Does Musician's Pack for Elementor – Music Website Widgets & Templates have any unpatched vulnerabilities?

Yes — Musician's Pack for Elementor – Music Website Widgets & Templates currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Musician's Pack for Elementor – Music Website Widgets & Templates compatible with WordPress 6.9.4?

According to WordPress.org data, Musician's Pack for Elementor – Music Website Widgets & Templates 1.8.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Musician's Pack for Elementor – Music Website Widgets & Templates Security & Risk Analysis

wordpress.org/plugins/music-pack-for-elementor

Create stunning music websites with Musician's Pack for Elementor! Powerful widgets & ready-made templates for musicians, bands, DJs, and producers.

400 active installs v1.8.7 PHP 7.0+ WP 5.1+ Updated Dec 1, 2025

artistelementor-templateselementor-widgetseventsmusician

B · Generally Safe

CVEs total1

Unpatched1

Last CVEApr 4, 2025

Plugin page Download

Safety Verdict

Is Musician's Pack for Elementor – Music Website Widgets & Templates Safe to Use in 2026?

Mostly Safe

Score 78/100

Musician's Pack for Elementor – Music Website Widgets & Templates is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Apr 4, 2025Updated 4mo ago

Risk Assessment

The "music-pack-for-elementor" plugin version 1.8.7 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and having a high percentage of properly escaped output. The absence of critical or high severity taint flows is also a good indicator. However, the presence of one unpatched medium severity vulnerability from April 2025, identified as Cross-Site Scripting, is a significant concern that requires immediate attention.

The static analysis reveals an attack surface with 9 AJAX handlers, and critically, one of these lacks authentication checks. While the number of total entry points is not excessively high, this single unprotected handler presents a direct and exploitable avenue for attackers. The plugin also bundles Freemius v1.0, which could potentially be outdated and introduce risks if it contains known vulnerabilities. The history of a past XSS vulnerability, even if patched, suggests a tendency for such issues to arise within the plugin.

In conclusion, while the plugin has strengths in its secure database interaction and output handling, the unpatched vulnerability and the unprotected AJAX handler are critical weaknesses. Addressing these issues should be the highest priority to mitigate the risks of cross-site scripting attacks and unauthorized actions on the site.

Key Concerns

Unpatched CVE
AJAX handler without auth check
Bundled outdated library (Freemius v1.0)

Vulnerabilities

Musician's Pack for Elementor – Music Website Widgets & Templates Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-32190medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Musician's Pack for Elementor <= 1.8.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 4, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Musician's Pack for Elementor – Music Website Widgets & Templates Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

200

907 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

Output Escaping

82% escaped1107 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

import_mpack_template (classes\core\load-music-pack-for-elementor.php:129)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Musician's Pack for Elementor – Music Website Widgets & Templates Attack Surface

Entry Points9

Unprotected1

AJAX Handlers 9

authwp_ajax_mpack_import_templateclasses\core\load-music-pack-for-elementor.php:37

authwp_ajax_mpack_generate_dummy_dataclasses\core\load-music-pack-for-elementor.php:38

authwp_ajax_mpack_prevent_dummy_import_noticeclasses\core\load-music-pack-for-elementor.php:39

authwp_ajax_swpmcform_actionclasses\core\mp-ajax-handler.php:9

noprivwp_ajax_swpmcform_actionclasses\core\mp-ajax-handler.php:10

authwp_ajax_swpcontactform_actionclasses\core\mp-ajax-handler.php:12

noprivwp_ajax_swpcontactform_actionclasses\core\mp-ajax-handler.php:13

authwp_ajax_mp_update_audio_listclasses\custom-posts\mp-music-album.php:17

authwp_ajax_mp_update_gallery_previewclasses\custom-posts\mp-photo-album.php:16

WordPress Hooks 57

actionelementor/controls/controls_registeredclasses\core\load-elementor-widgets.php:238

actionelementor/frontend/after_register_scriptsclasses\core\load-elementor-widgets.php:241

actionelementor/editor/before_enqueue_scriptsclasses\core\load-elementor-widgets.php:244

actionelementor/widgets/registerclasses\core\load-elementor-widgets.php:247

actionelementor/elements/categories_registeredclasses\core\load-elementor-widgets.php:250

actionelementor/initclasses\core\load-elementor-widgets.php:261

actioninitclasses\core\load-music-pack-for-elementor.php:24

actionadmin_enqueue_scriptsclasses\core\load-music-pack-for-elementor.php:25

actionwp_enqueue_scriptsclasses\core\load-music-pack-for-elementor.php:26

actionactivated_pluginclasses\core\load-music-pack-for-elementor.php:27

actionadmin_noticesclasses\core\load-music-pack-for-elementor.php:35

filtersingle_templateclasses\core\load-music-pack-for-elementor.php:41

actionplugins_loadedclasses\core\mpack-check-elementor.php:50

actionadmin_noticesclasses\core\mpack-check-elementor.php:69

actionadmin_noticesclasses\core\mpack-check-elementor.php:75

actionadmin_noticesclasses\core\mpack-check-elementor.php:81

filterpost_row_actionsclasses\core\mpack-duplicate-post.php:7

actionadmin_action_mpack_duplicate_post_as_draftclasses\core\mpack-duplicate-post.php:8

