EsAudioPlayer Security & Risk Analysis
wordpress.org/plugins/esaudioplayerThis is a simple, cross-browser, accessible audio player (MP3 player) plugin.
Is EsAudioPlayer Safe to Use in 2026?
Generally Safe
Score 85/100EsAudioPlayer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "esaudioplayer" v1.7.4 plugin exhibits a mixed security posture. On the positive side, it has a small attack surface, with only one shortcode and no AJAX handlers, REST API routes, or cron events. Furthermore, all SQL queries are properly prepared, and there are no recorded vulnerabilities (CVEs), suggesting a potentially well-maintained and secure plugin in terms of past issues. However, there are significant concerns within the static analysis. The complete lack of output escaping on 100% of the 43 identified output points is a critical weakness, making it highly susceptible to Cross-Site Scripting (XSS) attacks. Additionally, the taint analysis reveals two flows with unsanitized paths, indicating potential injection vulnerabilities, even though they are not classified as critical or high severity in this specific analysis. The absence of nonce checks and capability checks also increases the risk of unauthorized actions if the shortcode or any other entry point were to be exploited. The lack of these fundamental security checks, combined with the unescaped output, presents a considerable risk to users.
Key Concerns
- 0% output escaping on 43 outputs
- Taint flow with unsanitized paths (2 total)
- 0 nonce checks
- 0 capability checks
EsAudioPlayer Security Vulnerabilities
EsAudioPlayer Release Timeline
EsAudioPlayer Code Analysis
Output Escaping
Data Flow Analysis
EsAudioPlayer Attack Surface
Shortcodes 1
WordPress Hooks 8
Maintenance & Trust
EsAudioPlayer Maintenance & Trust
Maintenance Signals
Community Trust
EsAudioPlayer Alternatives
Accessibility Audio TTS – Text To Speech for Articles
accessibility-audio-tts-text-to-speech-for-articles
Accessibility-focused text-to-speech player for articles. Convert posts to high-quality audio
Colbass – a Read-Aloud player (Text to Speech) AI audio player
colbass-read-aloud-player
Enjoy the first month free! No commitment required, cancel anytime. A read-aloud player will be added to every article.
Podcast-Style Text to Speech – Hi, Moose
listen-to-this-article
Text to speech audio player for WordPress with podcast-style audio, visible transcripts, structured data, and read aloud playback.
Readivo – Text to Speech Audio Player
readivo
Convert WordPress posts and pages into audio using a text-to-speech player. Let visitors listen to your articles with the Readivo audio player.
Compact WP Audio Player
compact-wp-audio-player
A Compact WP Audio Player Plugin that is compatible with all major browsers and devices (Android, iPhone, iPad)
EsAudioPlayer Developer Profile
3 plugins · 250 total installs
How We Detect EsAudioPlayer
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/esaudioplayer/esaudioplayer.css/wp-content/plugins/esaudioplayer/js/jquery.jplayer.min.js/wp-content/plugins/esaudioplayer/js/jquery.playlist.min.js/wp-content/plugins/esaudioplayer/js/esaudioplayer.js/wp-content/plugins/esaudioplayer/js/jquery.jplayer.min.js/wp-content/plugins/esaudioplayer/js/jquery.playlist.min.js/wp-content/plugins/esaudioplayer/js/esaudioplayer.jsesaudioplayer/esaudioplayer.css?ver=esaudioplayer/js/jquery.jplayer.min.js?ver=esaudioplayer/js/jquery.playlist.min.js?ver=esaudioplayer/js/esaudioplayer.js?ver=HTML / DOM Fingerprints
jp-audiojp-playlistdata-playlistesaudioplayer_vars[audio_player]