Does Music Seller have any unpatched vulnerabilities?

No. All known vulnerabilities in Music Seller have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Music Seller compatible with WordPress 4.9.29?

According to WordPress.org data, Music Seller 3.8.2 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Music Seller updated?

Music Seller was last updated on Feb 6, 2018. Frequent updates are generally a positive security signal.

What is Music Seller's security score?

Music Seller has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Music Seller Security & Risk Analysis

wordpress.org/plugins/music-seller

This plugin will allow you to sell music in various formats like mp3, ogg and etc.

10 active installs v3.8.2 PHP + WP 3.5.1+ Updated Feb 6, 2018

digital-downloadsmusicmusic-playerpaypalsell-music

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Music Seller Safe to Use in 2026?

Generally Safe

Score 85/100

Music Seller has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "music-seller" plugin v3.8.2 exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and avoiding bundled libraries, significant concerns arise from the static analysis. The presence of the `unserialize` function four times is a critical red flag, as unserialization of untrusted data is a common vector for remote code execution vulnerabilities. Furthermore, the lack of nonce checks and capability checks across all identified entry points (shortcodes in this case) is a major security weakness, leaving the plugin vulnerable to CSRF attacks and unauthorized actions by unauthenticated users.

The taint analysis indicates one flow with an unsanitized path, which, although not categorized as critical or high severity in this specific analysis, warrants careful attention. The absence of any recorded vulnerability history, while seemingly positive, could also indicate a lack of rigorous security auditing or a recent emergence of vulnerabilities. The plugin's strengths lie in its SQL handling and lack of bundled dependencies, but the identified weaknesses in input validation (unserialize) and authorization (missing checks) present substantial risks.

Key Concerns

Multiple uses of unserialize
No nonce checks on entry points
No capability checks on entry points
Unsanitized path in taint analysis flow
Insufficient output escaping

Vulnerabilities

None known

Music Seller Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Music Seller Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

62 escaped

Nonce Checks

Capability Checks

File Operations

325

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn unserialize($result);includes\getid3\extension.cache.dbm.php:194

unserializereturn unserialize(base64_decode($result));includes\getid3\extension.cache.mysql.php:155

unserializereturn unserialize(base64_decode($result));includes\getid3\extension.cache.sqlite3.php:182

unserialize$rows[] = unserialize(base64_decode($row));includes\getid3\extension.cache.sqlite3.php:228

SQL Query Safety

100% prepared5 total queries

Output Escaping

60% escaped104 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<functions> (functions.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Music Seller Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[music_seller] functions.php:425

[music_seller_thank_you] functions.php:426

WordPress Hooks 17

filterupload_dirfunctions.php:251

filterupload_dirfunctions.php:324

filterwp_mail_content_typefunctions.php:822

actioninitfunctions.php:892

actionadd_meta_boxesmusic_seller.php:23

actionmanage_posts_custom_columnmusic_seller.php:24

filtermanage_edit-music_seller_order_columnsmusic_seller.php:25

actionadmin_headmusic_seller.php:26

actionsave_postmusic_seller.php:27

actionpost_edit_form_tagmusic_seller.php:28

actioninitmusic_seller.php:29

actionplugins_loadedmusic_seller.php:30

actioninitmusic_seller.php:31

actionadmin_noticesmusic_seller.php:33

actionadmin_menumusic_seller_options.php:6

actionadmin_enqueue_scriptsmusic_seller_options.php:8

actionadmin_initmusic_seller_options.php:24

Maintenance & Trust

Music Seller Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedFeb 6, 2018

PHP min version

Downloads12K

Community Trust

Rating80/100

Number of ratings18

Active installs10

Alternatives

Music Seller Alternatives

Music Player for Easy Digital Downloads

music-player-for-easy-digital-downloads

100

Music Player for Easy Digital Downloads includes the MediaElement.js music player in the pages of the downloads with audio files associated.

200 No CVEs

MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

mp3-music-player-by-sonaar

The most advanced Audio Player for Music & Podcast. For Elementor, Gutenberg, WooCommerce and more. Add unlimited players to any pages!

20K 13 CVEs

Music Player for Elementor – Audio Player & Podcast Player

music-player-for-elementor

Audio Player for Elementor – the go-to plugin for adding MP3s, podcasts & playlists. Fully customizable, WooCommerce-ready, and mobile-friendly.

10K 2 CVEs

CP Media Player – Audio Player and Video Player

audio-and-video-player

100

CP Media Player - Audio and Video Player supported by major browsers, such as IE, Firefox, Opera, Safari, Chrome, and mobile devices: iPhone, iPad, An …

3K 1 CVE

Player for SoundCloud – Embed and Play Audio Tracks

embed-soundcloud-block

100

SoundCloud is the new music network on the block that allows users to create, record and share sounds and music with family, friends and the world.

1K No CVEs

Developer Profile

Music Seller Developer Profile

motov.net

2 plugins · 910 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

132 days

View full developer profile

Detection Fingerprints

How We Detect Music Seller

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/music-seller/css/music_seller.css

Script Paths

/wp-content/plugins/music-seller/js/music_seller.js

Version Parameters

music_seller/style.css?ver=music_seller.js?ver=

HTML / DOM Fingerprints

CSS Classes

music_seller_sectionidmusic_seller_ordermusic_seller_leftmusic_seller_iconmusic_seller_row

Data Attributes

music_seller_code

Shortcode Output

[music_seller_thank_you]

FAQ