WP-Safety

Gym Builder – Fitness, Gym, Class Schedule Maker Plugin Security & Risk Analysis

wordpress.org/plugins/gym-builder

GymBuilder simplifies gym management with class schedules,trainer profiles,fitness calculators,member management,and shortcode generators.

100 active installs v2.3.1 PHP 7.4+ WP 5.5+ Updated Mar 6, 2026
bmi-calculatorclass-schedulefitnessgym-managementschedule-booking
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Gym Builder – Fitness, Gym, Class Schedule Maker Plugin Safe to Use in 2026?

Generally Safe

Score 100/100

Gym Builder – Fitness, Gym, Class Schedule Maker Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 28d ago
Risk Assessment

The 'gym-builder' plugin v2.3.1 exhibits a generally good security posture, with a high percentage of SQL queries using prepared statements and proper output escaping. The plugin also demonstrates a strong adherence to nonces and capability checks, indicating an awareness of common WordPress security best practices. Its lack of any recorded vulnerabilities or CVEs further bolsters confidence in its current security state.

However, the analysis reveals several areas of concern. A significant portion of the attack surface, specifically 6 out of 14 AJAX handlers and 1 out of 4 REST API routes, lacks proper authentication or permission checks. This presents a considerable risk, as unauthenticated or unauthorized users could potentially trigger these endpoints, leading to unintended actions or information disclosure. Additionally, the presence of the `unserialize` function, even if not immediately flagged by taint analysis in this specific version, is a known dangerous function that can lead to deserialization vulnerabilities if not handled with extreme care and proper input validation.

In conclusion, while the plugin benefits from a clean vulnerability history and strong implementation of core security features like prepared statements and output escaping, the unprotected entry points in its AJAX handlers and REST API are a notable weakness. The presence of `unserialize` also warrants caution. Developers should prioritize addressing the unprotected AJAX and REST API endpoints to mitigate potential risks.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • Presence of dangerous function (unserialize)
Vulnerabilities
None known

Gym Builder – Fitness, Gym, Class Schedule Maker Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Gym Builder – Fitness, Gym, Class Schedule Maker Plugin Code Analysis

Dangerous Functions
3
Raw SQL Queries
22
42 prepared
Unescaped Output
65
1091 escaped
Nonce Checks
17
Capability Checks
19
File Operations
6
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$args['post__in'] = unserialize($this->meta['post_in']);inc\Controllers\ShortcodeQuery.php:82
unserialize$args['post__not_in'] = unserialize($this->meta['post_not_in']);inc\Controllers\ShortcodeQuery.php:86
unserialize'terms' => unserialize($this->meta['categories']),inc\Controllers\ShortcodeQuery.php:94

Bundled Libraries

Select2

SQL Query Safety

66% prepared64 total queries

Output Escaping

94% escaped1156 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
<Review> (inc\Controllers\Admin\Notice\Review.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

Gym Builder – Fitness, Gym, Class Schedule Maker Plugin Attack Surface

Entry Points22
Unprotected7

AJAX Handlers 14

authwp_ajax_gym_builder_dismiss_offer_admin_noticeinc\Abstracts\Discount.php:200
authwp_ajax_gym_builder_insert_membersinc\Controllers\AjaxController.php:21
authwp_ajax_gym_builder_delete_memberinc\Controllers\AjaxController.php:22
authwp_ajax_gym_builder_edit_membersinc\Controllers\AjaxController.php:23
authwp_ajax_gym_builder_send_member_emailinc\Controllers\AjaxController.php:24
authwp_ajax_gym_builder_save_settingsinc\Controllers\AjaxController.php:25
authwp_ajax_gym_builder_fetch_membership_package_postsinc\Controllers\AjaxController.php:26
authwp_ajax_gym_builder_update_booking_availabilityinc\Controllers\AjaxController.php:30
authwp_ajax_gym_builder_update_booking_total_slotinc\Controllers\AjaxController.php:31
authwp_ajax_gym_builder_migrate_all_studentsinc\Controllers\StudentLoginSystem\StudentLoginSystem.php:33
noprivwp_ajax_gym_builder_member_logininc\Controllers\TrainerLoginSystem\TrainerLoginSystem.php:40
authwp_ajax_gym_builder_member_logininc\Controllers\TrainerLoginSystem\TrainerLoginSystem.php:41
authwp_ajax_gym_builder_trainer_registrationinc\Controllers\TrainerLoginSystem\TrainerLoginSystem.php:42
noprivwp_ajax_gym_builder_trainer_registrationinc\Controllers\TrainerLoginSystem\TrainerLoginSystem.php:43

