HTML5 Lyrics Karaoke Player Security & Risk Analysis
wordpress.org/plugins/html5-lyrics-karaoke-playerHTML5 Lyrics Karaoke Player Plugin enable wordpress users to sing and play song text lyrics. Free Features Supports MP3 formats Supports Text Song …
Is HTML5 Lyrics Karaoke Player Safe to Use in 2026?
High Risk
Score 43/100HTML5 Lyrics Karaoke Player carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.
The "html5-lyrics-karaoke-player" plugin v2.4 exhibits a mixed security posture. While it demonstrates good practices in its use of prepared statements for SQL queries and a relatively small attack surface, significant concerns arise from its output escaping and vulnerability history. The static analysis revealed that 100% of outputs are not properly escaped, which is a critical flaw that can lead to cross-site scripting (XSS) vulnerabilities. Furthermore, the taint analysis indicates 4 high-severity flows with unsanitized paths, strongly suggesting potential for sensitive data compromise or execution of malicious code. The plugin's history of 2 known medium-severity CVEs, both currently unpatched and primarily related to XSS, reinforces these concerns. The fact that the last vulnerability was very recent (November 2024) suggests a recurring pattern of security weaknesses. While the plugin avoids dangerous functions and external HTTP requests, the lack of proper output escaping and the presence of high-severity taint flows, coupled with unpatched past vulnerabilities, place it at a considerable risk.
Key Concerns
- Unpatched CVEs
- High severity taint flows
- No output escaping
- No nonce checks
- No capability checks
HTML5 Lyrics Karaoke Player Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
HTML5 Lyrics Karaoke Player <= 2.4 - Reflected Cross-Site Scripting
HTML5 Lyrics Karaoke Player <= 2.4 - Cross-Site Scripting
HTML5 Lyrics Karaoke Player Release Timeline
HTML5 Lyrics Karaoke Player Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
HTML5 Lyrics Karaoke Player Attack Surface
Shortcodes 1
WordPress Hooks 3
Maintenance & Trust
HTML5 Lyrics Karaoke Player Maintenance & Trust
Maintenance Signals
Community Trust
HTML5 Lyrics Karaoke Player Alternatives
Easy Video Player
easy-video-player
Easy Video Player is a WordPress video player that allows you to add videos to your WordPress site.
FV Flowplayer Video Player
fv-wordpress-flowplayer
WordPress's most reliable, easy to use and feature-rich video player. Supports responsive design, HTML5, playlists, ads, stats, Vimeo and YouTube.
HTML5 Video Player – Embed and Play Videos in Custom Player
html5-video-player
HTML5 Video Player Plugin lets you embed responsive videos in WordPress. It’s easy to use, fast, and supports MP4, WebM, OGG, FLV, Youtube and Vimeo.
AudioIgniter Music Player
audioigniter
AudioIgniter lets you create music playlists and embed them in your WordPress posts, pages or custom post types and serve your audio content in style!
Videojs HTML5 Player
videojs-html5-player
Embed video file beautifully in WordPress using Video.js HTML5 Player. Embed HTML5 compatible responsive video in your post/page with Video.js.
HTML5 Lyrics Karaoke Player Developer Profile
10 plugins · 1K total installs
How We Detect HTML5 Lyrics Karaoke Player
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/html5-lyrics-karaoke-player/html5lyrics/css/ui.tabs.css/wp-content/plugins/html5-lyrics-karaoke-player/html5lyrics/js/ui.tabs.js/wp-content/plugins/html5-lyrics-karaoke-player/html5lyrics/js/jscolor.js/wp-content/plugins/html5-lyrics-karaoke-player/html5lyrics/js/core.jsHTML / DOM Fingerprints
data-iddata-widthdata-heightdata-fcolordata-bcolordata-tcolor1+6 moreplayerInstance[html5lyrics