Does Music Player for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Music Player for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Music Player for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Music Player for WooCommerce 1.8.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Music Player for WooCommerce updated?

Music Player for WooCommerce was last updated on Feb 20, 2026. Frequent updates are generally a positive security signal.

What is Music Player for WooCommerce's security score?

Music Player for WooCommerce has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Music Player for WooCommerce Security & Risk Analysis

wordpress.org/plugins/music-player-for-woocommerce

Music Player for WooCommerce includes the MediaElement.js music player in the pages of the products with audio files associated.

1K active installs v1.8.0 PHP + WP 3.5.0+ Updated Feb 20, 2026

audiomusicmusic-playersongwoocommerce

A · Safe

CVEs total2

Unpatched0

Last CVEMay 7, 2025

Plugin page Download

Safety Verdict

Is Music Player for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

Music Player for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: May 7, 2025Updated 1mo ago

Risk Assessment

The music-player-for-woocommerce plugin v1.8.0 presents a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of SQL queries using prepared statements and a strong rate of output escaping. The plugin also implements a reasonable number of nonce and capability checks, indicating an awareness of common WordPress security mechanisms. However, there are notable concerns that detract from its overall security.

The static analysis reveals a significant attack surface with one unprotected AJAX handler, which is a direct entry point for potential unauthorized actions. The presence of dangerous functions like `shell_exec` and `unserialize` warrants careful scrutiny, especially when combined with the taint analysis showing one high-severity flow with unsanitized paths. This suggests a potential for attackers to manipulate input to execute arbitrary code or compromise data integrity.

The vulnerability history, with two past medium-severity CVEs, specifically in the areas of Missing Authorization and Cross-site Scripting, is a red flag. While currently unpatched CVEs are zero, this pattern indicates a recurring susceptibility to these types of vulnerabilities. The most recent vulnerability being in 2025 suggests a recent history of issues. While the current version appears to have addressed past CVEs, the historical data combined with the static analysis findings points to areas that require ongoing vigilance and potentially more robust security measures.

Key Concerns

Unprotected AJAX handler
High severity taint flow
Use of unserialize function
Use of shell_exec function
Past medium severity CVEs (2)

Vulnerabilities

Music Player for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-47472medium · 4.3Missing Authorization

Music Player for WooCommerce <= 1.5.1 - Missing Authorization

May 7, 2025 Patched in 1.6.0 (6d)

WF-a626dfd4-d8c3-4cd1-a624-bae719bea93a-music-player-for-woocommercemedium · 6.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Music Player for WooCommerce <= 1.0.172 - Authenticated (Admin+) Stored Cross-Site Scripting

Jun 30, 2022 Patched in 1.0.173 (572d)

Code Analysis

Analyzed Mar 16, 2026

Music Player for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

325 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

shell_exec$ffmpeg_system_path = defined( 'PHP_OS' ) && strtolower( PHP_OS ) == 'linux' && function_exists( 'shviews\global_options.php:10

unserialize$data[ $_key ] = unserialize( $_value );wcmp.php:129

SQL Query Safety

70% prepared10 total queries

Output Escaping

92% escaped352 total outputs

Data Flows

9 unsanitized

Data Flow Analysis

13 flows9 with unsanitized paths

save_general_settings (addons\ap-compact-audio-player.addon.php:36)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Music Player for WooCommerce Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 2