REST API Routes 4

GET/wp-json/get_gym_builder/v1/pagesinc\Controllers\Admin\Api\RestApi.php:48
GET/wp-json/get_gym_builder_settings/v1/optionsinc\Controllers\Admin\Api\RestApi.php:63
GET/wp-json/gym_builder/v1/all-postsinc\Controllers\Admin\Api\RestApi.php:119
GET/wp-json/gym_builder/v1/class-scheduleinc\Controllers\Admin\Api\RestApi.php:126

Shortcodes 4

[gbclass] inc\Controllers\Frontend\ClassShortcode.php:25
[gbfitness_calculator] inc\Controllers\Frontend\FitnessCalcShortcode.php:20
[membership_package_shortcode] inc\Controllers\Frontend\MembershipPackageShortcode.php:19
[gbtrainer] inc\Controllers\Frontend\TrainerShortcode.php:24
WordPress Hooks 94
actionadmin_initinc\Abstracts\Discount.php:27
actionadmin_enqueue_scriptsinc\Abstracts\Discount.php:75
actionadmin_noticesinc\Abstracts\Discount.php:82
actionadmin_footerinc\Abstracts\Discount.php:175
actionadmin_enqueue_scriptsinc\Base\Enqueue.php:19
actionwp_enqueue_scriptsinc\Base\Enqueue.php:20
actioninitinc\Base\InitialControllers.php:65
actionplugins_loadedinc\Base\InitialControllers.php:73
actionplugins_loadedinc\Base\InitialControllers.php:74
actionafter_setup_themeinc\Base\InitialControllers.php:75
actioninitinc\Base\InitialControllers.php:76
actioninitinc\Base\InitialControllers.php:77
actioninitinc\Base\InitialControllers.php:78
actionadmin_initinc\Base\InitialControllers.php:79
actionin_admin_headerinc\Base\InitialControllers.php:172
filterplugin_row_metainc\Base\SettingsLink.php:15
filterdisplay_post_statesinc\Controllers\Admin\AddConfig.php:15
actionadmin_initinc\Controllers\Admin\AddPostMeta.php:22
actionadmin_initinc\Controllers\Admin\AddPostMeta.php:23
actionrest_api_initinc\Controllers\Admin\Api\RestApi.php:19
actionrest_api_initinc\Controllers\Admin\ExportImport\ExportImportApi.php:15
actionadmin_menuinc\Controllers\Admin\ExportImport\ExportImportPage.php:15
filtermanage_edit-gb_pricing_plan_columnsinc\Controllers\Admin\GbColumnManagement.php:15
actionmanage_gb_pricing_plan_posts_custom_columninc\Controllers\Admin\GbColumnManagement.php:16
actioninitinc\Controllers\Admin\Models\Metabox\RegisterPostMeta.php:25
actionadd_meta_boxesinc\Controllers\Admin\Models\Metabox\RegisterPostMeta.php:38
actionsave_postinc\Controllers\Admin\Models\Metabox\RegisterPostMeta.php:39
actionsave_post_gym_builder_classinc\Controllers\Admin\Models\Metabox\RegisterPostMeta.php:40
actioninitinc\Controllers\Admin\Models\Posts\RegisterPostType.php:17
actioninitinc\Controllers\Admin\Models\Posts\RegisterTaxonomy.php:17
actionadmin_initinc\Controllers\Admin\Notice\Review.php:8
actionadmin_initinc\Controllers\Admin\Notice\Review.php:9
actionadmin_noticesinc\Controllers\Admin\Notice\Review.php:37
actionin_admin_headerinc\Controllers\Admin\Notice\Review.php:265
actionadmin_footerinc\Controllers\Admin\PluginSurvey.php:11
actionadmin_menuinc\Controllers\Admin\Settings\Api\SettingsApi.php:32
actionedit_form_after_titleinc\Controllers\Admin\Shortcode\AdminInit.php:17
filtermanage_edit-gb_class_shortcode_columnsinc\Controllers\Admin\Shortcode\AdminInit.php:18
actionmanage_gb_class_shortcode_posts_custom_columninc\Controllers\Admin\Shortcode\AdminInit.php:19
actionedit_form_after_titleinc\Controllers\Admin\Shortcode\AdminInit.php:23
filtermanage_edit-gb_trainer_shortcode_columnsinc\Controllers\Admin\Shortcode\AdminInit.php:24
actionmanage_gb_trainer_shortcode_posts_custom_columninc\Controllers\Admin\Shortcode\AdminInit.php:25
actionedit_form_after_titleinc\Controllers\Admin\Shortcode\AdminInit.php:29
filtermanage_edit-gb_fitness_shortcode_columnsinc\Controllers\Admin\Shortcode\AdminInit.php:30
actionmanage_gb_fitness_shortcode_posts_custom_columninc\Controllers\Admin\Shortcode\AdminInit.php:31
actionrestrict_manage_postsinc\Controllers\Admin\Shortcode\AdminInit.php:32
