Does Netease Music have any unpatched vulnerabilities?

Yes — Netease Music currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Netease Music compatible with WordPress 5.4.19?

According to WordPress.org data, Netease Music 3.2.1 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

How often is Netease Music updated?

Netease Music was last updated on May 19, 2020. Frequent updates are generally a positive security signal.

What is Netease Music's security score?

Netease Music has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Netease Music Security & Risk Analysis

wordpress.org/plugins/netease-music

网易云音乐

100 active installs v3.2.1 PHP + WP 4.0+ Updated May 19, 2020

163%e7%bd%91%e6%98%93%e4%ba%91%e9%9f%b3%e4%b9%90%e8%99%be%e7%b1%b3%e9%9f%b3%e4%b9%90music

C · Use Caution

CVEs total1

Unpatched1

Last CVEAug 13, 2025

Plugin page Download

Safety Verdict

Is Netease Music Safe to Use in 2026?

Use With Caution

Score 63/100

Netease Music has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Aug 13, 2025Updated 5yr ago

Risk Assessment

The netease-music plugin exhibits a concerning security posture primarily due to a significant number of unprotected AJAX handlers. With 7 out of 9 total entry points lacking authorization checks, a substantial attack surface is exposed, making it vulnerable to unauthorized actions. While the plugin demonstrates good practices in SQL query handling by exclusively using prepared statements and has no file operations or dangerous functions, the lack of capability checks and a single nonce check on the entry points are significant weaknesses. The plugin's vulnerability history, including a known medium-severity vulnerability from 2025-08-13 related to missing authorization, reinforces the existing concerns about access control issues.

Overall, the plugin's strengths in secure SQL and avoidance of common dangerous functions are overshadowed by its critical flaw in exposed AJAX endpoints. The presence of a past missing authorization vulnerability further highlights the importance of robust access control mechanisms. Users should be cautious, and developers should prioritize implementing proper authentication and authorization for all AJAX handlers to mitigate the identified risks.

Key Concerns

High number of unprotected AJAX handlers
Missing capability checks
Unpatched CVE (medium severity)
Low percentage of properly escaped output
Limited nonce checks

Vulnerabilities

Netease Music Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-49052medium · 4.3Missing Authorization

Netease Music <= 3.2.1 - Missing Authorization

Aug 13, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Netease Music Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

5% escaped40 total outputs

Attack Surface

7 unprotected

Netease Music Attack Surface

Entry Points9

Unprotected7

AJAX Handlers 7

noprivwp_ajax_get_musicfunctions\core.php:39

authwp_ajax_get_musicfunctions\core.php:40

authwp_ajax_nm_getfunctions\core.php:187

noprivwp_ajax_nmjsonfunctions\core.php:189

authwp_ajax_nmjsonfunctions\core.php:190

authwp_ajax_nm_deletefunctions\pr-list.php:7

authwp_ajax_nm_addfunctions\pr-list.php:20

Shortcodes 2

[nm] functions\core.php:7

[nms] functions\shortcode.php:7

WordPress Hooks 8

actionadmin_noticesfunctions\core.php:17

actiontemplate_redirectfunctions\core.php:19

actionwp_footerfunctions\core.php:62

actionadmin_menufunctions\core.php:177

actionadmin_initfunctions\core.php:184

actionwp_enqueue_scriptsfunctions\static.php:34

actionadmin_enqueue_scriptsfunctions\static.php:35

actionwp_headfunctions\static.php:40

Maintenance & Trust

Netease Music Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19

Last updatedMay 19, 2020

PHP min version

Downloads55K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

Netease Music Alternatives

网易云音乐

nines-music

网易云音乐播放器（详情看截图）

40 No CVEs

MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

mp3-music-player-by-sonaar

The most advanced Audio Player for Music & Podcast. For Elementor, Gutenberg, WooCommerce and more. Add unlimited players to any pages!

20K 13 CVEs

Music Player for Elementor – Audio Player & Podcast Player

music-player-for-elementor

Audio Player for Elementor – the go-to plugin for adding MP3s, podcasts & playlists. Fully customizable, WooCommerce-ready, and mobile-friendly.

10K 2 CVEs

Cue by AudioTheme.com

cue

Delightful and reliable audio playlists.

6K 1 CVE

Audio Album

audio-album

Displays a collection of audio tracks as an audio album using the native WordPress audio features. Includes a customizer section.

4K 1 CVE

Developer Profile

Netease Music Developer Profile

Dariolee

4 plugins · 150 total installs

trust score

Avg Security Score

83/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Netease Music

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/netease-music/css/nmplayer.css/wp-content/plugins/netease-music/css/style.css/wp-content/plugins/netease-music/js/nm.js/wp-content/plugins/netease-music/js/nmplayer.js

Script Paths

nmnmp

HTML / DOM Fingerprints

CSS Classes

nm-wrappernm-loadmorenm-copyrightnm-notenm-album-listnm-containernm-list-itemnm-list-content+21 more

Data Attributes

data-actiondata-pageddata-maxdata-typedata-id

JS Globals

nmjsonnm_playernetease_music_outputnetease_music_callbackget_private_listget_netease_music

REST Endpoints

/wp-json/netease-music/v1/get

Shortcode Output

<div id="nm-wrapper" class="nm-wrapper">

<div class="nm-copyright"><i class="fxfont nm-note"></i> <a href="https://fatesinger.com/74369" target="_blank" title="网易云音乐">网易云音乐</a></div>

<div id="nm_container" class="nmplaybar">

FAQ

Netease Music Security & Risk Analysis

Is Netease Music Safe to Use in 2026?

Use With Caution

Key Concerns

Netease Music Security Vulnerabilities

CVEs by Year

Severity Breakdown

Netease Music Code Analysis

SQL Query Safety

Output Escaping

Netease Music Attack Surface

AJAX Handlers 7

Shortcodes 2

Netease Music Maintenance & Trust

Maintenance Signals

Community Trust

Netease Music Alternatives

网易云音乐

MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

Music Player for Elementor – Audio Player & Podcast Player

Cue by AudioTheme.com

Audio Album

Netease Music Developer Profile

How We Detect Netease Music

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Netease Music