WP-Safety

Contests & Giveaways – WordPress Contest Plugin Security & Risk Analysis

wordpress.org/plugins/giveaways-contests

Contest Cat Lets You Create Incredible Contests, Giveaways & Sweepstakes With Ease.

100 active installs v1.0.2 PHP + WP 4.0+ Updated Jul 19, 2018
contestcontestsgiveawaygiveawayssweepstakes
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Contests & Giveaways – WordPress Contest Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

Contests & Giveaways – WordPress Contest Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "giveaways-contests" plugin v1.0.2 exhibits a generally positive security posture based on the provided static analysis and vulnerability history. The absence of known CVEs and the lack of critical or high-severity taint flows are strong indicators of good security practices. The plugin also demonstrates a responsible approach to handling external interactions, with only two HTTP requests and no file operations, reducing potential attack vectors.

However, there are areas for improvement. The low percentage of prepared statements for SQL queries (27%) and the moderate rate of proper output escaping (55%) suggest potential vulnerabilities. While the taint analysis did not reveal critical issues, unsanitized paths in two flows are a concern, even if they did not escalate to a high severity in this analysis. The lack of capability checks on the identified entry points is also a significant oversight that could be exploited if an attacker can bypass other potential security measures.

In conclusion, the plugin has a solid foundation with no known historic vulnerabilities. Nevertheless, the static analysis highlights specific technical debt in SQL query preparation and output sanitization, and the absence of capability checks on entry points presents a notable risk that should be addressed.

Key Concerns

  • Low percentage of prepared statements for SQL queries
  • Moderate rate of proper output escaping
  • Flows with unsanitized paths detected
  • No capability checks on entry points
Vulnerabilities
None known

Contests & Giveaways – WordPress Contest Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Contests & Giveaways – WordPress Contest Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
8
3 prepared
Unescaped Output
23
28 escaped
Nonce Checks
5
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

27% prepared11 total queries

Output Escaping

55% escaped51 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
fca_cc_render_entries_page (includes\entries\entries.php:36)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Contests & Giveaways – WordPress Contest Plugin Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 6

authwp_ajax_fca_cc_entryincludes\api.php:47
noprivwp_ajax_fca_cc_entryincludes\api.php:48
authwp_ajax_fca_cc_set_eligible_statusincludes\api.php:71
authwp_ajax_fca_cc_reject_winnerincludes\api.php:91
authwp_ajax_fca_cc_get_winnerincludes\api.php:113
authwp_ajax_fca_cc_uninstallincludes\api.php:147

Shortcodes 1

[contest-cat] includes\contest\contest.php:102
WordPress Hooks 19
actioninitcontest-cat.php:108
filterpost_updated_messagescontest-cat.php:136
filtermanage_edit-contest_columnscontest-cat.php:150
actionmanage_contest_posts_custom_columncontest-cat.php:184
filterpost_row_actionscontest-cat.php:194
actioninitcontest-cat.php:246
filterscreen_options_show_screencontest-cat.php:255
actionadmin_enqueue_scriptscontest-cat.php:403
actionbefore_delete_postincludes\db.php:201
actionadmin_enqueue_scriptsincludes\editor\editor.php:33
actionadd_meta_boxes_contestincludes\editor\editor.php:47
actionsave_post_contestincludes\editor\editor.php:131
filterthe_contentincludes\editor\editor.php:154
filterredirect_post_locationincludes\editor\editor.php:169
actionwp_enqueue_scriptsincludes\editor\editor.php:181
actionadd_meta_boxes_contestincludes\editor\sidebar.php:23
actionadmin_menuincludes\entries\entries.php:18
actionadmin_menuincludes\upgrade.php:14
actionadmin_footerincludes\upgrade.php:44
Maintenance & Trust

Contests & Giveaways – WordPress Contest Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedJul 19, 2018
PHP min version
Downloads7K

Community Trust

Rating100/100
Number of ratings4
Active installs100
Alternatives

Contests & Giveaways – WordPress Contest Plugin Alternatives

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

rafflepress

A
88

The best WordPress giveaway plugin. Grow your email list, website traffic, and social media followers with viral contests, giveaways, and sweepstakes.

30K 11 CVEs
Woobox

Woobox

woobox

A
98

Easily embed your Woobox promotions in WordPress using a simple shortcode.

1K 2 CVEs
Run Contests, Raffles, and Giveaways with ContestsWP

Run Contests, Raffles, and Giveaways with ContestsWP

contest-code-checker

B
74

An easy to use WordPress plugin to do giveaways.

100 1 unpatched
Contests by Rewards Fuel

Contests by Rewards Fuel

contests-from-rewards-fuel

A
90

Contests by Rewards Fuel encourages your audience to take actions that build your business; it's a win-win for you and your customers!

60 3 CVEs
Gratisfaction- Loyalty, Rewards , Referral, Birthday and Giveaway Program

Gratisfaction- Loyalty, Rewards , Referral, Birthday and Giveaway Program

gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce

A
100

Loyalty + Referral + Rewards + Birthdays and Anniversaries + Giveaways + Contests + Competitions + Sweepstakes. Selling on ETSY? Reward points for yo …

700 1 CVE
Developer Profile

Contests & Giveaways – WordPress Contest Plugin Developer Profile

fatcatapps

13 plugins · 67K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
242 days
View full developer profile
Detection Fingerprints

How We Detect Contests & Giveaways – WordPress Contest Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/giveaways-contests/assets/css/contest-cat-admin.css/wp-content/plugins/giveaways-contests/assets/css/contest-cat-front.css/wp-content/plugins/giveaways-contests/assets/js/contest-cat-admin.js/wp-content/plugins/giveaways-contests/assets/js/contest-cat-front.js
Script Paths
/wp-content/plugins/giveaways-contests/assets/js/contest-cat-admin.js/wp-content/plugins/giveaways-contests/assets/js/contest-cat-front.js
Version Parameters
contest-cat/assets/css/contest-cat-admin.css?ver=contest-cat/assets/css/contest-cat-front.css?ver=contest-cat/assets/js/contest-cat-admin.js?ver=contest-cat/assets/js/contest-cat-front.js?ver=

HTML / DOM Fingerprints

CSS Classes
fca_cc_contest_formfca_cc_contest_titlefca_cc_contest_descriptionfca_cc_contest_entries_remainingfca_cc_contest_entry_buttonfca_cc_contest_success_message
HTML Comments
<!-- FCA CC -->
Data Attributes
data-contest-iddata-contest-end-timedata-contest-entries-url
JS Globals
fca_cc_ajax_objectfca_cc_contest_vars
REST Endpoints
/wp-json/contest-cat/v1/entry
Shortcode Output
[contest-cat id="
FAQ

Frequently Asked Questions about Contests & Giveaways – WordPress Contest Plugin