Does Sp*tify Play Button for WordPress have any unpatched vulnerabilities?

No. All known vulnerabilities in Sp*tify Play Button for WordPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Sp*tify Play Button for WordPress compatible with WordPress 6.7.5?

According to WordPress.org data, Sp*tify Play Button for WordPress 2.13 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Sp*tify Play Button for WordPress compatible with PHP 7.4+?

Sp*tify Play Button for WordPress requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Sp*tify Play Button for WordPress updated?

Sp*tify Play Button for WordPress was last updated on Nov 18, 2024. Frequent updates are generally a positive security signal.

What is Sp*tify Play Button for WordPress's security score?

Sp*tify Play Button for WordPress has a WP-Safety security score of 89/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sp*tify Play Button for WordPress Security & Risk Analysis

wordpress.org/plugins/spotify-play-button-for-wordpress

Now with Gutenberg block!

3K active installs v2.13 PHP 7.4+ WP 5.0+ Updated Nov 18, 2024

embed-spotifyspotifyspotify-play-buttonspotify-play-button-for-wordpress

A · Safe

CVEs total4

Unpatched0

Last CVENov 25, 2024

Plugin page Download

Safety Verdict

Is Sp*tify Play Button for WordPress Safe to Use in 2026?

Generally Safe

Score 89/100

Sp*tify Play Button for WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Nov 25, 2024Updated 1yr ago

Risk Assessment

The spotify-play-button-for-wordpress plugin, version 2.13, presents a mixed security profile. On the positive side, the static analysis reveals a minimal attack surface with only one shortcode and no unprotected entry points. The code demonstrates good practices by using prepared statements for all SQL queries and implementing a nonce check. Furthermore, the absence of dangerous functions, file operations, external HTTP requests, and taint flows with unsanitized paths is commendable. However, the plugin's history is a significant concern, with a total of four known medium-severity CVEs, all of which are currently patched. The common vulnerability types, Cross-Site Request Forgery (CSRF) and Cross-site Scripting (XSS), suggest potential issues with how user input is handled and validated, even though current static analysis did not flag unsanitized outputs. The fact that all past vulnerabilities have been medium-severity suggests a pattern of exploitable flaws that, while not critical, can still pose a risk if not promptly patched.

Key Concerns

Past medium severity CVEs indicate potential for XSS/CSRF
One output not properly escaped
No capability checks on shortcode

Vulnerabilities

Sp*tify Play Button for WordPress Security Vulnerabilities

CVEs by Year

3 CVEs in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2024-11192medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Spotify Play Button for WordPress <= 2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via spotifyplaybutton Shortcode

Nov 25, 2024 Patched in 2.12 (1d)

CVE-2023-41131medium · 4.3Cross-Site Request Forgery (CSRF)

Sp*tify Play Button for WordPress <= 2.10 - Cross-Site Request Forgery

Oct 3, 2023 Patched in 2.11 (410d)

CVE-2023-1840medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sp*tify Play Button for WordPress <= 2.07 - Authenticated (Administrator+) Stored Cross-Site Scripting

Apr 4, 2023 Patched in 2.08 (294d)

CVE-2023-26536medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sp*tify Play Button for WordPress <= 2.05 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Feb 24, 2023 Patched in 2.06 (333d)

Code Analysis

Analyzed Mar 16, 2026

Sp*tify Play Button for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

90% escaped10 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

spotifyplaybutton_options (sptify-play-button-for-wordpress.php:31)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Sp*tify Play Button for WordPress Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[spotifyplaybutton] sptify-play-button-for-wordpress.php:155

WordPress Hooks 6

actionplugins_loadedsptify-play-button-for-wordpress.php:18

actionadmin_menusptify-play-button-for-wordpress.php:29

actionmedia_buttonssptify-play-button-for-wordpress.php:160

actionadmin_footersptify-play-button-for-wordpress.php:187

actionadmin_footersptify-play-button-for-wordpress.php:204

actionenqueue_block_editor_assetssptify-play-button-for-wordpress.php:220

Maintenance & Trust

Sp*tify Play Button for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 18, 2024

PHP min version7.4

Downloads86K

Community Trust

Rating86/100

Number of ratings4

Active installs3K

Alternatives

Sp*tify Play Button for WordPress Alternatives

PowerPress Podcasting plugin by Blubrry

powerpress

No. 1 Podcasting plugin for WordPress.

30K 19 CVEs

Podcast Subscribe Buttons

podcast-subscribe-buttons

Add beautiful podcast subscribe buttons anywhere.

5K 2 CVEs

Anchor Episodes Index (Spotify for Podcasters)

anchor-episodes-index

A lightweight plugin that allows you to output an anchor.fm podcast player on your site that includes an episode index. Just add two URL's on the …

1K 2 CVEs

Liza Widget For Spotify and Elementor

liza-spotify-widget-for-elementor

100

Spotify Widget, Spotify, Easy to use Spotify widget.

1K No CVEs

TechGasp Music Master

spotify-master

TechGasp Music Master allows you to display in your wordpress website musics, playlists and albums of the cool and "booming" music network Spotify.

500 No CVEs

Developer Profile

Sp*tify Play Button for WordPress Developer Profile

Johan Jonk Stenström

10 plugins · 14K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

202 days

View full developer profile

Detection Fingerprints

How We Detect Sp*tify Play Button for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/spotify-play-button-for-wordpress/sptify-play-button-for-wordpress-icon.png

HTML / DOM Fingerprints

CSS Classes

my_shortcode_addspotifyplaybutton_tinymce_popup_buttonspotifyplaybutton_tinymce_popup_insert_button

Data Attributes

id="spotifyplaybutton_tinymce_popup_playlist"id="spotifyplaybutton_tinymce_popup_insert_button"

Shortcode Output

<iframe style="max-height:src="https://open.spotify.com/embed/?utm_source=generator

frameBorder="0" allowfullscreen="" allow="autoplay; clipboard-write; encrypted-media; fullscreen; picture-in-picture" loading="lazy"></iframe>

FAQ