authwp_ajax_delete_wcfm_productaddons\wcfm.addon.php:14

authwp_ajax_wcmp_feedbackfeedback\cp-feedback.php:23

Shortcodes 3

[wcmp-playlist] wcmp.php:256

[wcmp-playlist] wcmp.php:275

[wcmp-playlist] wcmp.php:1767

WordPress Hooks 96

actionwcmp_addon_general_settingsaddons\ap-compact-audio-player.addon.php:9

actionwcmp_save_settingaddons\ap-compact-audio-player.addon.php:10

filterwcmp_audio_tagaddons\ap-compact-audio-player.addon.php:11

filterwcmp_widget_audio_tagaddons\ap-compact-audio-player.addon.php:12

filterwcmp_product_attraddons\ap-compact-audio-player.addon.php:13

filterwcmp_global_attraddons\ap-compact-audio-player.addon.php:14

actionwcmp_addon_general_settingsaddons\ap-cp-media-player.addon.php:9

actionwcmp_save_settingaddons\ap-cp-media-player.addon.php:10

filterwcmp_audio_tagaddons\ap-cp-media-player.addon.php:11

filterwcmp_widget_audio_tagaddons\ap-cp-media-player.addon.php:12

filterwcmp_product_attraddons\ap-cp-media-player.addon.php:13

filterwcmp_global_attraddons\ap-cp-media-player.addon.php:14

actionwcmp_addon_general_settingsaddons\ap-html5-audio-player.addon.php:10

actionwcmp_save_settingaddons\ap-html5-audio-player.addon.php:11

filterwcmp_audio_tagaddons\ap-html5-audio-player.addon.php:12

filterwcmp_widget_audio_tagaddons\ap-html5-audio-player.addon.php:13

filterwcmp_product_attraddons\ap-html5-audio-player.addon.php:14

filterwcmp_global_attraddons\ap-html5-audio-player.addon.php:15

actionwp_footeraddons\ap-html5-audio-player.addon.php:16

actionwcmp_addon_general_settingsaddons\ap-mp3-jplayer.addon.php:9

actionwcmp_save_settingaddons\ap-mp3-jplayer.addon.php:10

filterwcmp_audio_tagaddons\ap-mp3-jplayer.addon.php:11

filterwcmp_widget_audio_tagaddons\ap-mp3-jplayer.addon.php:12

filterwcmp_product_attraddons\ap-mp3-jplayer.addon.php:13

filterwcmp_global_attraddons\ap-mp3-jplayer.addon.php:14

actiondokan_product_edit_after_mainaddons\dokan.addon.php:11

actiondokan_process_product_metaaddons\dokan.addon.php:12

actiondokan_product_deletedaddons\dokan.addon.php:14

actionwcmp_addon_general_settingsaddons\dokan.addon.php:15

actionwcmp_save_settingaddons\dokan.addon.php:16

actionwcmp_addon_general_settingsaddons\mvx.addon.php:10

actionwcmp_save_settingaddons\mvx.addon.php:11

actionwcv_delete_postaddons\mvx.addon.php:17

actionmvx_frontend_after_general_product_dataaddons\mvx.addon.php:18

actionsave_postaddons\mvx.addon.php:19

actionafter_wcfm_products_downloadableaddons\wcfm.addon.php:11

actionsave_post_productaddons\wcfm.addon.php:12

actionwcmp_addon_general_settingsaddons\wcfm.addon.php:15

actionwcmp_save_settingaddons\wcfm.addon.php:16

actionadmin_initaddons\wcv.addon.php:9

actionwcv_delete_postaddons\wcv.addon.php:27

actionwcmp_addon_general_settingsaddons\wcv.addon.php:28

actionwcmp_save_settingaddons\wcv.addon.php:29

actionadmin_bar_menubanner.php:105

actionadmin_enqueue_scriptsfeedback\cp-feedback.php:22

actionadmin_footerfeedback\cp-feedback.php:32

actioninitpagebuilders\builders.php:29

actionafter_setup_themepagebuilders\builders.php:30

actionenqueue_block_editor_assetspagebuilders\builders.php:37

filterpre_render_blockpagebuilders\builders.php:38

actionelementor/widgets/registerpagebuilders\builders.php:41

actionelementor/elements/categories_registeredpagebuilders\builders.php:42

filtersiteorigin_widgets_widget_folderspagebuilders\builders.php:55

filtersiteorigin_panels_widget_dialog_tabspagebuilders\builders.php:56

actionvcv:apipagebuilders\builders.php:59

actionet_builder_readypagebuilders\builders.php:64

actiondivi_visual_builder_assets_before_enqueue_scriptspagebuilders\builders.php:65

actiondivi_module_library_modules_dependency_treepagebuilders\builders.php:97

filterdivi.moduleLibrary.conversion.moduleConversionOutlineFilepagebuilders\builders.php:106

