Does Cue by AudioTheme.com have any unpatched vulnerabilities?

No. All known vulnerabilities in Cue by AudioTheme.com have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Cue by AudioTheme.com compatible with WordPress 6.7.5?

According to WordPress.org data, Cue by AudioTheme.com 2.4.5 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Cue by AudioTheme.com compatible with PHP 7.1+?

Cue by AudioTheme.com requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Cue by AudioTheme.com updated?

Cue by AudioTheme.com was last updated on Apr 2, 2025. Frequent updates are generally a positive security signal.

What is Cue by AudioTheme.com's security score?

Cue by AudioTheme.com has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Cue by AudioTheme.com Security & Risk Analysis

wordpress.org/plugins/cue

Delightful and reliable audio playlists.

6K active installs v2.4.5 PHP 7.1+ WP 5.6+ Updated Apr 2, 2025

audiomp3musicplaylisttracks

A · Safe

CVEs total1

Unpatched0

Last CVEApr 1, 2025

Plugin page Download

Safety Verdict

Is Cue by AudioTheme.com Safe to Use in 2026?

Generally Safe

Score 91/100

Cue by AudioTheme.com has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 1, 2025Updated 1yr ago

Risk Assessment

The 'cue' plugin v2.4.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries, showing a high percentage of properly escaped output, and conducting numerous nonce and capability checks. The absence of dangerous functions, file operations, and external HTTP requests is also commendable. Taint analysis reveals no critical or high severity unsanitized flows, indicating a good effort in preventing common injection vulnerabilities.

However, there are significant concerns related to the attack surface. The plugin exposes 8 AJAX handlers, with 2 of them lacking any authentication checks. This presents a direct pathway for unauthenticated users to interact with potentially sensitive functionalities, which is a common vector for privilege escalation or data manipulation. While the vulnerability history shows only one medium severity CVE in the past, and it is currently patched, the pattern of a 'Missing Authorization' vulnerability type is a red flag. This suggests a recurring theme of authorization weaknesses that, when combined with unprotected entry points, can be exploited.

In conclusion, while the plugin has strengths in secure coding practices like prepared statements and output escaping, the unprotected AJAX endpoints are a critical weakness that overshadows these strengths. The historical trend of authorization issues further amplifies this risk. Developers should prioritize implementing robust authorization checks on all AJAX handlers to mitigate the identified security risks.

Key Concerns

Unprotected AJAX handlers present an attack surface
Historical medium vulnerability of Missing Authorization

Vulnerabilities

Cue by AudioTheme.com Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-31787medium · 4.3Missing Authorization

Cue <= 2.4.4 - Missing Authorization

Apr 1, 2025 Patched in 2.4.5 (8d)

Code Analysis

Analyzed Mar 16, 2026

Cue by AudioTheme.com Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

120 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

91% escaped132 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

parse_shortcode (php\Provider\AJAX.php:124)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Cue by AudioTheme.com Attack Surface

