WP-Safety

Music Store – WordPress eCommerce Security & Risk Analysis

wordpress.org/plugins/music-store

Music Store, online store for selling audio files (Ex. music, speeches, narratives), that supports PayPal, Stripe, Square, and other payment gateways.

300 active installs v1.3.2 PHP + WP 3.5.0+ Updated Mar 3, 2026
audiomusicmusic-playermusic-storeshop
94
A · Safe
CVEs total4
Unpatched0
Last CVEDec 30, 2024
Plugin page Download
Safety Verdict

Is Music Store – WordPress eCommerce Safe to Use in 2026?

Generally Safe

Score 94/100

Music Store – WordPress eCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Dec 30, 2024Updated 1mo ago
Risk Assessment

The "music-store" plugin v1.3.2 presents a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of SQL queries using prepared statements and properly escaped output. The presence of nonce checks and capability checks on entry points also suggests an awareness of security fundamentals. However, several areas raise significant concerns.

The static analysis reveals the use of a dangerous `unserialize` function, which can be a major vulnerability if user-controlled data is passed to it. Furthermore, the taint analysis indicates two high-severity flows with unsanitized paths, suggesting potential injection vulnerabilities that could be exploited if not handled carefully. The plugin also has a history of four known CVEs, including one critical and one high severity, with past vulnerabilities in Cross-site Scripting, SQL Injection, and Open Redirect. While no vulnerabilities are currently unpatched, this history indicates a recurring tendency for security flaws to be introduced.

In conclusion, while the plugin incorporates some solid security measures, the presence of `unserialize`, high-severity taint flows, and a history of critical and high-severity vulnerabilities necessitate caution. The potential for exploitable code due to `unserialize` and unsanitized taint flows, coupled with past recurring vulnerability types, outweighs the strengths in prepared statements and output escaping. Addressing these specific issues is crucial for improving the plugin's overall security.

Key Concerns

  • Dangerous function unserialize found
  • High severity taint flows (2)
  • Total known CVEs (4) with critical/high
  • 10 shortcodes increase attack surface
Vulnerabilities
4

Music Store – WordPress eCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2015
2015
1 CVE in 2016
2016
2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
2

4 total CVEs

CVE-2025-24626medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Music Store – WordPress eCommerce <= 1.1.19 - Reflected Cross-Site Scripting

Dec 30, 2024 Patched in 1.2.0 (53d)
CVE-2024-36082critical · 9.1Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Music Store - WordPress eCommerce <= 1.1.13 - Authenticated (Admin+) SQL Injection

Jun 10, 2024 Patched in 1.1.14 (9d)
CVE-2016-10992medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Music Store <= 1.0.41 - Cross-Site Scripting

Mar 28, 2016 Patched in 1.0.43 (2857d)
WF-c296743a-ec08-4cdd-b3d0-ab3de93f5bb9-music-storehigh · 7.2URL Redirection to Untrusted Site ('Open Redirect')

Music Store – WordPress eCommerce < 1.0.15 - Open Redirect

Jul 25, 2015 Patched in 1.0.15 (3104d)
Code Analysis
Analyzed Mar 16, 2026

Music Store – WordPress eCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
7
97 prepared
Unescaped Output
62
739 escaped
Nonce Checks
10
Capability Checks
7
File Operations
18
External Requests
5
Bundled Libraries
0

Dangerous Functions Found

unserialize$contents_php = unserialize($contents);ms-core\ms-store-importer.php:43

SQL Query Safety

93% prepared104 total queries

Output Escaping

92% escaped801 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

19 flows9 with unsanitized paths
ms_download_file (ms-core\ms-download.php:398)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Music Store – WordPress eCommerce Attack Surface

