Does Chess Podium have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Chess Podium compatible with WordPress 6.9.4?

According to WordPress.org data, Chess Podium 1.8.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Chess Podium compatible with PHP 7.4+?

Chess Podium requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Chess Podium updated?

Chess Podium was last updated on Apr 4, 2026. Frequent updates are generally a positive security signal.

What is Chess Podium's security score?

Chess Podium has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Chess Podium Security & Risk Analysis

wordpress.org/plugins/chess-podium

Manage chess tournaments from WordPress: players, Swiss pairings, results, standings, and exports. Free plan: up to 10 players per tournament.

0 active installs v1.8.4 PHP 7.4+ WP 5.8+ Updated Apr 4, 2026

chesspairingstandingsswisstournament

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Chess Podium Safe to Use in 2026?

Generally Safe

Score 100/100

Chess Podium has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "chess-podium" v1.8.7 plugin exhibits a generally good security posture, with strong adherence to secure coding practices such as using prepared statements for all SQL queries and a very high percentage of properly escaped output. The plugin also has no recorded vulnerability history, which is a positive indicator. However, the presence of two REST API routes without permission callbacks represents a significant concern, creating potential unauthorized access points. Additionally, the use of the "assert" function 42 times is a red flag, as it can be misused in certain contexts to bypass security checks or introduce vulnerabilities, even if not directly exploitable in this analysis. The limited number of flows analyzed in the taint analysis suggests that while no critical issues were found, a more comprehensive analysis might be warranted for deeper assurance. Overall, while the plugin demonstrates a commitment to security best practices, the identified unprotected REST API endpoints and the extensive use of "assert" necessitate careful attention and remediation.

Key Concerns

REST API routes without permission callbacks
Use of 'assert' function 42 times

Vulnerabilities

None known

Chess Podium Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Chess Podium Release Timeline

v1.8.4Current

v1.8.3

v1.8.2

v1.8.1

v1.8

v1.7.9

v1.7.8

v1.7.7

v1.7.6

v1.7.5

Code Analysis

Analyzed Apr 16, 2026

Chess Podium Code Analysis

Dangerous Functions

Raw SQL Queries

77 prepared

Unescaped Output

1000 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

assertassert($i >= 0 && $j >= 0 && $i != $j);includes/class-max-weight-matching.php:107

assertassert($this->label[$w] == 0 && $this->label[$b] == 0);includes/class-max-weight-matching.php:264

assertassert($this->mate[$base] >= 0);includes/class-max-weight-matching.php:281

assertassert($this->label[$b] == 1);includes/class-max-weight-matching.php:302

assertassert($this->labelend[$b] == $this->mate[$this->blossombase[$b]]);includes/class-max-weight-matching.php:306

assertassert($this->label[$b] == 2);includes/class-max-weight-matching.php:313

assertassert($this->labelend[$b] >= 0);includes/class-max-weight-matching.php:315

assertassert($this->label[$bv] == 2 ||includes/class-max-weight-matching.php:356

assertassert($this->labelend[$bv] >= 0);includes/class-max-weight-matching.php:359

assertassert($this->label[$bw] == 2 ||includes/class-max-weight-matching.php:374

assertassert($this->labelend[$bw] >= 0);includes/class-max-weight-matching.php:377

assertassert($this->label[$bb] == 1);includes/class-max-weight-matching.php:382

assertassert($this->labelend[$b] >= 0);includes/class-max-weight-matching.php:478

assertassert($this->label[$v] == 2);includes/class-max-weight-matching.php:537

assertassert($this->inblossom[$v] == $bv);includes/class-max-weight-matching.php:538

assertassert($this->blossombase[$b] == $v);includes/class-max-weight-matching.php:612

assertassert($this->label[$bs] == 1);includes/class-max-weight-matching.php:633

assertassert($this->labelend[$bs] == $this->mate[$this->blossombase[$bs]]);includes/class-max-weight-matching.php:634

assertassert($this->label[$bt] == 2);includes/class-max-weight-matching.php:648

assertassert($this->labelend[$bt] >= 0);includes/class-max-weight-matching.php:650

assertassert($this->blossombase[$bt] == $t);includes/class-max-weight-matching.php:654

assertassert(min(array_slice($this->dualvar, 0, $this->nvertex)) + $vdualoffset >= 0);includes/class-max-weight-matching.php:680