Entry Points10

Unprotected2

AJAX Handlers 8

authwp_ajax_cue_get_playlistsphp\Provider\AJAX.php:24

authwp_ajax_cue_get_playlist_tracksphp\Provider\AJAX.php:25

authwp_ajax_cue_save_playlist_tracksphp\Provider\AJAX.php:26

authwp_ajax_cue_parse_shortcodephp\Provider\AJAX.php:27

authwp_ajax_cue_get_playliststrunk\php\Provider\AJAX.php:24

authwp_ajax_cue_get_playlist_trackstrunk\php\Provider\AJAX.php:25

authwp_ajax_cue_save_playlist_trackstrunk\php\Provider\AJAX.php:26

authwp_ajax_cue_parse_shortcodetrunk\php\Provider\AJAX.php:27

Shortcodes 2

[cue] php\Provider\Shortcode.php:24

[cue] trunk\php\Provider\Shortcode.php:24

WordPress Hooks 58

actionplugins_loadedcue.php:99

filterwidget_types_to_hide_from_legacy_widget_blockphp\Admin.php:25

actionwp_enqueue_mediaphp\Admin.php:26

actionadmin_headphp\Admin.php:27

actionadmin_footerphp\Admin.php:28

filterwp_prepare_attachment_for_jsphp\Admin.php:29

filterwp_prepare_attachment_for_jsphp\Admin.php:30

actionwidgets_initphp\Plugin.php:24

actioncue_after_playlistphp\Plugin.php:25

filtercue_playlist_tracksphp\Plugin.php:26

actioninitphp\PostType\Playlist.php:33

filterpost_updated_messagesphp\PostType\Playlist.php:34

actionadmin_enqueue_scriptsphp\Provider\AdminAssets.php:43

actioninitphp\Provider\Assets.php:44

actioncustomize_registerphp\Provider\Customize.php:24

actioncustomize_controls_print_footer_scriptsphp\Provider\Customize.php:25

actioninitphp\Provider\Editor.php:24

actionenqueue_block_editor_assetsphp\Provider\Editor.php:25

actionplugins_loadedphp\Provider\I18n.php:29

filtershortcode_atts_audiophp\Provider\Media.php:24

filterwp_audio_shortcodephp\Provider\Media.php:25

actionload-post.phpphp\Screen\EditPlaylist.php:24

actionload-post-new.phpphp\Screen\EditPlaylist.php:25

actionadd_meta_boxes_cue_playlistphp\Screen\EditPlaylist.php:26

actionsave_post_cue_playlistphp\Screen\EditPlaylist.php:27

actionadmin_enqueue_scriptsphp\Screen\EditPlaylist.php:40

actionadmin_noticesphp\Screen\EditPlaylist.php:41

actionedit_form_after_titlephp\Screen\EditPlaylist.php:42

actionadmin_footerphp\Screen\EditPlaylist.php:43

actionplugins_loadedtrunk\cue.php:99

filterwidget_types_to_hide_from_legacy_widget_blocktrunk\php\Admin.php:25

actionwp_enqueue_mediatrunk\php\Admin.php:26

actionadmin_headtrunk\php\Admin.php:27

actionadmin_footertrunk\php\Admin.php:28

filterwp_prepare_attachment_for_jstrunk\php\Admin.php:29

filterwp_prepare_attachment_for_jstrunk\php\Admin.php:30

actionwidgets_inittrunk\php\Plugin.php:24

actioncue_after_playlisttrunk\php\Plugin.php:25

filtercue_playlist_trackstrunk\php\Plugin.php:26

actioninittrunk\php\PostType\Playlist.php:33

filterpost_updated_messagestrunk\php\PostType\Playlist.php:34

actionadmin_enqueue_scriptstrunk\php\Provider\AdminAssets.php:43

actioninittrunk\php\Provider\Assets.php:44

actioncustomize_registertrunk\php\Provider\Customize.php:24

actioncustomize_controls_print_footer_scriptstrunk\php\Provider\Customize.php:25

actioninittrunk\php\Provider\Editor.php:24

actionenqueue_block_editor_assetstrunk\php\Provider\Editor.php:25

actionplugins_loadedtrunk\php\Provider\I18n.php:29

filtershortcode_atts_audiotrunk\php\Provider\Media.php:24

filterwp_audio_shortcodetrunk\php\Provider\Media.php:25

actionload-post.phptrunk\php\Screen\EditPlaylist.php:24

actionload-post-new.phptrunk\php\Screen\EditPlaylist.php:25

actionadd_meta_boxes_cue_playlisttrunk\php\Screen\EditPlaylist.php:26

actionsave_post_cue_playlisttrunk\php\Screen\EditPlaylist.php:27

actionadmin_enqueue_scriptstrunk\php\Screen\EditPlaylist.php:40

actionadmin_noticestrunk\php\Screen\EditPlaylist.php:41

actionedit_form_after_titletrunk\php\Screen\EditPlaylist.php:42

actionadmin_footertrunk\php\Screen\EditPlaylist.php:43

Maintenance & Trust

Cue by AudioTheme.com Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedApr 2, 2025

PHP min version7.1

Downloads163K

Community Trust

Rating94/100

Number of ratings36

Active installs6K

Alternatives

Cue by AudioTheme.com Alternatives

Audio Album

audio-album

Displays a collection of audio tracks as an audio album using the native WordPress audio features. Includes a customizer section.

4K 1 CVE

MP3 VPlayer

mp3-vplayer

100

A sleek, Amazon Music-inspired MP3 player with playlist support for any taxonomy.

10 No CVEs

MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

mp3-music-player-by-sonaar

The most advanced Audio Player for Music & Podcast. For Elementor, Gutenberg, WooCommerce and more. Add unlimited players to any pages!

20K 13 CVEs

Music Player for Elementor – Audio Player & Podcast Player

music-player-for-elementor

Audio Player for Elementor – the go-to plugin for adding MP3s, podcasts & playlists. Fully customizable, WooCommerce-ready, and mobile-friendly.

10K 2 CVEs

mb.miniAudioPlayer – an HTML5 audio player for your mp3 files

wp-miniaudioplayer

Transform your mp3 audio files into a nice, small light HTML5 player.

4K 1 unpatched

Developer Profile

Cue by AudioTheme.com Developer Profile

AudioTheme

1 plugin · 6K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect Cue by AudioTheme.com

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cue/admin/assets/css/wp-media.min.css/wp-content/plugins/cue/admin/assets/js/mce-view.js/wp-content/plugins/cue/admin/assets/js/wp-media.bundle.js/wp-content/plugins/cue/build/css/cue.css/wp-content/plugins/cue/build/js/cue.js

Script Paths

/wp-content/plugins/cue/admin/assets/js/mce-view.js/wp-content/plugins/cue/admin/assets/js/wp-media.bundle.js/wp-content/plugins/cue/build/js/cue.js

Version Parameters

cue/style.css?ver=cue-media?ver=cue-mce-view?ver=cue.js?ver=

HTML / DOM Fingerprints

CSS Classes

cue-playlist

HTML Comments

Data Attributes

data-cue-playlist

JS Globals

_cueMceView_cueMediaSettings

Shortcode Output

[cue player=[cue playlist=[cue title=[cue display=

FAQ