Entry Points11
Unprotected0

AJAX Handlers 1

authwp_ajax_cp_feedbackfeedback\cp-feedback.php:23

Shortcodes 10

[music_store] music-store.php:345
[music_store_product] music-store.php:346
[music_store_product_list] music-store.php:347
[music_store_purchased_list] music-store.php:348
[music_store_sales_counter] music-store.php:349
[music_store] music-store.php:419
[music_store_product] music-store.php:420
[music_store_product_list] music-store.php:421
[music_store_sales_counter] music-store.php:422
[music_store_purchased_list] music-store.php:423
WordPress Hooks 96
actionadmin_bar_menubanner.php:105
actionadmin_enqueue_scriptsfeedback\cp-feedback.php:22
actionadmin_footerfeedback\cp-feedback.php:32
actionmusicstore_settings_pagems-addons\affiliateroyale.addon.php:8
actionmusicstore_save_settingsms-addons\affiliateroyale.addon.php:9
actionmusicstore_paypal_form_html_before_submitms-addons\affiliateroyale.addon.php:11
actionmusicstore_payment_receivedms-addons\affiliateroyale.addon.php:12
actionmusicstore_settings_pagems-addons\affiliatesmanager.addon.php:8
actionmusicstore_save_settingsms-addons\affiliatesmanager.addon.php:9
filtermusicstore_notify_urlms-addons\affiliatesmanager.addon.php:11
actionmusicstore_payment_receivedms-addons\affiliatesmanager.addon.php:12
actionmusicstore_settings_pagems-addons\base.addon.php:10
actionmusicstore_calling_payment_gatewayms-addons\mollie.addon.php:26
actionmusicstore_checking_paymentms-addons\mollie.addon.php:27
filtermusicstore_payment_gateway_enabledms-addons\mollie.addon.php:28
filtermusicstore_payment_gateway_listms-addons\mollie.addon.php:29
actionwp_footerms-addons\mollie.addon.php:30
actionmusicstore_settings_pagems-addons\mollie.addon.php:32
actionmusicstore_save_settingsms-addons\mollie.addon.php:33
actionmusicstore_calling_payment_gatewayms-addons\paypal.addon.php:18
actionmusicstore_checking_paymentms-addons\paypal.addon.php:19
filtermusicstore_payment_gateway_enabledms-addons\paypal.addon.php:20
filtermusicstore_payment_gateway_listms-addons\paypal.addon.php:21
actionmusicstore_calling_payment_gatewayms-addons\square.addon.php:33
actionmusicstore_checking_paymentms-addons\square.addon.php:34
filtermusicstore_payment_gateway_enabledms-addons\square.addon.php:35
filtermusicstore_payment_gateway_listms-addons\square.addon.php:36
actionmusicstore_settings_pagems-addons\square.addon.php:38
actionmusicstore_save_settingsms-addons\square.addon.php:39
actionmusicstore_send_notification_emailsms-core\ms-ipn.php:8
filtermusicstore_shopping_cart_buttonms-core\ms-woocommerce\ms-woocommerce.php:209
filtermusicstore_buynow_buttonms-core\ms-woocommerce\ms-woocommerce.php:210
filterwoocommerce_product_classms-core\ms-woocommerce\ms-woocommerce.php:212
filterwoocommerce_product_type_queryms-core\ms-woocommerce\ms-woocommerce.php:213
actionwoocommerce_after_cart_item_namems-core\ms-woocommerce\ms-woocommerce.php:215
filterwoocommerce_data_storesms-core\ms-woocommerce\ms-woocommerce.php:216
actionwoocommerce_checkout_create_order_line_item_objectms-core\ms-woocommerce\ms-woocommerce.php:218
filterwoocommerce_get_order_item_classnamems-core\ms-woocommerce\ms-woocommerce.php:219
filterwoocommerce_add_cart_itemms-core\ms-woocommerce\ms-woocommerce.php:221
filterwoocommerce_add_cart_item_datams-core\ms-woocommerce\ms-woocommerce.php:222
filterwoocommerce_add_cart_item_datams-core\ms-woocommerce\ms-woocommerce.php:223
filterwoocommerce_get_item_datams-core\ms-woocommerce\ms-woocommerce.php:225
filterwoocommerce_get_cart_item_from_sessionms-core\ms-woocommerce\ms-woocommerce.php:226
filterwoocommerce_get_cart_item_from_sessionms-core\ms-woocommerce\ms-woocommerce.php:227
actionwp_trash_postms-core\ms-woocommerce\ms-woocommerce.php:229
actionuntrashed_postms-core\ms-woocommerce\ms-woocommerce.php:230
filtermusicstore_payment_gateway_enabledms-core\ms-woocommerce\ms-woocommerce.php:232
actionwoocommerce_checkout_create_order_line_itemms-core\ms-woocommerce\ms-woocommerce.php:240
actioninitms-page-builder\ms-page-builders.php:20
actionafter_setup_themems-page-builder\ms-page-builders.php:21
actionenqueue_block_editor_assetsms-page-builder\ms-page-builders.php:28
actionelementor/widgets/registerms-page-builder\ms-page-builders.php:31
actionelementor/elements/categories_registeredms-page-builder\ms-page-builders.php:32
filtersiteorigin_widgets_widget_foldersms-page-builder\ms-page-builders.php:44
filtersiteorigin_panels_widget_dialog_tabsms-page-builder\ms-page-builders.php:45
actioninitmusic-store.php:78
filterget_post_metadatamusic-store.php:79
filteroption_sbp_settingsmusic-store.php:89
actionafter_setup_thememusic-store.php:145
actionplugins_loadedmusic-store.php:146
actioninitmusic-store.php:147
actionadmin_initmusic-store.php:148
actionwidgets_initmusic-store.php:149
actioncurrent_screenmusic-store.php:150
actionadmin_menumusic-store.php:152
filtermusicstore_buynow_buttonmusic-store.php:161
filterdisplay_post_statesmusic-store.php:169
actioninitmusic-store.php:189
actionsave_postmusic-store.php:210
filtermusicstore_notify_urlmusic-store.php:211
filterget_pagesmusic-store.php:235
filterpre_get_postsmusic-store.php:344
filterthe_contentmusic-store.php:350
filterthe_excerptmusic-store.php:351
filterget_the_excerptmusic-store.php:352
actionwp_headmusic-store.php:353
actionwp_enqueue_scriptsmusic-store.php:357
filterposts_wheremusic-store.php:361
filterposts_joinmusic-store.php:362
filterposts_groupbymusic-store.php:363
filtermusicstore_buynow_buttonmusic-store.php:367
filtermusicstore_shopping_cart_buttonmusic-store.php:368
filtermusicstore_demo_urlmusic-store.php:369
actiondelete_postmusic-store.php:788
actionadmin_enqueue_scriptsmusic-store.php:792
actionmedia_buttonsmusic-store.php:795
filtermanage_ms_song_posts_columnsmusic-store.php:1139
actionmanage_ms_song_posts_custom_columnmusic-store.php:1140
actionadmin_menumusic-store.php:1247
actionparent_filemusic-store.php:1393
filterposts_joinmusic-store.php:4044
filterposts_orderbymusic-store.php:4045
filterthe_contentmusic-store.php:4083
actionshutdownmusic-store.php:4236
actionactivated_pluginmusic-store.php:4242
actionwpmu_new_blogmusic-store.php:4243
Maintenance & Trust