actionadmin_menuclasses\core\mpack-menu-pages.php:37

actionadmin_initclasses\core\mpack-menu-pages.php:38

actionadmin_initclasses\core\mpack-menu-pages.php:39

actionadmin_initclasses\core\mpack-menu-pages.php:40

actionadd_meta_boxesclasses\custom-meta\mp-custom-meta.php:7

actionsave_postclasses\custom-meta\mp-custom-meta.php:8

actioninitclasses\custom-posts\mp-artist.php:7

actionadmin_initclasses\custom-posts\mp-artist.php:8

actionsave_postclasses\custom-posts\mp-artist.php:9

filtermanage_edit-js_artist_columnsclasses\custom-posts\mp-artist.php:11

actioninitclasses\custom-posts\mp-artist.php:12

actioninitclasses\custom-posts\mp-event.php:7

actionadmin_initclasses\custom-posts\mp-event.php:8

actionsave_postclasses\custom-posts\mp-event.php:9

filtermanage_edit-js_events_columnsclasses\custom-posts\mp-event.php:11

actionmanage_js_events_posts_custom_columnclasses\custom-posts\mp-event.php:12

filtermanage_edit-js_events_sortable_columnsclasses\custom-posts\mp-event.php:13

filterrequestclasses\custom-posts\mp-event.php:14

actioninitclasses\custom-posts\mp-event.php:16

actioninitclasses\custom-posts\mp-music-album.php:7

actionadmin_initclasses\custom-posts\mp-music-album.php:8

actionsave_postclasses\custom-posts\mp-music-album.php:9

filtermanage_edit-js_albums_columnsclasses\custom-posts\mp-music-album.php:10

actionmanage_js_albums_posts_custom_columnclasses\custom-posts\mp-music-album.php:11

filtermanage_edit-js_albums_sortable_columnsclasses\custom-posts\mp-music-album.php:12

actioninitclasses\custom-posts\mp-music-album.php:14

actioninitclasses\custom-posts\mp-photo-album.php:7

actionadmin_initclasses\custom-posts\mp-photo-album.php:8

actionsave_postclasses\custom-posts\mp-photo-album.php:9

filtermanage_edit-js_photo_albums_columnsclasses\custom-posts\mp-photo-album.php:11

filtermanage_edit-js_photo_albums_sortable_columnsclasses\custom-posts\mp-photo-album.php:12

actioninitclasses\custom-posts\mp-photo-album.php:14

actioninitclasses\custom-posts\mp-video.php:7

actionadmin_initclasses\custom-posts\mp-video.php:8

actionsave_postclasses\custom-posts\mp-video.php:9

filtermanage_edit-js_videos_columnsclasses\custom-posts\mp-video.php:11

actionmanage_js_videos_posts_custom_columnclasses\custom-posts\mp-video.php:12

filtermanage_edit-js_videos_sortable_columnsclasses\custom-posts\mp-video.php:13

actioninitclasses\custom-posts\mp-video.php:15

Maintenance & Trust

Musician's Pack for Elementor – Music Website Widgets & Templates Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 1, 2025

PHP min version7.0

Downloads11K

Community Trust

Rating86/100

Number of ratings6

Active installs400

Alternatives

Musician's Pack for Elementor – Music Website Widgets & Templates Alternatives

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 35 CVEs

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.

600K 1 unpatched

Unlimited Elements For Elementor

unlimited-elements-for-elementor

Elementor all-in-one addons pack with the best widgets for Elementor, offering 100+ free widgets, templates, and tools to create stunning websites!

300K 29 CVEs

The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce

the-plus-addons-for-elementor-page-builder

Best Addons for Elementor with 120+ Elementor FREE & Pro Widgets & 1000+ Elementor Templates with Mega Menu, Post Grid, Header Footer, WooCommerce

100K 33 CVEs

Developer Profile

Musician's Pack for Elementor – Music Website Widgets & Templates Developer Profile

smartwpress

3 plugins · 10K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect Musician's Pack for Elementor – Music Website Widgets & Templates

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/music-pack-for-elementor/js/audio_chooser_control.js/wp-content/plugins/music-pack-for-elementor/js/mpack-front.js/wp-content/plugins/music-pack-for-elementor/css/elementor-editor.css

Version Parameters

music-pack-for-elementor/js/audio_chooser_control.js?ver=music-pack-for-elementor/js/mpack-front.js?ver=music-pack-for-elementor/css/elementor-editor.css?ver=

HTML / DOM Fingerprints

CSS Classes

smc-ec-select-filesmc-selected-audio-url

Data Attributes

data-setting

JS Globals

DATAVALUES

FAQ