WP-Safety

Ensemble Security & Risk Analysis

wordpress.org/plugins/ensemble

Easily manage the data for a color guard circuit (or similar sport/activity organization) with WordPress.

0 active installs v1.1.1 PHP 7.0+ WP 4.9.6+ Updated Unknown
circuitcolor-guardpercussionsportsteams
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Ensemble Safe to Use in 2026?

Generally Safe

Score 100/100

Ensemble has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The 'ensemble' plugin v1.1.1 exhibits a strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points significantly limits its attack surface. Furthermore, the code demonstrates good practices with a high percentage of SQL queries using prepared statements and a substantial majority of outputs being properly escaped. The presence of nonce and capability checks further bolsters its security, suggesting thoughtful development in these areas. The taint analysis reveals a small number of flows with unsanitized paths, but importantly, no critical or high severity issues were flagged, indicating these are likely minor or misclassified. The plugin's vulnerability history is completely clear, with zero recorded CVEs of any severity. This lack of historical vulnerabilities, combined with the static analysis findings, paints a picture of a well-developed and secure plugin.

While the plugin's overall security is impressive, the taint analysis did identify four flows with unsanitized paths. Although these did not reach critical or high severity levels, they still represent a potential weakness. The majority of SQL queries are prepared, but the small percentage that are not could be a minor concern, depending on the context of those specific queries. The limited attack surface is a significant strength, but it's worth noting that any entry points, even if currently secured, could become targets if future functionality is added without proper security considerations. In conclusion, 'ensemble' v1.1.1 appears to be a robust and secure plugin, with only minor areas for potential scrutiny based on the taint analysis. Its strong adherence to best practices in SQL prepared statements, output escaping, and authentication checks, along with a clean vulnerability history, are significant positive indicators.

Key Concerns

  • Flows with unsanitized paths
  • SQL queries without prepared statements
Vulnerabilities
None known

Ensemble Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Ensemble Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
33 prepared
Unescaped Output
30
261 escaped
Nonce Checks
12
Capability Checks
11
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

