Escaping
Compact WP Audio Player Attack Surface
Shortcodes 2
WordPress Hooks 6
Maintenance & Trust
Compact WP Audio Player Maintenance & Trust
Maintenance Signals
Community Trust
Compact WP Audio Player Alternatives
KNR Player
knr-player
Create awesome audio player that is compatible with all major browsers and devices (Android, iPhone, iPad)
Lean Player – Video and Audio Player for WordPress, Elementor, Block Editor and Classic Editor
az-video-and-audio-player-addon-for-elementor
WordPress Video Player & Audio Player plugin - simple, lightweight and customizable HTML5, YouTube, Vimeo & mp3 media player that supports all devices
zbPlayer
zbplayer
zbPlayer is a small and very easy plugin. It does one thing: capture mp3 links and insert a small flash player instead.
DJ Player
dj-player
Fully responsive music player with tracklist.
AutoCraft Player
autocraft-player
AutoCraft Player: The Ultimate Customizable Audio & Video Experience for WordPress
Compact WP Audio Player Developer Profile
15 plugins · 210K total installs
How We Detect Compact WP Audio Player
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/compact-wp-audio-player/css/flashblock.css/wp-content/plugins/compact-wp-audio-player/css/player.css/wp-content/plugins/compact-wp-audio-player/js/soundmanager2-nodebug-jsmin.js/wp-content/plugins/compact-wp-audio-player/js/soundmanager2-nodebug-jsmin.jscompact-wp-audio-player/style.css?ver=compact-wp-audio-player/script.js?ver=HTML / DOM Fingerprints
<!-- WP Audio player plugin v1.9.15 - https://www.tipsandtricks-hq.com/wordpress-audio-music-player-plugin-4556/ -->id="btnplay_"id="btnstop_"soundManagerplay_mp3show_hideloopSoundstop_all_tracks[sc_embed_player fileurl=