WP-Safety

Podcast Player – Your Podcasting Companion Security & Risk Analysis

wordpress.org/plugins/podcast-player

Showcase your podcast only using podcasting feed url. Use widget, shortcode or editor block to display podcast player anywhere on your site.

10K active installs v8.0.1 PHP 5.6+ WP 4.9+ Updated Mar 4, 2026
feed-to-audiopodcastpodcasterpodcastingrss-feed
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Podcast Player – Your Podcasting Companion Safe to Use in 2026?

Generally Safe

Score 100/100

Podcast Player – Your Podcasting Companion has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The podcast-player v8.0.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and has no recorded historical vulnerabilities, suggesting a generally secure development history. The absence of dangerous functions, file operations, and outdated bundled libraries is also a strong indicator of a well-maintained codebase. However, a significant concern arises from the large attack surface, particularly the 10 out of 13 AJAX handlers that lack authentication checks. This presents a substantial risk for unauthorized actions if these handlers are exploitable. While taint analysis did not reveal critical or high severity issues, the presence of flows with unsanitized paths, though limited in number, warrants attention as it indicates potential, albeit low-severity, risks. The plugin's strengths lie in its database interaction and general coding cleanliness, but the unauthenticated AJAX endpoints are a clear weakness that could be exploited.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
Vulnerabilities
None known

Podcast Player – Your Podcasting Companion Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Podcast Player – Your Podcasting Companion Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
56
376 escaped
Nonce Checks
12
Capability Checks
3
File Operations
0
External Requests
3
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

87% escaped432 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
load_shortcode (backend\inc\class-shortcode.php:312)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
10 unprotected

Podcast Player – Your Podcasting Companion Attack Surface

Entry Points16
Unprotected10

AJAX Handlers 13

authwp_ajax_pp_feed_editorbackend\admin\class-options.php:91
authwp_ajax_pp_migrate_podcastbackend\admin\class-options.php:93
authwp_ajax_pp_delete_sourcebackend\admin\class-options.php:94
authwp_ajax_pp_render_previewbackend\class-register.php:190
authwp_ajax_pp_blank_shortcode_templatebackend\class-register.php:191
authwp_ajax_pp_create_new_shortcodebackend\class-register.php:192
authwp_ajax_pp_load_shortcodebackend\class-register.php:193
authwp_ajax_pp_delete_shortcodebackend\class-register.php:194
authwp_ajax_pp_update_shortcodebackend\class-register.php:195
authwp_ajax_pp_fetch_episodesfrontend\class-register.php:163
noprivwp_ajax_pp_fetch_episodesfrontend\class-register.php:164
authwp_ajax_pp_search_episodesfrontend\class-register.php:167
noprivwp_ajax_pp_search_episodesfrontend\class-register.php:168

REST API Routes 1

GET/wp-json/podcastplayer/v1/fIndexbackend\inc\class-misc.php:93

Shortcodes 2

[podcastplayer] backend\class-register.php:168
[showpodcastplayer] backend\class-register.php:169
WordPress Hooks 37
actioninitbackend\admin\class-options.php:86
actionadmin_menubackend\admin\class-options.php:87
actionadmin_initbackend\admin\class-options.php:88
actionadmin_enqueue_scriptsbackend\admin\class-options.php:89
actionpodcast_player_options_page_contentbackend\admin\class-options.php:90
actionadmin_enqueue_scriptsbackend\class-register.php:105
actionadmin_enqueue_scriptsbackend\class-register.php:106
actionenqueue_block_editor_assetsbackend\class-register.php:107
actionadmin_initbackend\class-register.php:114
actionadmin_headbackend\class-register.php:125
actionadmin_noticesbackend\class-register.php:126
actionelementor/editor/before_enqueue_scriptsbackend\class-register.php:137
actionelementor/editor/before_enqueue_scriptsbackend\class-register.php:141
actionwidgets_initbackend\class-register.php:153
actioninitbackend\class-register.php:179
actionpp_auto_update_podcastbackend\class-register.php:207
actionrest_api_initbackend\class-register.php:208
actioninitbackend\class-register.php:209
actionwp_dashboard_setupbackend\class-register.php:229
filterpodcast_player_bg_task_download_imagebackend\class-register.php:239
filterpodcast_player_bg_task_import_episodesbackend\class-register.php:240
actionwp_enqueue_scriptsfrontend\class-register.php:110
actionwp_enqueue_scriptsfrontend\class-register.php:111
actionwp_enqueue_scriptsfrontend\class-register.php:114
actionwp_footerfrontend\class-register.php:117
filterpodcast_player_mediaelement_settingsfrontend\class-register.php:128
actionelementor/preview/enqueue_scriptsfrontend\class-register.php:139
filterpodcast_player_script_datafrontend\class-register.php:150
filterpodcast_player_has_podcastfrontend\class-register.php:170
actionwp_headfrontend\class-register.php:183
actionwp_footerfrontend\class-register.php:184
filterwalker_nav_menu_start_elfrontend\class-register.php:209
filterpp_icon_fonts_deffrontend\class-register.php:220
filterwp_footerfrontend\class-register.php:231
filteradmin_footerfrontend\class-register.php:232
actionshutdownhelper\core\class-background-jobs.php:48
actionplugins_loadedpodcast-player.php:85

Scheduled Events 1

pp_auto_update_podcast
Maintenance & Trust

Podcast Player – Your Podcasting Companion Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 4, 2026
PHP min version5.6
Downloads628K

Community Trust

Rating96/100
Number of ratings110
Active installs10K
Alternatives

Podcast Player – Your Podcasting Companion Alternatives

Selfhost Podcasting – Create Podcasts Easily

Selfhost Podcasting – Create Podcasts Easily

selfhost-podcasting

A
100

Host and publish podcast from your WordPress dashboard. Clean, lightweight, and Apple/Spotify-compliant podcasting RSS feeds.