assertassert(min(array_slice($this->dualvar, $this->nvertex)) >= 0);includes/class-max-weight-matching.php:681

assertassert($s >= 0);includes/class-max-weight-matching.php:705

assertassert($this->floorintdiv($this->mate[$i], 2) == $k && $this->floorintdiv($this->mate[$j], 2) == $k)includes/class-max-weight-matching.php:707

assertassert($s == 0);includes/class-max-weight-matching.php:708

assertassert($this->mate[$v] >= 0 || $this->dualvar[$v] + $vdualoffset == 0);includes/class-max-weight-matching.php:713

assertassert(count($this->blossomendps[$b]) % 2 == 1);includes/class-max-weight-matching.php:718

assertassert($this->mate[$this->endpoint[$p]] == $p ^ 1);includes/class-max-weight-matching.php:720

assertassert($this->mate[$this->endpoint[$p ^ 1]] == $p);includes/class-max-weight-matching.php:721

assertassert(($bk == -1 && $this->bestedge[$v] == -1) || ($this->bestedge[$v] != -1 && $bd == $this->slackincludes/class-max-weight-matching.php:748

assertassert($this->inblossom[$i] == $b || $this->inblossom[$j] == $b);includes/class-max-weight-matching.php:776

assertassert($this->inblossom[$i] != $b || $this->inblossom[$j] != $b);includes/class-max-weight-matching.php:777

assertassert($this->label[$this->inblossom[$i]] == 1 && $this->label[$this->inblossom[$j]] == 1);includes/class-max-weight-matching.php:778

assertassert($bd == $tbd);includes/class-max-weight-matching.php:789

assertassert($this->label[$this->inblossom[$v]] == 1);includes/class-max-weight-matching.php:891

assertassert($this->label[$this->inblossom[$w]] == 2);includes/class-max-weight-matching.php:935

assertassert(($kslack % 2) == 0);includes/class-max-weight-matching.php:1000

assertassert($this->maxcardinality);includes/class-max-weight-matching.php:1028

assertassert($this->label[$this->inblossom[$i]] == 1);includes/class-max-weight-matching.php:1069

assertassert($this->label[$this->inblossom[$i]] == 1);includes/class-max-weight-matching.php:1075

assertassert($this->mate[$v] == -1 || $this->mate[$this->mate[$v]] == $v);includes/class-max-weight-matching.php:1112

Bundled Libraries

dompdf

SQL Query Safety

100% prepared77 total queries

Output Escaping

98% escaped1020 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

5 flows

<class-grand-prix> (includes/class-grand-prix.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Chess Podium Attack Surface

Entry Points8

Unprotected2

AJAX Handlers 4

authwp_ajax_chess_podium_standingsincludes/class-frontend-ajax.php:15

noprivwp_ajax_chess_podium_standingsincludes/class-frontend-ajax.php:16

authwp_ajax_chess_podium_player_photoincludes/class-frontend-ajax.php:17

noprivwp_ajax_chess_podium_player_photoincludes/class-frontend-ajax.php:18

REST API Routes 2

POST/wp-json/chess-podium/v1/registration/checkoutincludes/class-registration.php:96

POST/wp-json/chess-podium/v1/registration/register-freeincludes/class-registration.php:112

