WP-Safety

Song Book Security & Risk Analysis

wordpress.org/plugins/song-book

Add worship songbooks to your site

20 active installs v1.3 PHP + WP 4.7+ Updated Sep 24, 2024
christianchurchessingingsongbookworship
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Song Book Safe to Use in 2026?

Generally Safe

Score 92/100

Song Book has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "song-book" v1.3 plugin exhibits a generally strong security posture based on the static analysis. A key strength is the absence of identified entry points such as AJAX handlers, REST API routes, shortcodes, or cron events that lack authentication checks. Furthermore, the code signals indicate a good implementation of security measures like nonce checks and capability checks, with a significant percentage of output properly escaped, and no dangerous functions or file operations detected. The lack of vulnerability history, including CVEs, further supports a positive security assessment.

However, the analysis does reveal a potential concern within the SQL query handling. With one SQL query identified and 0% of them using prepared statements, this presents a significant risk of SQL injection vulnerabilities. This is particularly concerning as it's the only identified database interaction and is not protected by proper sanitization. The taint analysis showing zero flows with unsanitized paths is a positive sign, but it doesn't negate the risk posed by the raw SQL query.

In conclusion, while the plugin demonstrates excellent practice in limiting its attack surface and implementing many security checks, the sole SQL query's lack of prepared statements is a critical weakness that needs immediate attention. Addressing this single SQL vulnerability would significantly improve the plugin's overall security.

Key Concerns

  • SQL queries not using prepared statements
Vulnerabilities
None known

Song Book Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Song Book Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
49
138 escaped
Nonce Checks
7
Capability Checks
18
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

74% escaped187 total outputs
Attack Surface

Song Book Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 61
filterpage_attributes_dropdown_pages_argsincludes\class-page-templater.php:41
filterwp_insert_post_dataincludes\class-page-templater.php:48
filtertemplate_includeincludes\class-page-templater.php:56
actionplugins_loadedincludes\class-page-templater.php:153
filtermap_meta_capincludes\class-song-capabilities.php:22
filtermap_meta_capincludes\class-songbook-capabilities.php:22
filterinitincludes\class-songbook-fullcontent.php:17
filterquery_varsincludes\class-songbook-fullcontent.php:22
filtertemplate_redirectincludes\class-songbook-fullcontent.php:27
filtertemplate_includeincludes\class-songbook-fullcontent.php:48
actionafter_setup_themeincludes\class-songbook-fullcontent.php:81
actioninitincludes\class-tabbed-settings.php:73
actionadmin_initincludes\class-tabbed-settings.php:75
actionadmin_menuincludes\class-tabbed-settings.php:77
actioninitincludes\class-tgm-plugin-activation.php:273
filterload_textdomain_mofileincludes\class-tgm-plugin-activation.php:274
actioninitincludes\class-tgm-plugin-activation.php:277
actionadmin_menuincludes\class-tgm-plugin-activation.php:426
actionadmin_headincludes\class-tgm-plugin-activation.php:427
filterinstall_plugin_complete_actionsincludes\class-tgm-plugin-activation.php:430
filterupdate_plugin_complete_actionsincludes\class-tgm-plugin-activation.php:431
actionadmin_noticesincludes\class-tgm-plugin-activation.php:434
actionadmin_initincludes\class-tgm-plugin-activation.php:435
actionadmin_enqueue_scriptsincludes\class-tgm-plugin-activation.php:436
actionload-plugins.phpincludes\class-tgm-plugin-activation.php:441
actionswitch_themeincludes\class-tgm-plugin-activation.php:444
actionswitch_themeincludes\class-tgm-plugin-activation.php:447
actionadmin_initincludes\class-tgm-plugin-activation.php:452
actionswitch_themeincludes\class-tgm-plugin-activation.php:457
actionadmin_headincludes\class-tgm-plugin-activation.php:461
actionload_textdomain_mofileincludes\class-tgm-plugin-activation.php:483
filterupgrader_source_selectionincludes\class-tgm-plugin-activation.php:896
actionplugins_loadedincludes\class-tgm-plugin-activation.php:2161
filtertgmpa_table_data_itemsincludes\class-tgm-plugin-activation.php:2285
filterupgrader_source_selectionincludes\class-tgm-plugin-activation.php:3029
actionadmin_initincludes\class-tgm-plugin-activation.php:3199
actionupgrader_process_completeincludes\class-tgm-plugin-activation.php:3294
filterupgrader_post_installincludes\class-tgm-plugin-activation.php:3353
filterupgrader_post_installincludes\class-tgm-plugin-activation.php:3498
actiontgmpa_registerincludes\plugin-install.php:15
actionpre_get_postsincludes\restrictions.php:4
actiontabbed_settings_after_updateincludes\settings.php:19
actionafter_setup_themesong-book.php:58
actionafter_setup_themesong-book.php:61
actionset_current_usersong-book.php:66
actionadmin_initsong-book.php:69
actioninitsong-book.php:73
actionwp_enqueue_scriptssong-book.php:76
actionrestrict_manage_postssong-book.php:80
filterparse_querysong-book.php:81
filterpre_get_postssong-book.php:85
actionadmin_initsong-book.php:88
actionadmin_noticessong-book.php:89
filtertemplate_includesong-book.php:92
filterpre_get_postssong-book.php:95
filterpre_get_postssong-book.php:98
actionpre_get_postssong-book.php:102
actionadmin_menusong-book.php:580
actionp2p_initsong-book.php:1167
filterterm_linktemplate\single-song.php:124
filterterm_linktemplate\single-songbook-full.php:135
Maintenance & Trust

Song Book Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedSep 24, 2024
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

Song Book Alternatives

Church Content – Sermons, Events and More

Church Content – Sermons, Events and More

church-theme-content

A
99

Provides an interface for managing sermons, events, people and locations. A compatible theme is required for presenting content from these church-cent …

4K 1 CVE
Visual Bible Verse of the Day Widget

Visual Bible Verse of the Day Widget

visual-verse-of-the-day-widget

A
92

Six days a week a new photo and scripture reference will appear from The Visual Bible Verse of the Day at visualverse.thecreationspeaks.com.

1K No CVEs
sermon.net display

sermon.net display

display-sermonnet

A
100

A plugin that brings in your sermon.net data (sermon audio, sermon video, pdf, and live stream) for display on your WordPress website.

80 No CVEs
BibleUp

BibleUp

bibleup

A
92

BibleUp transforms Bible references on a webpage into links and makes the text accessible via a flexible and highly-customizable popover.

70 No CVEs
WP-Bible Embed

WP-Bible Embed

wp-bible-embed

A
85

There are many wordpress Bible plugins, but none of them embed the whole entire Bible... Except this one.

60 No CVEs
Developer Profile

Song Book Developer Profile

Justin Fletcher

5 plugins · 290 total installs

90
trust score
Avg Security Score
94/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Song Book

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/song-book/assets/css/icons.css
Version Parameters
song-book/assets/css/icons.css?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Song Book