10 No CVEs
Captivate Sync

Captivate Sync

captivatesync-trade

A
95

Captivate Sync™ is a WordPress plugin maintained and developed by Captivate, part of the Rebel Base Media family. With our background in Podcast Websi …

1K 3 CVEs
fresh Podcaster

fresh Podcaster

fresh-podcaster

A
85

“fresh Podcaster” is a simple yet customizable plugin to embed podcasts in your posts and pages. Just add a shortcode anywhere.

10 No CVEs
Podcast Searcher by Clarify

Podcast Searcher by Clarify

podcast-searcher-by-clarify

A
85

The Clarify plugin allows you to make any audio or video embedded in your posts, pages, etc searchable via the standard WordPress search box.

10 No CVEs
PowerPress Podcasting plugin by Blubrry

PowerPress Podcasting plugin by Blubrry

powerpress

A
88

No. 1 Podcasting plugin for WordPress.

30K 19 CVEs
Developer Profile

Podcast Player – Your Podcasting Companion Developer Profile

Veda

2 plugins · 10K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Podcast Player – Your Podcasting Companion

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/podcast-player/build/static/js/runtime-main.js/wp-content/plugins/podcast-player/build/static/js/2.chunk.js/wp-content/plugins/podcast-player/build/static/js/main.chunk.js/wp-content/plugins/podcast-player/build/static/css/main.chunk.css/wp-content/plugins/podcast-player/public/css/frontend.css/wp-content/plugins/podcast-player/public/css/backend.css/wp-content/plugins/podcast-player/public/js/backend.js/wp-content/plugins/podcast-player/public/js/frontend.js+20 more
Script Paths
/wp-content/plugins/podcast-player/build/static/js/runtime-main.js/wp-content/plugins/podcast-player/build/static/js/2.chunk.js/wp-content/plugins/podcast-player/build/static/js/main.chunk.js/wp-content/plugins/podcast-player/public/js/frontend.js/wp-content/plugins/podcast-player/public/js/backend.js/wp-content/plugins/podcast-player/assets/js/script.js+13 more
Version Parameters
podcast-player/build/static/js/runtime-main.js?ver=podcast-player/build/static/js/2.chunk.js?ver=podcast-player/build/static/js/main.chunk.js?ver=podcast-player/build/static/css/main.chunk.css?ver=podcast-player/public/css/frontend.css?ver=podcast-player/public/css/backend.css?ver=podcast-player/public/js/backend.js?ver=podcast-player/public/js/frontend.js?ver=podcast-player/assets/css/font-awesome.min.css?ver=podcast-player/assets/css/bootstrap.min.css?ver=podcast-player/assets/css/owl.carousel.min.css?ver=podcast-player/assets/css/slick.css?ver=podcast-player/assets/css/plyr.css?ver=podcast-player/assets/css/style.css?ver=podcast-player/assets/js/script.js?ver=podcast-player/assets/js/popper.min.js?ver=podcast-player/assets/js/bootstrap.min.js?ver=podcast-player/assets/js/owl.carousel.min.js?ver=podcast-player/assets/js/slick.min.js?ver=podcast-player/assets/js/plyr.js?ver=podcast-player/assets/js/jquery.js?ver=podcast-player/assets/js/jquery.mb.YTPlayer.js?ver=podcast-player/assets/js/frontend.js?ver=podcast-player/assets/js/backend.js?ver=podcast-player/assets/js/backend_functions.js?ver=podcast-player/assets/js/feed_editor.js?ver=podcast-player/assets/js/feed_fetcher.js?ver=podcast-player/assets/js/migration.js?ver=

HTML / DOM Fingerprints

CSS Classes
podcast_playerpodcast-player-widgetpp-feed-editorpp-feed-itempp-feed-playerpp-audio-playerpp-episodes-listpp-episode-item+21 more
HTML Comments
<!-- Podcast Player Main Wrapper --><!-- Podcast Player Widget --><!-- Podcast Player Feed Editor --><!-- Podcast Player Episode Item -->+11 more
Data Attributes
data-podcast-feeddata-player-iddata-audio-srcdata-episode-titledata-episode-urldata-player-skin+16 more
JS Globals
podcastPlayerppConfigppFeedEditorppMigratePodcastppDeleteSource
REST Endpoints
/wp-json/podcast-player/v1/feed-editor/wp-json/podcast-player/v1/migrate-podcast/wp-json/podcast-player/v1/delete-source
Shortcode Output
[podcast_player][podcast_player feed_url="your_podcast_feed_url"][podcast_player feed_url="your_podcast_feed_url" show_artwork="true" show_episodes="false" show_controls="true" auto_play="false" show_progress="true" show_volume="true"]
FAQ

Frequently Asked Questions about Podcast Player – Your Podcasting Companion