WP-Safety

CASA Courses Security & Risk Analysis

wordpress.org/plugins/casa-courses

Connect your Casa installation to your WordPress installation.

0 active installs v1.0.3 PHP 8.1+ WP 6.4+ Updated Mar 18, 2025
administrationbookingcourseseventsparticipants
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is CASA Courses Safe to Use in 2026?

Generally Safe

Score 92/100

CASA Courses has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "casa-courses" plugin version 1.0.3 demonstrates a generally strong security posture, primarily due to its rigorous implementation of security best practices. The static analysis reveals a well-contained attack surface, with no unprotected entry points across AJAX handlers, REST API routes, or shortcodes. Furthermore, all SQL queries are properly prepared, and a high percentage of output is correctly escaped, significantly mitigating common web vulnerabilities like SQL injection and Cross-Site Scripting. The absence of any recorded vulnerabilities in its history is a positive indicator of diligent development and maintenance.

However, a single instance of the `unserialize` function is flagged as a potential concern. While the static analysis doesn't reveal any immediate unsanitized taint flows involving this function, the use of `unserialize` is inherently risky as it can lead to Remote Code Execution if the serialized data originates from an untrusted source and is not properly validated before being unserialized. The plugin also makes external HTTP requests, which, if not handled with extreme care and proper input validation, could be leveraged in certain attack scenarios. Despite these minor concerns, the plugin's overall security is good, with a strong emphasis on preventing direct attacks on its entry points.

Key Concerns

  • Use of unserialize function
  • External HTTP requests
Vulnerabilities
None known

CASA Courses Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

CASA Courses Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
12
320 escaped
Nonce Checks
5
Capability Checks
3
File Operations
0
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$data = unserialize( $serialize_data );metabox\src\BooMetaFields.php:190

Output Escaping

96% escaped332 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
casa_courses_general_form_response (admin\class-casa_courses-admin.php:182)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

CASA Courses Attack Surface

Entry Points3
Unprotected0

REST API Routes 3

GET/wp-json/casa-courses/v1/companiesincludes\class-casa_courses-init.php:140
GET/wp-json/casa-courses/v1/syncincludes\class-casa_courses-init.php:154
GET/wp-json/casa-courses/v1/connect-eventincludes\class-casa_courses-init.php:161
WordPress Hooks 48
filterwp_terms_checklist_argsincludes\class-casa_courses-init.php:101
actionrest_api_initincludes\class-casa_courses-init.php:139
actionwp_enqueue_scriptsincludes\class-casa_courses-init.php:365
actionwp_print_stylesincludes\class-casa_courses-init.php:369
actionwp_headincludes\class-casa_courses-init.php:429
actioncasa_cron_syncincludes\class-casa_courses-init.php:453
actionadmin_menuincludes\class-casa_courses-menu.php:23
actionadmin_initincludes\class-casa_courses-menu.php:28
actionadmin_initincludes\class-casa_courses-menu.php:100
actioninitincludes\class-casa_courses-routes.php:31
filtertemplate_includeincludes\class-casa_courses-routes.php:35
filterquery_varsincludes\class-casa_courses-routes.php:39
filterpre_get_document_titleincludes\class-casa_courses-routes.php:43
filterdocument_title_separatorincludes\class-casa_courses-routes.php:47
actionsend_headersincludes\class-casa_courses-routes.php:52
actioninitincludes\class-casa_courses.php:145
actioninitincludes\class-casa_courses.php:146
actioninitincludes\class-casa_courses.php:147
actioninitincludes\class-casa_courses.php:148
actioninitincludes\class-casa_courses.php:149
actionplugins_loadedincludes\class-casa_courses.php:174
actionplugins_loadedincludes\class-casa_courses.php:191
actionadmin_initincludes\class-casa_courses.php:205
actionadmin_enqueue_scriptsincludes\class-casa_courses.php:206
actionadmin_enqueue_scriptsincludes\class-casa_courses.php:207
actionadmin_post_casa_courses_general_form_responseincludes\class-casa_courses.php:208
actionwp_dashboard_setupincludes\class-casa_courses.php:209
actionwp_enqueue_scriptsincludes\class-casa_courses.php:225
actionwp_enqueue_scriptsincludes\class-casa_courses.php:226
actioncasa_courses_areas_sectionincludes\class-casa_courses.php:227
actioncasa_courses_hero_sectionincludes\class-casa_courses.php:228
actioncasa_courses_calendar_sectionincludes\class-casa_courses.php:229
actioncasa_courses_registration_sectionincludes\class-casa_courses.php:230
actioncasa_courses_calendar_table_sectionincludes\class-casa_courses.php:231
actioncasa_courses_area_soon_courseincludes\class-casa_courses.php:232
actioncasa_courses_breadcrumbincludes\class-casa_courses.php:233
actioncasa_courses_area_soon_coursesincludes\class-casa_courses.php:234
actioncasa_courses_list_view_all_sectionincludes\class-casa_courses.php:235
actioncasa_courses_eventsincludes\class-casa_courses.php:236
actioncasa_courses_formincludes\class-casa_courses.php:237
actioncasa_courses_headerincludes\class-casa_courses.php:238
actioncasa_courses_footerincludes\class-casa_courses.php:239
actioncasa_courses_form_message_sectionsincludes\class-casa_courses.php:240
filterpost_type_linkincludes\init\class-casa_courses-custom-posttype_courses.php:169
filtersingle_templateincludes\init\class-casa_courses-custom-posttype_courses.php:183
actioncasa_courses_areas_edit_form_fieldsincludes\init\class-casa_courses-custom-taxonomy_areas.php:56
actioncreated_casa_courses_areasincludes\init\class-casa_courses-custom-taxonomy_areas.php:134
actionedited_casa_courses_areasincludes\init\class-casa_courses-custom-taxonomy_areas.php:135