actionpre_get_postsinc\Controllers\Admin\Shortcode\AdminInit.php:33
actionadmin_initinc\Controllers\Admin\Shortcode\Metabox\ClassShortcodeMeta.php:19
actionadmin_initinc\Controllers\Admin\Shortcode\Metabox\ClassShortcodeMeta.php:20
actionadmin_initinc\Controllers\Admin\Shortcode\Metabox\FitnessCalculatorShortcodeMeta.php:17
actionadmin_initinc\Controllers\Admin\Shortcode\Metabox\TrainerShortcodeMeta.php:18
actionadmin_initinc\Controllers\Admin\Shortcode\Metabox\TrainerShortcodeMeta.php:19
actiontemplate_redirectinc\Controllers\Hooks\AfterSetupTheme.php:14
filterwp_kses_allowed_htmlinc\Controllers\Hooks\FilterHooks.php:10
filterbody_classinc\Controllers\Hooks\TemplateHooks.php:19
actiongym_builder_before_main_content_wrapperinc\Controllers\Hooks\TemplateHooks.php:20
actiongym_builder_before_main_contentinc\Controllers\Hooks\TemplateHooks.php:21
actiongym_builder_after_main_contentinc\Controllers\Hooks\TemplateHooks.php:22
actiongym_builder_after_main_content_wrapperinc\Controllers\Hooks\TemplateHooks.php:23
actiongym_builder_class_loop_item_startinc\Controllers\Hooks\TemplateHooks.php:27
actiongym_builder_trainer_loop_item_startinc\Controllers\Hooks\TemplateHooks.php:31
actiongym_builder_class_loop_iteminc\Controllers\Hooks\TemplateHooks.php:35
actiongym_builder_class_loop_iteminc\Controllers\Hooks\TemplateHooks.php:37
actiongym_builder_class_loop_iteminc\Controllers\Hooks\TemplateHooks.php:39
actiongym_builder_class_loop_iteminc\Controllers\Hooks\TemplateHooks.php:41
actiongym_builder_class_loop_iteminc\Controllers\Hooks\TemplateHooks.php:43
actiongym_builder_class_loop_iteminc\Controllers\Hooks\TemplateHooks.php:45
actiongym_builder_class_loop_iteminc\Controllers\Hooks\TemplateHooks.php:47
actiongym_builder_class_loop_iteminc\Controllers\Hooks\TemplateHooks.php:49
actiongym_builder_class_loop_iteminc\Controllers\Hooks\TemplateHooks.php:51
actiongym_builder_loop_item_after_contentinc\Controllers\Hooks\TemplateHooks.php:53
actiongym_builder_class_iconinc\Controllers\Hooks\TemplateHooks.php:55
actiongym_builder_trainer_loop_iteminc\Controllers\Hooks\TemplateHooks.php:61
actiongym_builder_trainer_loop_iteminc\Controllers\Hooks\TemplateHooks.php:63
actiongym_builder_trainer_loop_iteminc\Controllers\Hooks\TemplateHooks.php:65
actiongym_builder_trainer_loop_iteminc\Controllers\Hooks\TemplateHooks.php:68
actiongym_builder_trainer_loop_iteminc\Controllers\Hooks\TemplateHooks.php:70
actiongym_builder_trainer_loop_iteminc\Controllers\Hooks\TemplateHooks.php:72
actiongym_builder_trainer_loop_iteminc\Controllers\Hooks\TemplateHooks.php:74
filtertemplate_includeinc\Controllers\Hooks\TemplateLoader.php:21
actionpre_get_postsinc\Controllers\Models\QueryBuilder.php:12
filterimage_resize_dimensionsinc\Controllers\Models\ThumbnailSizeGenerator.php:49
actioninitinc\Controllers\StudentLoginSystem\StudentLoginSystem.php:32
filterastra_dynamic_post_structure_posttypesinc\Controllers\ThemesSupport\Astra\ThemeSupport.php:19
filterastra_blog_post_per_page_exclusionsinc\Controllers\ThemesSupport\Astra\ThemeSupport.php:20
actionadmin_enqueue_scriptsinc\Controllers\ThemesSupport\OceanWP\ThemeSupport.php:18
filteroceanwp:admin:display-ocean-extra-plugin-noticeinc\Controllers\ThemesSupport\OceanWP\ThemeSupport.php:34
actioninitinc\Controllers\TrainerLoginSystem\TrainerLoginSystem.php:36
actionsave_postinc\Controllers\TrainerLoginSystem\TrainerLoginSystem.php:38
actiontransition_post_statusinc\Controllers\TrainerLoginSystem\TrainerLoginSystem.php:45
actionwidgets_initinc\Controllers\Widgets\Widgets.php:18
actionwidgets_initinc\Controllers\Widgets\Widgets.php:19
actioninitinc\Controllers\Widgets\Widgets.php:20
filterelementor/widgets/wordpress/widget_argsinc\Controllers\Widgets\Widgets.php:25
Maintenance & Trust

