Does PlayMe have any unpatched vulnerabilities?

No. All known vulnerabilities in PlayMe have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PlayMe compatible with WordPress 6.7.5?

According to WordPress.org data, PlayMe 0.2.8 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is PlayMe compatible with PHP 5.6+?

PlayMe requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is PlayMe updated?

PlayMe was last updated on Jan 6, 2025. Frequent updates are generally a positive security signal.

What is PlayMe's security score?

PlayMe has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PlayMe Security & Risk Analysis

wordpress.org/plugins/playme

Embeddable Song Request Form for Radio Stations

30 active installs v0.2.8 PHP 5.6+ WP 3.2.1+ Updated Jan 6, 2025

musicradiorequestsongstation

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is PlayMe Safe to Use in 2026?

Generally Safe

Score 92/100

PlayMe has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "playme" v0.2.8 plugin exhibits a concerning security posture primarily due to its unprotected entry points and the complete absence of prepared statements for its SQL queries. While the plugin doesn't appear to have a history of known vulnerabilities, this could be more a reflection of its limited exposure or detection rather than inherent security. The static analysis reveals a significant attack surface with 4 out of 5 entry points lacking authentication checks. This means that potentially any user, regardless of their role or logged-in status, could trigger these functions, opening the door for various attacks. The critical weakness lies in the 5 SQL queries which are all executed without prepared statements. This makes the plugin highly susceptible to SQL injection vulnerabilities. While the plugin does perform capability checks and has a good output escaping rate, these strengths are overshadowed by the fundamental flaws in handling user input for database operations and the lack of authorization on its AJAX handlers. Therefore, despite a clean vulnerability history, the plugin should be treated with extreme caution and is not recommended for use without significant remediation.

Key Concerns

Unprotected AJAX handlers
SQL queries without prepared statements
No nonce checks on AJAX handlers

Vulnerabilities

None known

PlayMe Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

PlayMe Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared5 total queries

Output Escaping

86% escaped7 total outputs

Attack Surface

4 unprotected

PlayMe Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 4

authwp_ajax_playme_submitrequestplayme.php:44

noprivwp_ajax_playme_submitrequestplayme.php:45

authwp_ajax_playme_fetchrequestsplayme.php:47

authwp_ajax_playme_deleterequestplayme.php:48

Shortcodes 1

[playme] playme.php:263

WordPress Hooks 5

actionwp_enqueue_scriptsplayme.php:30

actionadmin_initplayme.php:53

actionwp_enqueue_scriptsplayme.php:55

actionadmin_menuplayme.php:69

filterwoocommerce_prevent_admin_accessplayme.php:415

Maintenance & Trust

PlayMe Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJan 6, 2025

PHP min version5.6

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

PlayMe Alternatives

Meks Audio Player

meks-audio-player

Easily enhance your podcast, music or any audio files with a full-featured and customizable sticky audio player.

1K No CVEs

Music Player for WooCommerce

music-player-for-woocommerce

Music Player for WooCommerce includes the MediaElement.js music player in the pages of the products with audio files associated.

1K 2 CVEs

Radio Station by netmix® – Manage and play your Show Schedule in WordPress!

radio-station

Radio Station lets you build and manage a Show Schedule for a radio station or Internet broadcaster's WordPress website.

1K 3 CVEs

Transcoder

transcoder

Transcoding services for ANY WordPress website. Convert audio/video files of any format to a web-friendly format (mp3/mp4).

500 2 CVEs

WP Chords

wp-chords

WP Chords allows you to format and display the chords on your blog including mobile friendly interface and AMP functionality.

200 No CVEs

Developer Profile

PlayMe Developer Profile

ERA404

5 plugins · 320 total installs

trust score

Avg Security Score

70/100

Avg Patch Time

314 days

View full developer profile

Detection Fingerprints

How We Detect PlayMe

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/playme/styles.css/wp-content/plugins/playme/scripts.js

Script Paths

/wp-content/plugins/playme/scripts.js

Version Parameters

playme/scripts.js?ver=1.1

HTML / DOM Fingerprints

CSS Classes

PlayMeAdminPlayMe_submissionsplayme_timerPlayMe_refreshPlayMe_recaptcha

Data Attributes

data-seconds

JS Globals

ajax_objectPlayMe

REST Endpoints

/wp-json/playme/v1/settings/wp-json/playme/v1/requests

FAQ