Does GS Coaches have any unpatched vulnerabilities?

No. All known vulnerabilities in GS Coaches have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is GS Coaches compatible with WordPress 6.8.5?

According to WordPress.org data, GS Coaches 1.1.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is GS Coaches compatible with PHP 5.6+?

GS Coaches requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is GS Coaches updated?

GS Coaches was last updated on Unknown. Frequent updates are generally a positive security signal.

What is GS Coaches's security score?

GS Coaches has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GS Coaches Security & Risk Analysis

wordpress.org/plugins/gs-coach

Best Responsive Coaches with Experience, Skills, Review & Ratings, Certification.

20 active installs v1.1.1 PHP 5.6+ WP 4.3+ Updated Unknown

coaching-staffsresponsive-coachresponsive-coach-showcasewordpress-coaching-pluginwp-coach-pro

A · Safe

CVEs total1

Unpatched0

Last CVEDec 30, 2024

Plugin page Download

Safety Verdict

Is GS Coaches Safe to Use in 2026?

Generally Safe

Score 99/100

GS Coaches has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 30, 2024

Risk Assessment

The "gs-coach" plugin version 1.1.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and implementing a reasonable number of nonce and capability checks. The absence of dangerous functions and file operations further strengthens its security foundation. However, concerns arise from the output escaping, where only 65% of outputs are properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities, which aligns with its past vulnerability history. The taint analysis also revealed a flow with unsanitized paths, suggesting a potential for unintended data handling or exposure, though it was not flagged as critical or high severity.

The plugin's vulnerability history shows one medium severity CVE related to XSS, which has been patched. The fact that there are no currently unpatched vulnerabilities is positive. However, the past XSS vulnerability, combined with the static analysis showing a significant portion of outputs not properly escaped, suggests that XSS remains a potential risk if new vulnerabilities are introduced or if existing ones were not fully remediated across all instances. The plugin's limited attack surface, with only one shortcode as an entry point, is beneficial in reducing overall exposure, but the proper sanitization of that entry point is crucial.

In conclusion, "gs-coach" v1.1.1 is generally well-developed with some important security controls in place. The primary area for improvement lies in ensuring robust output escaping across all dynamic content to mitigate the risk of XSS. While the vulnerability history is somewhat reassuring, vigilance regarding the proper handling of user-supplied data is paramount, especially given the identified unsanitized flow and the percentage of unescaped outputs.

Key Concerns

Significant portion of outputs not properly escaped
Taint flow with unsanitized paths

Vulnerabilities

GS Coaches Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-56262medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GS Coaches <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 30, 2024 Patched in 1.1.1 (10d)

Code Analysis

Analyzed Mar 16, 2026

GS Coaches Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

127 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

65% escaped196 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

gs_coach_review_notice_message (gs-coaches-files\includes\gs_coaches_root.php:62)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

GS Coaches Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[gs_coaches] gs-coaches-files\includes\gs_coaches_shortcode.php:16

WordPress Hooks 32

actionadmin_enqueue_scriptsgs-coaches-files\admin\class.settings-api.php:30

actionadmin_initgs-coaches-files\admin\gs_coaches_options_config.php:11

actionadmin_menugs-coaches-files\admin\gs_coaches_options_config.php:12

actionswitch_themegs-coaches-files\appsero\Insights.php:132

actionswitch_themegs-coaches-files\appsero\Insights.php:133

actionadmin_footergs-coaches-files\appsero\Insights.php:145

actionadmin_noticesgs-coaches-files\appsero\Insights.php:162

actionadmin_initgs-coaches-files\appsero\Insights.php:165

filtercron_schedulesgs-coaches-files\appsero\Insights.php:171

actionadmin_menugs-coaches-files\gs-common-pages\gs-plugins-common-pages.php:16

actionadmin_enqueue_scriptsgs-coaches-files\gs-common-pages\gs-plugins-common-pages.php:17

