Spinitron Player Security & Risk Analysis
wordpress.org/plugins/spinitron-playerA streaming player for radio stations using Spinitron, with live data integration.
Is Spinitron Player Safe to Use in 2026?
Generally Safe
Score 100/100Spinitron Player has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The spinitron-player plugin version 1.0.9 exhibits a generally positive security posture with some notable exceptions. The plugin demonstrates good practices by utilizing prepared statements for all SQL queries and ensuring nearly all output is properly escaped. The absence of known vulnerabilities and critical taint flows further contributes to a favorable security outlook. However, the presence of two AJAX handlers without authentication checks represents a significant concern, creating potential entry points for unauthorized actions.
The limited attack surface, combined with strong practices in data handling and output sanitization, suggests a well-developed plugin. The external HTTP request, while present, is likely for legitimate plugin functionality and without further context or associated vulnerabilities, poses a low immediate risk. The vulnerability history being clear of any recorded CVEs is a strong indicator of historical security diligence. Despite these strengths, the unprotected AJAX endpoints necessitate careful consideration.
In conclusion, spinitron-player 1.0.9 has many security strengths, particularly in its database interaction and output handling. The lack of known vulnerabilities is also highly encouraging. The primary weakness lies in the unprotected AJAX handlers, which should be addressed to fully secure the plugin. Overall, it's a plugin with a good foundation but requires a minor refinement to eliminate potential security gaps.
Key Concerns
- AJAX handlers without authentication
- No nonce checks on AJAX handlers
Spinitron Player Security Vulnerabilities
Spinitron Player Code Analysis
Output Escaping
Spinitron Player Attack Surface
AJAX Handlers 2
Shortcodes 2
WordPress Hooks 4
Maintenance & Trust
Spinitron Player Maintenance & Trust
Maintenance Signals
Community Trust
Spinitron Player Alternatives
Simple Radio Forty Two
simple-radio-forty-two
Écoutez votre radio préférée directement depuis WordPress avec Simple Radio Forty Two.
Radio Browser Stations
lknwp-radio-browser
Display and play online radio stations from Radio-Browser.info with a beautiful player and customizable radio list.
Meks Audio Player
meks-audio-player
Easily enhance your podcast, music or any audio files with a full-featured and customizable sticky audio player.
Radio Station by netmix® – Manage and play your Show Schedule in WordPress!
radio-station
Radio Station lets you build and manage a Show Schedule for a radio station or Internet broadcaster's WordPress website.
StreamCast – Live Radio Streaming Player
streamcast
StreamCast allows you to play IceCast, Shoutcast, Radionomy, RadioJar, RadioCo and more beautifully inside WordPress.
Spinitron Player Developer Profile
4 plugins · 420 total installs
How We Detect Spinitron Player
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/spinitron-player/style.css/wp-content/plugins/spinitron-player/js/spinitron-fetch-today.js/wp-content/plugins/spinitron-player/js/spinitron-fetch-today.jsspinitron-player/style.css?ver=1.0.5spinitron-player/js/spinitron-fetch-today.js?ver=1.0.5HTML / DOM Fingerprints
spinitron-stream-buttonspinitron-stream-button-text<!-- Button markup kept IDENTICAL to your original -->data-spinitron-show-iddata-spinitron-stream-urlspinitron_paramsSpinitronSharedAudio[spinitron_player][spinitron_play_button]