Does OpenSheetMusicDisplay have any unpatched vulnerabilities?

No. All known vulnerabilities in OpenSheetMusicDisplay have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is OpenSheetMusicDisplay compatible with WordPress 6.9.4?

According to WordPress.org data, OpenSheetMusicDisplay 1.4.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is OpenSheetMusicDisplay compatible with PHP 7.0.0+?

OpenSheetMusicDisplay requires PHP 7.0.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is OpenSheetMusicDisplay updated?

OpenSheetMusicDisplay was last updated on Feb 18, 2026. Frequent updates are generally a positive security signal.

What is OpenSheetMusicDisplay's security score?

OpenSheetMusicDisplay has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

OpenSheetMusicDisplay Security & Risk Analysis

wordpress.org/plugins/opensheetmusicdisplay

Block or shortcode to render MusicXML in the browser as sheet music using OSMD.

100 active installs v1.4.2 PHP 7.0.0+ WP 5.6.0+ Updated Feb 18, 2026

musicmusicxmlopensheetmusicdisplayosmdsheet-music

A · Safe

CVEs total1

Unpatched0

Last CVEMay 29, 2025

Download

Safety Verdict

Is OpenSheetMusicDisplay Safe to Use in 2026?

Generally Safe

Score 99/100

OpenSheetMusicDisplay has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 29, 2025Updated 1mo ago

Risk Assessment

The OpenSheetMusicDisplay plugin v1.4.2 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, external HTTP requests, file operations, and the exclusive use of prepared statements for SQL queries are all positive indicators. Furthermore, the plugin demonstrates good output escaping practices with a high percentage of properly escaped outputs and the presence of capability checks, which are crucial for securing plugin functionality.

However, the static analysis reveals some areas for caution. The presence of two shortcodes, while not inherently insecure, represents potential entry points that would ideally have more robust authorization checks, especially if they handle user-supplied data. The lack of any taint analysis results is noteworthy, but it's important to remember that zero findings do not guarantee zero vulnerabilities, particularly in more complex codebases. The plugin's vulnerability history, while showing no currently unpatched CVEs, does include a past medium-severity Cross-site Scripting (XSS) vulnerability. This suggests that while the developers have addressed past issues, vigilance is still required.

In conclusion, OpenSheetMusicDisplay v1.4.2 demonstrates good development practices concerning core security features like SQL handling and output escaping. The primary areas for improvement revolve around securing the shortcode entry points more comprehensively and acknowledging the historical presence of XSS vulnerabilities, emphasizing the need for ongoing security audits. The plugin is not exhibiting critical immediate risks based on this data, but continuous monitoring and updates are advised.

Key Concerns

Shortcodes without explicit auth checks
Past medium XSS vulnerability history

Vulnerabilities

OpenSheetMusicDisplay Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-5235medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

OpenSheetMusicDisplay <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter

May 29, 2025 Patched in 1.4.1 (1d)

Code Analysis

Analyzed Mar 16, 2026

OpenSheetMusicDisplay Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

22 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

96% escaped23 total outputs

Attack Surface

OpenSheetMusicDisplay Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[opensheetmusicdisplay] opensheetmusicdisplay.php:518

[pb-deep-link] practicebird_block.php:309

WordPress Hooks 20

filterwp_check_filetype_and_extMultipleMimes.php:5

filterupload_mimesMultipleMimes.php:16

filterwp_check_filetype_and_extMultipleMimes.php:19

actionadmin_menuopensheetmusicdisplay-settings.php:13

actionadmin_initopensheetmusicdisplay-settings.php:14

filterupload_mimesopensheetmusicdisplay.php:587

actioninitopensheetmusicdisplay.php:602

actioninitopensheetmusicdisplay.php:604

actionwp_enqueue_scriptsopensheetmusicdisplay.php:605

actionadmin_enqueue_scriptsopensheetmusicdisplay.php:607

actionadmin_noticesopensheetmusicdisplay.php:611

actionplugins_loadedopensheetmusicdisplay.php:618

filterquery_varspracticebird_block.php:371

actiontemplate_includepracticebird_block.php:375

actioninitpracticebird_block.php:390

actionwp_enqueue_scriptspracticebird_block.php:391

actioninitpracticebird_block.php:394

actionadmin_enqueue_scriptspracticebird_block.php:395

actionadmin_noticespracticebird_block.php:399

actionplugins_loadedpracticebird_block.php:406

Maintenance & Trust

OpenSheetMusicDisplay Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 18, 2026

PHP min version7.0.0

Downloads9K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

OpenSheetMusicDisplay Alternatives

Sheet Music Libary

sheet-music-library

The sheet music library plugin is a framework that leverages WordPress to post sheet music online in a structured way. Using a sheet music custom post …

100 No CVEs

MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

mp3-music-player-by-sonaar

The most advanced Audio Player for Music & Podcast. For Elementor, Gutenberg, WooCommerce and more. Add unlimited players to any pages!

20K 13 CVEs

Music Player for Elementor – Audio Player & Podcast Player

music-player-for-elementor

Audio Player for Elementor – the go-to plugin for adding MP3s, podcasts & playlists. Fully customizable, WooCommerce-ready, and mobile-friendly.

10K 2 CVEs

Cue by AudioTheme.com

cue

Delightful and reliable audio playlists.

6K 1 CVE

Audio Album

audio-album

Displays a collection of audio tracks as an audio album using the native WordPress audio features. Includes a customizer section.

4K 1 CVE

Developer Profile

OpenSheetMusicDisplay Developer Profile

OSMD

2 plugins · 100 total installs

100

trust score

Avg Security Score

100/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect OpenSheetMusicDisplay

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/opensheetmusicdisplay/build/osmd_block.js/wp-content/plugins/opensheetmusicdisplay/build/styles/osmd_block.css/wp-content/plugins/opensheetmusicdisplay/build/styles/style-osmd_block.css

Script Paths

/wp-content/plugins/opensheetmusicdisplay/build/osmd_block.js

Version Parameters

build/osmd_block.asset.php

HTML / DOM Fingerprints

CSS Classes

osmd-containerosmd

Data Attributes

data-align-restsdata-auto-beamdata-auto-beam-optionsdata-auto-resizedata-backenddata-coloring-mode+25 more

JS Globals

wp.hooks.addFilter('blocks.registerBlockType', 'phonicscore/opensheetmusicdisplay/block-type-hook')

wp.hooks.addFilter('phonicscore_opensheetmusicdisplay_attributes-user-defaults', 'phonicscore/opensheetmusicdisplay/get-user-defaults')

Shortcode Output

[opensheetmusicdisplay

FAQ