Shortcodes 2

[chess_podium_registration] includes/class-registration.php:23

[chess_podium_registered_players] includes/class-registration.php:24

WordPress Hooks 35

actionadmin_menuincludes/class-admin.php:19

actionadmin_enqueue_scriptsincludes/class-admin.php:20

actionadmin_headincludes/class-admin.php:21

actionadmin_enqueue_scriptsincludes/class-admin.php:22

actionadmin_initincludes/class-admin.php:25

actionadmin_initincludes/class-admin.php:26

actionadmin_initincludes/class-admin.php:27

actioncustomize_registerincludes/class-admin.php:30

actionmedia_buttonsincludes/class-admin.php:31

actionadmin_footerincludes/class-admin.php:32

actionadmin_noticesincludes/class-admin.php:35

actionadmin_noticesincludes/class-admin.php:36

actionwp_dashboard_setupincludes/class-download-stats-dashboard.php:12

filterchess_podium_flag_img_base_pathincludes/class-export-engine.php:162

actionwp_enqueue_scriptsincludes/class-frontend.php:16

actionwp_enqueue_scriptsincludes/class-frontend.php:17

actionwp_enqueue_scriptsincludes/class-frontend.php:18

actionparse_requestincludes/class-frontend.php:21

actiontemplate_redirectincludes/class-frontend.php:22

filterquery_varsincludes/class-frontend.php:23

actionrest_api_initincludes/class-frontend.php:26

actionadmin_menuincludes/class-grand-prix.php:20

actionadmin_initincludes/class-grand-prix.php:21

actionsend_headersincludes/class-locale.php:14

actiontemplate_redirectincludes/class-locale.php:27

filterload_textdomain_mofileincludes/class-locale.php:106

actioninitincludes/class-pgn-live.php:19

filtercron_schedulesincludes/class-pgn-live.php:20

actionrest_api_initincludes/class-registration.php:25

actioninitincludes/class-registration.php:26

filterquery_varsincludes/class-registration.php:27

actiontemplate_redirectincludes/class-registration.php:28

actiontemplate_redirectincludes/class-registration.php:29

actionwpincludes/class-tournament-seo.php:98

actionwp_headincludes/class-tournament-seo.php:131

Maintenance & Trust

Chess Podium Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 4, 2026

PHP min version7.4

Downloads351

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

Chess Podium Alternatives

Tournamatch

tournamatch

A ladder and tournament plugin for eSports, physical sports, board games, and other online gaming leagues.

100 1 unpatched

MeinTurnierplan

meinturnierplan

100

Display tournament tables and match lists using custom post types, supporting Gutenberg blocks, widgets, and shortcodes.

10 No CVEs

League Table – WordPress Table Plugin

league-table-lite

100

League Table is a table plugin that you can use to create sortable and responsive tables on your WordPress website.

2K 1 CVE

RPB Chessboard

rpb-chessboard

100

This plugin allows you to typeset and display chess diagrams and PGN-encoded chess games.

1K No CVEs

Embed Chessboard

embed-chessboard

Allows for the insertion of a chessboard displaying chess games within wordpress articles.

600 1 unpatched

Developer Profile

Chess Podium Developer Profile

Marco Belemmi

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Chess Podium

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/chess-podium/chess-podium.css/wp-content/plugins/chess-podium/chess-podium.js/wp-content/plugins/chess-podium/public/css/main.css/wp-content/plugins/chess-podium/public/js/main.js/wp-content/plugins/chess-podium/public/js/chess-board.js/wp-content/plugins/chess-podium/public/js/tournament-list.js/wp-content/plugins/chess-podium/public/js/player-list.js/wp-content/plugins/chess-podium/public/js/game-viewer.js

Generator Patterns

Chess Podium v

Version Parameters

chess-podium/chess-podium.css?ver=chess-podium/chess-podium.js?ver=chess-podium/public/css/main.css?ver=chess-podium/public/js/main.js?ver=chess-podium/public/js/chess-board.js?ver=chess-podium/public/js/tournament-list.js?ver=chess-podium/public/js/player-list.js?ver=chess-podium/public/js/game-viewer.js?ver=

HTML / DOM Fingerprints

CSS Classes

chess-podium-maincp-tournament-listcp-player-listcp-game-viewercp-chessboardcp-tournament-detailscp-player-profilecp-standings-table+4 more

HTML Comments

+6 more

Data Attributes

data-tournament-iddata-player-iddata-game-iddata-round-numberdata-pairing-iddata-chess-podium-ajax-url

JS Globals

ChessPodiumchessPodiumAjaxUrlchessPodiumData

REST Endpoints

/wp-json/chess-podium/v1/tournaments/wp-json/chess-podium/v1/players/wp-json/chess-podium/v1/games/wp-json/chess-podium/v1/standings

Shortcode Output

[chess_podium_tournaments][chess_podium_players][chess_podium_games][chess_podium_standings]

FAQ

Chess Podium Security & Risk Analysis

Is Chess Podium Safe to Use in 2026?

Generally Safe

Key Concerns

Chess Podium Security Vulnerabilities

Chess Podium Release Timeline

Chess Podium Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Chess Podium Attack Surface

AJAX Handlers 4

REST API Routes 2

Shortcodes 2

Chess Podium Maintenance & Trust

Maintenance Signals

Community Trust

Chess Podium Alternatives

Tournamatch

MeinTurnierplan

League Table – WordPress Table Plugin

RPB Chessboard

Embed Chessboard

Chess Podium Developer Profile

How We Detect Chess Podium

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Chess Podium