WP-Safety

mb.miniAudioPlayer – an HTML5 audio player for your mp3 files Security & Risk Analysis

wordpress.org/plugins/wp-miniaudioplayer

Transform your mp3 audio files into a nice, small light HTML5 player.

4K active installs v1.9.7 PHP + WP 3.3+ Updated Nov 13, 2021
audioaudio-playerhtml5-audiomp3music
63
C · Use Caution
CVEs total2
Unpatched1
Last CVEFeb 12, 2016
Plugin page Download
Safety Verdict

Is mb.miniAudioPlayer – an HTML5 audio player for your mp3 files Safe to Use in 2026?

Use With Caution

Score 63/100

mb.miniAudioPlayer – an HTML5 audio player for your mp3 files has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

2 known CVEs 1 unpatched Last CVE: Feb 12, 2016Updated 4yr ago
Risk Assessment

The wp-miniaudioplayer plugin exhibits a mixed security posture. On one hand, the static analysis reveals a seemingly small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are accessible without authentication. Furthermore, all SQL queries are properly prepared, and there are no identified file operations or external HTTP requests, which are positive security indicators. However, a significant concern arises from the low rate of proper output escaping (23%), suggesting a high potential for Cross-Site Scripting (XSS) vulnerabilities in how dynamic data is displayed to users.

The plugin's vulnerability history is a critical red flag. With two known CVEs, one of which remains unpatched and classified as high severity, the plugin has a track record of introducing significant security flaws. The common vulnerability types identified, Improper Authentication and XSS, align with potential weaknesses suggested by the low output escaping. The age of the last reported vulnerability (2016) might indicate a lack of active maintenance or a period of vulnerability discovery followed by inaction, which is a serious concern for ongoing security.

In conclusion, while the plugin has some good security practices in its code structure, the prevalence of potential XSS due to poor output escaping and, more importantly, the presence of an unpatched high-severity vulnerability from the past, presents a substantial risk. The lack of active patching for a known vulnerability far outweighs the seemingly clean static analysis in terms of immediate risk to a WordPress site.

Key Concerns

  • Unpatched high severity vulnerability (CVE)
  • Significant portion of output not properly escaped
  • Known vulnerability history (medium severity)
  • Bundled library (TinyMCE) may be outdated or contain vulnerabilities
Vulnerabilities
2

mb.miniAudioPlayer – an HTML5 audio player for your mp3 files Security Vulnerabilities

CVEs by Year

1 CVE in 2013
2013
1 CVE in 2016 · unpatched
2016
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2016-0796high · 7.2Improper Authentication

mb.miniAudioPlayer <= 1.7.6 - Multiple Vulnerabilities

Feb 12, 2016Unpatched
WF-979bb48d-6dbf-4bb2-90f3-573797ff23f7-wp-miniaudioplayermedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

mb.mb.miniAudioPlayer < 1.4.3 - Cross-Site Scripting

Sep 24, 2013 Patched in 1.4.3 (3773d)
Code Analysis
Analyzed Mar 16, 2026

mb.miniAudioPlayer – an HTML5 audio player for your mp3 files Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
20
6 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

TinyMCE

Output Escaping

23% escaped26 total outputs
Attack Surface

mb.miniAudioPlayer – an HTML5 audio player for your mp3 files Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 14
actionadmin_headinc\popup.php:24
actionmedia_buttonsinc\popup.php:31
actionadmin_footerinc\popup.php:32
filtermce_external_pluginsinc\popup.php:67
filtertiny_mce_before_initinc\popup.php:68
actioninitinc\popup.php:88
actionadmin_initminiAudioPlayer-admin.php:4
actionadmin_menuminiAudioPlayer-admin.php:5
actionadmin_enqueue_scriptsminiAudioPlayer-admin.php:40
filterplugin_action_linksminiAudioPlayer.php:289
actioninitminiAudioPlayer.php:308
actionwp_headminiAudioPlayer.php:412
actionwp_footerminiAudioPlayer.php:413
actionadmin_initminiAudioPlayer.php:455
Maintenance & Trust

mb.miniAudioPlayer – an HTML5 audio player for your mp3 files Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedNov 13, 2021
PHP min version
Downloads368K

Community Trust

Rating90/100
Number of ratings57
Active installs4K
Alternatives

mb.miniAudioPlayer – an HTML5 audio player for your mp3 files Alternatives

HTML5 jQuery Audio Player

HTML5 jQuery Audio Player

html5-jquery-audio-player

C
64

Finally, a trendy looking audio player plugin. Works on all modern browsers including iPhone/iPad.

1K 1 unpatched
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

mp3-music-player-by-sonaar

A
92

The most advanced Audio Player for Music & Podcast. For Elementor, Gutenberg, WooCommerce and more. Add unlimited players to any pages!

20K 13 CVEs
Music Player for Elementor – Audio Player & Podcast Player

Music Player for Elementor – Audio Player & Podcast Player

music-player-for-elementor

A
98

Audio Player for Elementor – the go-to plugin for adding MP3s, podcasts & playlists. Fully customizable, WooCommerce-ready, and mobile-friendly.

10K 2 CVEs
Karma Music Player by Kadar

Karma Music Player by Kadar

karma-by-kadar

A
85

Karma is a responsive music player plugin for WordPress with which you could insert multiple players in your website.

700 No CVEs
Radiojar Audio Player

Radiojar Audio Player

radiojar-player

A
85

Audio player plugin for Radiojar platform , just by dragging the widget or added shortcode [rj-player].

100 No CVEs
Developer Profile

mb.miniAudioPlayer – an HTML5 audio player for your mp3 files Developer Profile

pupunzi

2 plugins · 5K total installs

54
trust score
Avg Security Score
64/100
Avg Patch Time
3773 days
View full developer profile
Detection Fingerprints

How We Detect mb.miniAudioPlayer – an HTML5 audio player for your mp3 files

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-miniaudioplayer/inc/mb.miniAudioPlayer.js/wp-content/plugins/wp-miniaudioplayer/css/mb.miniAudioPlayer.css
Script Paths
/wp-content/plugins/wp-miniaudioplayer/inc/mb.miniAudioPlayer.js
Version Parameters
wp-miniaudioplayer/inc/mb.miniAudioPlayer.js?ver=wp-miniaudioplayer/css/mb.miniAudioPlayer.css?ver=

HTML / DOM Fingerprints

CSS Classes
mbMiniPlayermap_timemap_titlemap_playmap_volumemap_downloadjp-load-bar
HTML Comments
DO NOT REMOVE OR MODIFYEND - DO NOT REMOVE OR MODIFYOlder browser (IE8) - not supporting rgba()Copyright (c) 2001-2014. Matteo Bicocchi (Pupunzi);+10 more
Data Attributes
data-playeriddata-skin
JS Globals
mbMiniPlayer
FAQ

Frequently Asked Questions about mb.miniAudioPlayer – an HTML5 audio player for your mp3 files