WP-Safety

网易云音乐 Security & Risk Analysis

wordpress.org/plugins/nines-music

网易云音乐播放器(详情看截图)

40 active installs v1.6.2 PHP + WP 5.1.1+ Updated Jul 13, 2023
%e7%bd%91%e6%98%93%e4%ba%91%e9%9f%b3%e4%b9%90%e9%9f%b3%e4%b9%90%e8%bf%b7%e4%bd%a0%e9%9f%b3%e4%b9%90%e6%92%ad%e6%94%be%e5%99%a8music%e6%92%ad%e6%94%be%e5%99%a8
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is 网易云音乐 Safe to Use in 2026?

Generally Safe

Score 85/100

网易云音乐 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "nines-music" plugin v1.6.2 exhibits a generally good security posture, with no known vulnerabilities or critical code signals. The complete absence of raw SQL queries and external HTTP requests, along with the proper use of prepared statements for all SQL operations, are significant strengths. The plugin also demonstrates a commitment to security by implementing nonce checks and capability checks for a portion of its entry points.

However, there are areas for improvement. The presence of two AJAX handlers without authentication checks represents a notable security concern, potentially allowing unauthorized users to trigger actions within the plugin. While no critical or high severity taint flows were identified, the static analysis shows that a significant percentage (33%) of its output is not properly escaped. This could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is directly reflected in the output without adequate sanitization.

Overall, the plugin is on a positive trajectory, particularly given its clean vulnerability history. Addressing the unprotected AJAX endpoints and improving output escaping practices would significantly enhance its security, moving it from a good to a more robust security posture.

Key Concerns

  • Unprotected AJAX handlers
  • Significant percentage of unescaped output
Vulnerabilities
None known

网易云音乐 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

网易云音乐 Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
200
411 escaped
Nonce Checks
6
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

67% escaped611 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
csf_export (inc\functions\actions.php:62)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

网易云音乐 Attack Surface

Entry Points7
Unprotected2

AJAX Handlers 7

authwp_ajax_csf-get-iconsinc\functions\actions.php:50
authwp_ajax_csf-exportinc\functions\actions.php:87
authwp_ajax_csf-importinc\functions\actions.php:123
authwp_ajax_csf-resetinc\functions\actions.php:150
authwp_ajax_csf-choseninc\functions\actions.php:189
noprivwp_ajax_jiutu_music_lrc_apiNinesMusic.php:456
authwp_ajax_jiutu_music_lrc_apiNinesMusic.php:457
WordPress Hooks 17
actionwp_enqueue_scriptsinc\classes\abstract.class.php:20
actionadmin_menuinc\classes\admin-options.class.php:111
actionadmin_bar_menuinc\classes\admin-options.class.php:112
actionnetwork_admin_menuinc\classes\admin-options.class.php:116
filteradmin_footer_textinc\classes\admin-options.class.php:481
actionafter_setup_themeinc\classes\setup.class.php:74
actioninitinc\classes\setup.class.php:75
actionswitch_themeinc\classes\setup.class.php:76
actionadmin_enqueue_scriptsinc\classes\setup.class.php:77
actionwp_enqueue_scriptsinc\classes\setup.class.php:78
actionwp_headinc\classes\setup.class.php:79
filteradmin_body_classinc\classes\setup.class.php:80
actionadmin_footerinc\fields\icon\icon.php:46
actioncustomize_controls_print_footer_scriptsinc\fields\icon\icon.php:47
actionadmin_print_footer_scriptsinc\fields\link\link.php:70
actionprint_default_editor_scriptsinc\fields\wp_editor\wp_editor.php:62
actionwp_footerNinesMusic.php:378
Maintenance & Trust

网易云音乐 Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedJul 13, 2023
PHP min version
Downloads13K

Community Trust

Rating100/100
Number of ratings2
Active installs40
Alternatives

网易云音乐 Alternatives

Netease Music

Netease Music

netease-music

C
63

网易云音乐

100 1 unpatched
record player musicbox 唱片播放器

record player musicbox 唱片播放器

record-player-musicbox

A
100

一个仿古风的唱片背景音乐播放器,支持自动播放、禁播设置、自定义位置、进度记忆及移动端控制等功能。

10 No CVEs
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

mp3-music-player-by-sonaar

A
92

The most advanced Audio Player for Music & Podcast. For Elementor, Gutenberg, WooCommerce and more. Add unlimited players to any pages!

20K 13 CVEs
Music Player for Elementor – Audio Player & Podcast Player

Music Player for Elementor – Audio Player & Podcast Player

music-player-for-elementor

A
98

Audio Player for Elementor – the go-to plugin for adding MP3s, podcasts & playlists. Fully customizable, WooCommerce-ready, and mobile-friendly.

10K 2 CVEs
Cue by AudioTheme.com

Cue by AudioTheme.com

cue

A
91

Delightful and reliable audio playlists.

6K 1 CVE
Developer Profile

网易云音乐 Developer Profile

不问归期_

2 plugins · 50 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect 网易云音乐

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nines-music/static/css/aplayer.min.css/wp-content/plugins/nines-music/static/js/aplayer.min.js/wp-content/plugins/nines-music/static/js/music.js/wp-content/plugins/nines-music/static/css/music.css/wp-content/plugins/nines-music/static/js/meting.min.js/wp-content/plugins/nines-music/static/css/nines-music.css/wp-content/plugins/nines-music/static/js/nines-music.js
Script Paths
wp-content/plugins/nines-music/static/js/aplayer.min.jswp-content/plugins/nines-music/static/js/music.jswp-content/plugins/nines-music/static/js/meting.min.jswp-content/plugins/nines-music/static/js/nines-music.js
Version Parameters
nines-music/static/css/aplayer.min.css?ver=nines-music/static/js/aplayer.min.js?ver=nines-music/static/js/music.js?ver=nines-music/static/css/music.css?ver=nines-music/static/js/meting.min.js?ver=nines-music/static/css/nines-music.css?ver=nines-music/static/js/nines-music.js?ver=

HTML / DOM Fingerprints

CSS Classes
aplayeraplayer-withlistaplayer-fixedaplayer-narrowaplayer-show-picture
HTML Comments
如果直接调用此文件,请中止。播放器设置播放器类型侧边模式+18 more
Data Attributes
data-fixeddata-minidata-hide-picturedata-memorydata-show-lyricsdata-autoplay+34 more
JS Globals
window.aplayer_config
FAQ

Frequently Asked Questions about 网易云音乐