WPRadio – WordPress Radio Streaming Plugin Security & Risk Analysis
wordpress.org/plugins/wpradioAn entire radio streaming platform within your WordPress site.
Is WPRadio – WordPress Radio Streaming Plugin Safe to Use in 2026?
Generally Safe
Score 99/100WPRadio – WordPress Radio Streaming Plugin has a strong security track record. Known vulnerabilities have been patched promptly.
The plugin "wpradio" v1.0.5 exhibits a generally good security posture in terms of modern WordPress development practices. The static analysis shows a complete absence of dangerous functions and raw SQL queries, with all SQL queries utilizing prepared statements. File operations are also not present, reducing the attack surface related to filesystem manipulation. The presence of nonce and capability checks, along with external HTTP requests being limited to one, further indicates an awareness of security. However, a significant concern is the low rate of output escaping (10%), which suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially when considering the plugin's vulnerability history.
The vulnerability history reveals a past medium-severity XSS vulnerability. While there are no currently unpatched CVEs, the prevalence of XSS in the past, coupled with poor output escaping in the current version, strongly suggests that similar vulnerabilities could exist or be reintroduced. The taint analysis finding zero flows with unsanitized paths is positive, but it should be viewed cautiously in light of the output escaping issues. The plugin has a small attack surface with only one shortcode as an entry point, and it appears to be protected by authentication, which is a strength.
In conclusion, while "wpradio" v1.0.5 demonstrates strengths in database interaction and limiting its attack surface, the critical weakness in output escaping creates a significant risk of XSS vulnerabilities. The past medium-severity XSS vulnerability reinforces this concern. Developers should prioritize addressing the output escaping issues to mitigate the risk of introducing new XSS flaws.
Key Concerns
- Low output escaping rate (10%)
- Past medium severity XSS vulnerability
WPRadio – WordPress Radio Streaming Plugin Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
WPRadio – WordPress Radio Streaming Plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
WPRadio – WordPress Radio Streaming Plugin Code Analysis
Output Escaping
WPRadio – WordPress Radio Streaming Plugin Attack Surface
Shortcodes 1
WordPress Hooks 13
Maintenance & Trust
WPRadio – WordPress Radio Streaming Plugin Maintenance & Trust
Maintenance Signals
Community Trust
WPRadio – WordPress Radio Streaming Plugin Alternatives
VMPlayer
vmplayer
VMPlayer (Vouscast Media Player) is a popout player specifically designed for Shoutcast and Icecast radio.
Shoutcast Icecast HTML5 Radio Player
shoutcast-icecast-html5-radio-player
A secure HTML5 radio player for Shoutcast, Icecast, and podcast streams with social sharing.
StreamCast – Live Radio Streaming Player
streamcast
StreamCast allows you to play IceCast, Shoutcast, Radionomy, RadioJar, RadioCo and more beautifully inside WordPress.
Radio Player Page
radio-player-page
Dedicated player pages for your radio streams, with program scheduling and continuous playback.
Radio Station by netmix® – Manage and play your Show Schedule in WordPress!
radio-station
Radio Station lets you build and manage a Show Schedule for a radio station or Internet broadcaster's WordPress website.
WPRadio – WordPress Radio Streaming Plugin Developer Profile
1 plugin · 200 total installs
How We Detect WPRadio – WordPress Radio Streaming Plugin
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wpradio/Admin/css/wpradio-admin.css/wp-content/plugins/wpradio/Public/css/wpradio-public.css/wp-content/plugins/wpradio/Public/js/wpradio-public.js/wp-content/plugins/wpradio/Public/js/wpradio-shortcode.js/wp-content/plugins/wpradio/Public/js/wpradio-shortcode-listener.js/wp-content/plugins/wpradio/Public/js/wpradio-shortcode-podcast.js/wp-content/plugins/wpradio/Public/js/wpradio-shortcode-search.js/wp-content/plugins/wpradio/Public/js/wpradio-shortcode-player.js/wp-content/plugins/wpradio/Admin/js/wpradio-admin.jswpradio-admin.css?ver=wpradio-public.css?ver=wpradio-admin.js?ver=wpradio-public.js?ver=wpradio-shortcode.js?ver=wpradio-shortcode-listener.js?ver=wpradio-shortcode-podcast.js?ver=wpradio-shortcode-search.js?ver=wpradio-shortcode-player.js?ver=HTML / DOM Fingerprints
wpradio-player-containerwpradio-player-contentwpradio-player-play-btnwpradio-player-volume-sliderwpradio-player-play-iconwpradio-player-volume-iconwpradio-player-artworkwpradio-player-artist+9 more<!-- wp_radio player --><!-- WPRadio Widget Container --><!-- WPRadio Player --><!-- WPRadio Podcast -->+1 moredata-wpradio-player-iddata-wpradio-player-stream-urldata-wpradio-player-api-urldata-wpradio-player-stream-typedata-wpradio-player-auto-playdata-wpradio-player-volume+7 moreWPRadioPlayerWPRadioPodcastWPRadioListenerswpradio_player_shortcode_paramswpradio_podcast_shortcode_paramswpradio_listeners_shortcode_params+1 more[wpradio_player][wpradio_podcast][wpradio_listeners][wpradio_search]