actionadmin_menugs-coaches-files\gs-plugins\gs-plugins-free.php:15

actionadmin_menugs-coaches-files\gs-plugins\gs-plugins.php:15

actionwp_enqueue_scriptsgs-coaches-files\gs_coaches_scripts.php:22

actionadmin_enqueue_scriptsgs-coaches-files\gs_coaches_scripts.php:49

filtermanage_edit-gs_coaches_columnsgs-coaches-files\includes\gs_coaches_column.php:5

actionmanage_posts_custom_columngs-coaches-files\includes\gs_coaches_column.php:29

actionmanage_posts_custom_columngs-coaches-files\includes\gs_coaches_column.php:44

actioninitgs-coaches-files\includes\gs_coaches_cpt.php:52

filterwidget_textgs-coaches-files\includes\gs_coaches_cpt.php:65

actionafter_setup_themegs-coaches-files\includes\gs_coaches_cpt.php:68

actionadd_meta_boxesgs-coaches-files\includes\gs_coaches_cpt.php:84

actionadd_meta_boxesgs-coaches-files\includes\gs_coaches_cpt.php:118

actionadd_meta_boxesgs-coaches-files\includes\gs_coaches_meta_fields.php:7

actionsave_postgs-coaches-files\includes\gs_coaches_meta_fields.php:159

actionadmin_initgs-coaches-files\includes\gs_coaches_root.php:19

actionadmin_noticesgs-coaches-files\includes\gs_coaches_root.php:54

actionadmin_initgs-coaches-files\includes\gs_coaches_root.php:57

filterplugin_row_metags-coaches-files\includes\gs_coaches_root.php:188

actionwp_headgs-coaches-files\includes\gs_coaches_shortcode.php:119

actionin_admin_headergs_coaches.php:96

actionplugins_loadedgs_coaches.php:104

Maintenance & Trust

GS Coaches Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedUnknown

PHP min version5.6

Downloads5K

Community Trust

Rating100/100

Number of ratings2

Active installs20

Alternatives

GS Coaches Alternatives

No alternatives data available yet.

Developer Profile

GS Coaches Developer Profile

GS Plugins

19 plugins · 41K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

173 days

View full developer profile

Detection Fingerprints

How We Detect GS Coaches

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gs-coach/gs-coaches-files/admin/css/style.css/wp-content/plugins/gs-coach/gs-coaches-files/admin/js/script.js/wp-content/plugins/gs-coach/gs-coaches-files/css/gs_coach_style.css/wp-content/plugins/gs-coach/gs-coaches-files/js/gs_coach_script.js/wp-content/plugins/gs-coach/gs-coaches-files/css/gs-coach-themes.css

Script Paths

/wp-content/plugins/gs-coach/gs-coaches-files/admin/js/script.js/wp-content/plugins/gs-coach/gs-coaches-files/js/gs_coach_script.js/wp-content/plugins/gs-coach/gs-coaches-files/appsero/Client.php

Version Parameters

gs-coach/gs-coaches-files/admin/css/style.css?ver=gs-coach/gs-coaches-files/admin/js/script.js?ver=gs-coach/gs-coaches-files/css/gs_coach_style.css?ver=gs-coach/gs-coaches-files/js/gs_coach_script.js?ver=gs-coach/gs-coaches-files/css/gs-coach-themes.css?ver=

HTML / DOM Fingerprints

CSS Classes

gs-coach-gridgs_coach_grid_1gs_coach_grid_2gs_coach_grid_3gs_coach_grid_4gs_coach_grid_5gs_coach_grid_6gs_coach_grid_7+25 more

Data Attributes

data-gs_coach_id

JS Globals

GSCOACHES_VERSIONGSCOACHES_PLUGIN_DIRGSCOACHES_PLUGIN_URIGSCOACHES_FILES_DIRGSCOACHES_FILES_URIgscoach_data

Shortcode Output

[gs_coaches][gs_coach]

FAQ