Disco Free by Headliner Security & Risk Analysis
wordpress.org/plugins/headliner-disco-freeThis plugin installs and configures the Disco Free podcast recommendation widget which is built to help turn your readers into listeners.
Is Disco Free by Headliner Safe to Use in 2026?
Generally Safe
Score 92/100Disco Free by Headliner has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'headliner-disco-free' plugin version 1.3.1 demonstrates a generally good security posture based on the static analysis. The absence of dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), and file operations is a significant strength. Furthermore, the lack of known CVEs and a clean vulnerability history suggests a proactive approach to security by the developers. The plugin also has a very small attack surface with only one shortcode and no unprotected entry points identified.
However, there are some areas for improvement. The low percentage of properly escaped output (30%) indicates a potential risk for cross-site scripting (XSS) vulnerabilities, especially if user-supplied data is being displayed without sufficient sanitization. While the external HTTP request is a single instance, its context and lack of specific security checks are not detailed, which could be a minor concern. The complete absence of nonce checks and capability checks across all entry points is a notable weakness. This means that actions performed by the shortcode are not protected against CSRF attacks and could potentially be executed by any logged-in user, regardless of their permissions.
In conclusion, while the plugin benefits from a clean vulnerability history and secure database practices, the identified issues with output escaping and the lack of authentication/authorization checks on its single entry point warrant attention. The developers should prioritize addressing these concerns to further harden the plugin's security.
Key Concerns
- Low output escaping percentage
- No nonce checks
- No capability checks
Disco Free by Headliner Security Vulnerabilities
Disco Free by Headliner Code Analysis
Output Escaping
Disco Free by Headliner Attack Surface
Shortcodes 1
WordPress Hooks 5
Maintenance & Trust
Disco Free by Headliner Maintenance & Trust
Maintenance Signals
Community Trust
Disco Free by Headliner Alternatives
Podcast Searcher by Clarify
podcast-searcher-by-clarify
The Clarify plugin allows you to make any audio or video embedded in your posts, pages, etc searchable via the standard WordPress search box.
Podcastify
podcastify
Podcastify helps to host and display Series and Episode on WordPress. And further it generates the feed url to show Podcasts on Popular Podcasting pla …
Podcast Player – Your Podcasting Companion
podcast-player
Showcase your podcast only using podcasting feed url. Use widget, shortcode or editor block to display podcast player anywhere on your site.
Podlove Podcast Publisher
podlove-podcasting-plugin-for-wordpress
The one and only next generation podcast publishing system. Seriously. It's magical and sparkles a lot.
Libsyn Podcast Quick Embed
quick-embed-libsyn-podcast
This plugin adds a button in your editor to add a Libsyn Podcast Embed Player in your post or page.
Disco Free by Headliner Developer Profile
1 plugin · 30 total installs
How We Detect Disco Free by Headliner
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/headliner-disco-free/headliner_settings/render_filter.jshttps://disco.headliner.link/d/web/js/widget.jsHTML / DOM Fingerprints
disco-widgetdata-widget-id/api/v1/publisher/widget-check[headliner_widget]