92% prepared36 total queries

Output Escaping

90% escaped291 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

8 flows4 with unsanitized paths
delete_contest (includes\components\contests\admin\class-actions.php:166)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Ensemble Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 58
actionadmin_headensemble.php:117
actionensemble_admin_noticesincludes\class-ensemble.php:138
actionensemble_units-add_unit_fieldsincludes\components\classifications\admin\class-actions.php:32
actionensemble_units-edit_unit_fieldsincludes\components\classifications\admin\class-actions.php:33
filterensemble_units-ensemble_unit_coloumnsincludes\components\classifications\admin\class-actions.php:36
filtermanage_ensemble_unit_custom_columnincludes\components\classifications\admin\class-actions.php:37
actioncreate_ensemble_unitincludes\components\classifications\admin\class-actions.php:40
actionedit_ensemble_unitincludes\components\classifications\admin\class-actions.php:41
filtermanage_edit-ensemble_class_columnsincludes\components\classifications\admin\class-actions.php:44
actionadd_tag_form_preincludes\components\classifications\admin\class-actions.php:47
actionadmin_menuincludes\components\classifications\admin\class-menu.php:30
actioninitincludes\components\contests\admin\class-actions.php:36
actioninitincludes\components\contests\admin\class-actions.php:37
actioninitincludes\components\contests\admin\class-actions.php:38
actionadmin_menuincludes\components\contests\admin\class-menu.php:31
filtermap_meta_capincludes\components\contests\class-setup.php:30
actionadmin_menuincludes\components\integrations\admin\class-menu.php:30
actioninitincludes\components\people\directors\admin\class-actions.php:35
actioninitincludes\components\people\directors\admin\class-actions.php:36
actioninitincludes\components\people\directors\admin\class-actions.php:37
actionadmin_menuincludes\components\people\directors\admin\class-menu.php:30
actioninitincludes\components\people\instructors\admin\class-actions.php:35
actioninitincludes\components\people\instructors\admin\class-actions.php:36
actioninitincludes\components\people\instructors\admin\class-actions.php:37
actionadmin_menuincludes\components\people\instructors\admin\class-menu.php:30
actionensemble_season_add_form_fieldsincludes\components\seasons\admin\class-actions.php:33
actionensemble_season_edit_formincludes\components\seasons\admin\class-actions.php:34
filtermanage_edit-ensemble_season_columnsincludes\components\seasons\admin\class-actions.php:37
filtermanage_ensemble_season_custom_columnincludes\components\seasons\admin\class-actions.php:40
filtermanage_ensemble_season_custom_columnincludes\components\seasons\admin\class-actions.php:41
filtermanage_ensemble_season_custom_columnincludes\components\seasons\admin\class-actions.php:42
actioncreate_ensemble_seasonincludes\components\seasons\admin\class-actions.php:45
actionedit_ensemble_seasonincludes\components\seasons\admin\class-actions.php:46
actionadd_tag_form_preincludes\components\seasons\admin\class-actions.php:49
actionadmin_menuincludes\components\seasons\admin\class-menu.php:30
actionensemble_unit_add_form_fieldsincludes\components\units\admin\class-actions.php:33
actionensemble_unit_edit_formincludes\components\units\admin\class-actions.php:34
filtermanage_edit-ensemble_unit_columnsincludes\components\units\admin\class-actions.php:37
filtermanage_ensemble_unit_custom_columnincludes\components\units\admin\class-actions.php:38
filtermanage_ensemble_unit_custom_columnincludes\components\units\admin\class-actions.php:39
actioncreate_ensemble_unitincludes\components\units\admin\class-actions.php:42
actionedit_ensemble_unitincludes\components\units\admin\class-actions.php:43
actionadd_tag_form_preincludes\components\units\admin\class-actions.php:46
actionadmin_menuincludes\components\units\admin\class-menu.php:30
actioninitincludes\components\venues\admin\class-actions.php:35
actioninitincludes\components\venues\admin\class-actions.php:36
actioninitincludes\components\venues\admin\class-actions.php:37
actionadmin_menuincludes\components\venues\admin\class-menu.php:31
filtermap_meta_capincludes\components\venues\class-setup.php:30
actionadmin_menuincludes\core\admin\class-menu.php:32
actionwp_enqueue_scriptsincludes\core\class-assets.php:27
actionadmin_enqueue_scriptsincludes\core\class-assets.php:28
actionquery_varsincludes\core\class-requests.php:30
filterremovable_query_argsincludes\core\class-requests.php:31
actionload-toplevel_page_ensemble-unit-adminincludes\core\class-requests.php:33
filtermap_meta_capincludes\core\class-users.php:29
actioninitincludes\core\traits\trait-taxonomy-component.php:34
filterparent_fileincludes\core\traits\trait-taxonomy-component.php:35
Maintenance & Trust

Ensemble Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.0
Last updatedUnknown
PHP min version7.0
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Ensemble Alternatives

WP Club Manager – WordPress Sports Club Plugin

WP Club Manager – WordPress Sports Club Plugin

wp-club-manager

A
90

WP Club Manager is easy to set-up and has everything you need to build and manage an amazing sports club website.

700 3 CVEs
CyberPress

CyberPress

cyberpress

A
100

Manage eSport Tournaments, Matches, Teams and Players.

200 No CVEs
Team Rosters

Team Rosters

team-rosters

B
72

Manages multiple team rosters. Creates roster tables, player galleries, and player profile pages.

200 1 unpatched
MSTW League Manager

MSTW League Manager

mstw-league-manager

B
70

Manages multiple sports leagues and seasons. Displays schedules and standings in multiple formats.

100 1 unpatched
Sportsteam Widget – Football livescore

Sportsteam Widget – Football livescore

sportsteam-widget

A
92

A widget that shows the next match of a team.

100 No CVEs
Developer Profile

Ensemble Developer Profile

Drew Jaynes

7 plugins · 4K total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Ensemble

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ensemble/assets/css/ensemble.css/wp-content/plugins/ensemble/assets/js/ensemble.js
Script Paths
/wp-content/plugins/ensemble/assets/js/ensemble.js
Version Parameters
ensemble/assets/css/ensemble.css?ver=ensemble/assets/js/ensemble.js?ver=

HTML / DOM Fingerprints

CSS Classes
ensemble-reqs-row
Data Attributes
data-plugin="ensemble/ensemble.php"
FAQ

Frequently Asked Questions about Ensemble