Does DownloadMusic have any unpatched vulnerabilities?

No. All known vulnerabilities in DownloadMusic have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is DownloadMusic compatible with WordPress 2.5?

According to WordPress.org data, DownloadMusic 0.1 has been tested up to WordPress 2.5. Check the plugin's changelog for the latest compatibility information.

How often is DownloadMusic updated?

DownloadMusic was last updated on May 2, 2008. Frequent updates are generally a positive security signal.

What is DownloadMusic's security score?

DownloadMusic has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DownloadMusic Security & Risk Analysis

wordpress.org/plugins/download-music

Plugin to list all audio files uploaded to a blog, and let users download them in a zip file.

10 active installs v0.1 PHP + WP 2.5+ Updated May 2, 2008

downloadsmusic

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is DownloadMusic Safe to Use in 2026?

Generally Safe

Score 85/100

DownloadMusic has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 17yr ago

Risk Assessment

The "download-music" plugin version 0.1 exhibits several concerning security practices despite having no recorded CVEs or a large attack surface. The static analysis reveals that 0% of its outputs are properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. While the plugin has no AJAX handlers, REST API routes, shortcodes, or cron events that are directly exposed without authentication, the lack of any capability checks or nonce checks means that if any entry points were to be introduced or discovered, they would likely be unprotected. The taint analysis identified two high-severity flows with unsanitized paths, suggesting potential for directory traversal or other path manipulation attacks, especially given the significant number of file operations (71).

The absence of any recorded vulnerabilities in its history might suggest it's a less scrutinized or older plugin, or it has simply been fortunate. However, the code signals strongly indicate a lack of fundamental security implementations. The raw SQL queries and especially the complete absence of nonce and capability checks are significant weaknesses. The presence of unsanitized paths in taint flows, coupled with a lack of output escaping and authorization checks, paints a picture of a plugin that is not built with security as a primary consideration.

Key Concerns

High severity unsanitized taint flows
High severity unsanitized taint flows
0% output escaping
Raw SQL queries without prepare
Raw SQL queries without prepare
No nonce checks
No capability checks

Vulnerabilities

None known

DownloadMusic Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

DownloadMusic Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

33% prepared3 total queries

Output Escaping

0% escaped7 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

output_main_admin_page (download_music.php:257)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

DownloadMusic Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

filterthe_contentdownload_music.php:170

actionwp_headdownload_music.php:172

Maintenance & Trust

DownloadMusic Maintenance & Trust

Maintenance Signals

WordPress version tested2.5

Last updatedMay 2, 2008

PHP min version

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

DownloadMusic Alternatives

Music Player for Easy Digital Downloads

music-player-for-easy-digital-downloads

100

Music Player for Easy Digital Downloads includes the MediaElement.js music player in the pages of the downloads with audio files associated.

200 No CVEs

Music Seller

music-seller

This plugin will allow you to sell music in various formats like mp3, ogg and etc.

10 No CVEs

MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

mp3-music-player-by-sonaar

The most advanced Audio Player for Music & Podcast. For Elementor, Gutenberg, WooCommerce and more. Add unlimited players to any pages!

20K 13 CVEs

Simple Download Monitor

simple-download-monitor

Easily manage downloadable files and monitor downloads of your digital files from your WordPress site.

20K 17 CVEs

Music Player for Elementor – Audio Player & Podcast Player

music-player-for-elementor

Audio Player for Elementor – the go-to plugin for adding MP3s, podcasts & playlists. Fully customizable, WooCommerce-ready, and mobile-friendly.

10K 2 CVEs

Developer Profile

DownloadMusic Developer Profile

seanhagen

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect DownloadMusic

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes

name="songs[]"

Shortcode Output

<p><span style="font-size: 10pt; font-style: italic;">Tip: Use the checkboxes to download multiple songs in a single zip file!</span></p>

<form action="" method="post" name="downloadSongs" style="text-align: left;"><p><input type="checkbox" name="songs[]" value="

FAQ