Scheduled Events 1

casa_cron_sync
Maintenance & Trust

CASA Courses Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 18, 2025
PHP min version8.1
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

CASA Courses Alternatives

EduAdmin Booking

EduAdmin Booking

eduadmin-booking

A
90

EduAdmin plugin to allow visitors to book courses at your website. Requires EduAdmin-account.

50 1 CVE
EduAdmin – Google Analytics / Tag Manager

EduAdmin – Google Analytics / Tag Manager

eduadmin-analytics

A
85

This plugin adds support for Google Analytics / Tag Manager to your EduAdmin plugin (WordPress only, not the course portal).

0 No CVEs
EduAdmin – Klarna Checkout WordPress-plugin

EduAdmin – Klarna Checkout WordPress-plugin

eduadmin-booking-klarna-checkout

A
85

EduAdmin - Klarna Checkout WordPress-plugin

0 No CVEs
EduAdmin – SveaWebPay WordPress-plugin

EduAdmin – SveaWebPay WordPress-plugin

eduadmin-sveawebpay

A
100

EduAdmin - SveaWebPay WordPress-plugin

0 No CVEs
EasyMe Connect

EasyMe Connect

easyme-connect

B
78

Connects your EasyMe account to Wordpress.

500 1 unpatched
Developer Profile

CASA Courses Developer Profile

foretagsakademincasa

1 plugin · 0 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect CASA Courses

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/casa-courses/metabox/src/BooMeta.css/wp-content/plugins/casa-courses/metabox/src/BooMeta.js/wp-content/plugins/casa-courses/metabox/src/BooMetaFields.js/wp-content/plugins/casa-courses/assets/css/casa-courses.css/wp-content/plugins/casa-courses/assets/js/casa-courses.js
Script Paths
/wp-content/plugins/casa-courses/metabox/src/BooMeta.js/wp-content/plugins/casa-courses/metabox/src/BooMetaFields.js/wp-content/plugins/casa-courses/assets/js/casa-courses.js
Version Parameters
casa-courses/assets/css/casa-courses.css?ver=casa-courses/assets/js/casa-courses.js?ver=casa-courses/metabox/src/BooMeta.js?ver=casa-courses/metabox/src/BooMetaFields.js?ver=

HTML / DOM Fingerprints

CSS Classes
boo-meta-wrapboo-meta-fieldsboo-meta-field-groupboo-meta-fieldboo-meta-labelboo-meta-inputcasa-courses-admin-wrapcasa-courses-courses-list+1 more
Data Attributes
data-boo-meta-field
JS Globals
CasaCoursesApiBooMetaFieldsConfigBooMeta
REST Endpoints
/wp-json/casa-courses/v1/projects/wp-json/casa-courses/v1/templates/wp-json/casa-courses/v1/events
Shortcode Output
[casa_courses_projects][casa_courses_templates][casa_courses_events]
FAQ

Frequently Asked Questions about CASA Courses