Gym Builder – Fitness, Gym, Class Schedule Maker Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 6, 2026
PHP min version7.4
Downloads9K

Community Trust

Rating100/100
Number of ratings6
Active installs100
Alternatives

Gym Builder – Fitness, Gym, Class Schedule Maker Plugin Alternatives

fitness calculators

fitness calculators

fitness-calculators

A
99

Plugin for calculating Water intake, BMI calculator, protein Intake for the fitness freaks.

700 2 CVEs
fitnessbliss calculators plugin

fitnessbliss calculators plugin

fitnessbliss-calculators

A
85

Plugin for calculating Water intake, BMI calculator, protein Intake for the fitness freaks.

10 No CVEs
Human BMI Calculator

Human BMI Calculator

human-bmi-calculator

A
85

Human BMI (Body Mass Index) Calculator will help you to check your current BMI for your height and weight.

10 No CVEs
WP Calorie Calculator

WP Calorie Calculator

wp-calorie-calculator

A
100

For all experts in fitness, health & calories-dependent nutrition or sports: meet the most effective marketing feature for your WordPress website!

1K No CVEs
CC BMI Calculator

CC BMI Calculator

cc-bmi-calculator

A
98

Add a free simple customizable BMI Calculator to your web site.

900 2 CVEs
Developer Profile

Gym Builder – Fitness, Gym, Class Schedule Maker Plugin Developer Profile

WP Dreamers

2 plugins · 180 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Gym Builder – Fitness, Gym, Class Schedule Maker Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gym-builder/assets/admin/images/100x100-logo.png

HTML / DOM Fingerprints

CSS Classes
gym_builder-offer-noticegym_builder_offer
Data Attributes
data-gym_builderdismissable
JS Globals
gym_builder__notice
FAQ

Frequently Asked Questions about Gym Builder – Fitness, Gym, Class Schedule Maker Plugin