Music Store – WordPress eCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 3, 2026
PHP min version
Downloads198K

Community Trust

Rating80/100
Number of ratings50
Active installs300
Alternatives

Music Store – WordPress eCommerce Alternatives

MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

mp3-music-player-by-sonaar

A
92

The most advanced Audio Player for Music & Podcast. For Elementor, Gutenberg, WooCommerce and more. Add unlimited players to any pages!

20K 13 CVEs
Music Player for Elementor – Audio Player & Podcast Player

Music Player for Elementor – Audio Player & Podcast Player

music-player-for-elementor

A
98

Audio Player for Elementor – the go-to plugin for adding MP3s, podcasts & playlists. Fully customizable, WooCommerce-ready, and mobile-friendly.

10K 2 CVEs
CP Media Player – Audio Player and Video Player

CP Media Player – Audio Player and Video Player

audio-and-video-player

A
100

CP Media Player - Audio and Video Player supported by major browsers, such as IE, Firefox, Opera, Safari, Chrome, and mobile devices: iPhone, iPad, An &hellip;

3K 1 CVE
HTML5 jQuery Audio Player

HTML5 jQuery Audio Player

html5-jquery-audio-player

C
64

Finally, a trendy looking audio player plugin. Works on all modern browsers including iPhone/iPad.

1K 1 unpatched
Music Player for WooCommerce

Music Player for WooCommerce

music-player-for-woocommerce

A
98

Music Player for WooCommerce includes the MediaElement.js music player in the pages of the products with audio files associated.

1K 2 CVEs
Developer Profile

Music Store – WordPress eCommerce Developer Profile

codepeople

34 plugins · 89K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
964 days
View full developer profile
Detection Fingerprints

How We Detect Music Store – WordPress eCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/music-store/ms-core/css/wp_admin_music_store.css/wp-content/plugins/music-store/ms-core/css/wp_music_store_public.css/wp-content/plugins/music-store/ms-core/js/admin-music-store.js/wp-content/plugins/music-store/ms-core/js/public-music-store.js/wp-content/plugins/music-store/ms-core/js/wp_music_store_public.js/wp-content/plugins/music-store/ms-core/js/jquery.min.js/wp-content/plugins/music-store/ms-page-builder/admin/css/ms-page-builder-admin.css/wp-content/plugins/music-store/ms-page-builder/admin/js/ms-page-builder-admin.js+1 more
Script Paths
/wp-content/plugins/music-store/ms-core/js/jquery.min.js/wp-content/plugins/music-store/ms-core/js/public-music-store.js/wp-content/plugins/music-store/ms-core/js/wp_music_store_public.js/wp-content/plugins/music-store/ms-page-builder/js/ms-page-builder-public.js/wp-content/plugins/music-store/ms-core/js/admin-music-store.js/wp-content/plugins/music-store/ms-page-builder/admin/js/ms-page-builder-admin.js
Version Parameters
music-store/ms-core/css/wp_admin_music_store.css?ver=music-store/ms-core/css/wp_music_store_public.css?ver=music-store/ms-core/js/admin-music-store.js?ver=music-store/ms-core/js/public-music-store.js?ver=music-store/ms-core/js/wp_music_store_public.js?ver=music-store/ms-page-builder/admin/css/ms-page-builder-admin.css?ver=music-store/ms-page-builder/admin/js/ms-page-builder-admin.js?ver=music-store/ms-page-builder/js/ms-page-builder-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
music-store-main-contentmusic_store_productms-page-builder-containerms-content-wrapperms-main-headerms-product-detailsms-add-to-cart-formms-player-container+2 more
HTML Comments
<!-- Begin Music Store --><!-- End Music Store --><!-- Music Store Product Listing --><!-- Music Store Single Product View -->+4 more
Data Attributes
data-music-store-product-iddata-music-store-pricedata-ms-actiondata-ms-item-id
JS Globals
musicStorePublicmsPageBuilderConfigmusicStoreAdmin
REST Endpoints
/wp-json/music-store/v1/products/wp-json/music-store/v1/cart
Shortcode Output
[music_store_products][music_store_product id=""][music_store_cart][music_store_player id=""]
FAQ

Frequently Asked Questions about Music Store – WordPress eCommerce