actionet_builder_readypagebuilders\builders.php:116

filterwoocommerce_product_titlepagebuilders\builders.php:163

actioninitpagebuilders\divi5\index.php:24

actioninitwcmp.php:20

filterget_post_metadatawcmp.php:21

filteroption_sbp_settingswcmp.php:52

actionplugins_loadedwcmp.php:105

actioninitwcmp.php:106

actionadmin_initwcmp.php:107

filterwoocommerce_product_export_meta_valuewcmp.php:111

filterwoocommerce_product_importer_pre_expand_datawcmp.php:121

filterwc_product_table_data_namewcmp.php:141

actionwc_product_table_before_get_datawcmp.php:145

actionwc_product_table_after_get_datawcmp.php:150

filterpre_do_shortcode_tagwcmp.php:159

filterlitespeed_optimize_js_excludeswcmp.php:167

filterlitespeed_optm_js_defer_excwcmp.php:174

actioninitwcmp.php:209

filterthe_titlewcmp.php:214

filterwoocommerce_product_titlewcmp.php:215

filterwcmp_preloadwcmp.php:272

filterwp_kses_allowed_htmlwcmp.php:304

filteresc_htmlwcmp.php:307

actionwcmp_main_playerwcmp.php:347

actionwcmp_all_playerswcmp.php:348

filterwc_product_table_data_namewcmp.php:351

actionwoocommerce_after_cart_item_namewcmp.php:356

filterwcmp_audio_tagwcmp.php:360

filterwoocommerce_product_get_imagewcmp.php:363

filterwoocommerce_single_product_image_thumbnail_htmlwcmp.php:364

actionadmin_menuwcmp.php:367

actionsave_postwcmp.php:388

actionafter_delete_postwcmp.php:389

filtermanage_product_posts_columnswcmp.php:401

actionmanage_product_posts_custom_columnwcmp.php:412

actionadmin_initwcmp.php:2321

actionwidgets_initwidgets\playlist_widget.php:10

Maintenance & Trust

Music Player for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 20, 2026

PHP min version

Downloads271K

Community Trust

Rating96/100

Number of ratings61

Active installs1K

Alternatives

Music Player for WooCommerce Alternatives

MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

mp3-music-player-by-sonaar

The most advanced Audio Player for Music & Podcast. For Elementor, Gutenberg, WooCommerce and more. Add unlimited players to any pages!

20K 13 CVEs

Music Player for Elementor – Audio Player & Podcast Player

music-player-for-elementor

Audio Player for Elementor – the go-to plugin for adding MP3s, podcasts & playlists. Fully customizable, WooCommerce-ready, and mobile-friendly.

10K 2 CVEs

CP Media Player – Audio Player and Video Player

audio-and-video-player

100

CP Media Player - Audio and Video Player supported by major browsers, such as IE, Firefox, Opera, Safari, Chrome, and mobile devices: iPhone, iPad, An …

3K 1 CVE

HTML5 jQuery Audio Player

html5-jquery-audio-player

Finally, a trendy looking audio player plugin. Works on all modern browsers including iPhone/iPad.

1K 1 unpatched

Audio Player with Playlist Ultimate

audio-player-with-playlist-ultimate

100

Audio Player with Playlist Ultimate is a Music/Audio Player with Playlist and options like shuffle, repeat, volume control, progress-bar, song info.

600 1 CVE

Developer Profile

Music Player for WooCommerce Developer Profile

codepeople

34 plugins · 89K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

964 days

View full developer profile

Detection Fingerprints

How We Detect Music Player for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/music-player-for-woocommerce/css/frontend.css/wp-content/plugins/music-player-for-woocommerce/css/skins.css/wp-content/plugins/music-player-for-woocommerce/js/public.js/wp-content/plugins/music-player-for-woocommerce/js/mediaelement/build/mediaelement-and-player.min.js/wp-content/plugins/music-player-for-woocommerce/js/mediaelement/build/mediaelement.min.js

Script Paths

/wp-content/plugins/music-player-for-woocommerce/js/public.js/wp-content/plugins/music-player-for-woocommerce/js/mediaelement/build/mediaelement-and-player.min.js/wp-content/plugins/music-player-for-woocommerce/js/mediaelement/build/mediaelement.min.js

Version Parameters

music-player-for-woocommerce/css/frontend.css?ver=music-player-for-woocommerce/css/skins.css?ver=music-player-for-woocommerce/js/public.js?ver=music-player-for-woocommerce/js/mediaelement/build/mediaelement-and-player.min.js?ver=music-player-for-woocommerce/js/mediaelement/build/mediaelement.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

wcmp-player-wrapperwcmp-custom-skinmejs-wmpmejs-ted

HTML Comments

Data Attributes

data-wcmp-audio-source

JS Globals

mejsmediaelementplayerWCMP_BUILDERS

FAQ