Does Sport Predictions for JoomSport have any unpatched vulnerabilities?

No. All known vulnerabilities in Sport Predictions for JoomSport have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Sport Predictions for JoomSport compatible with WordPress 6.8.5?

According to WordPress.org data, Sport Predictions for JoomSport 3.0.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Sport Predictions for JoomSport compatible with PHP 7.4+?

Sport Predictions for JoomSport requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Sport Predictions for JoomSport updated?

Sport Predictions for JoomSport was last updated on Jan 20, 2026. Frequent updates are generally a positive security signal.

What is Sport Predictions for JoomSport's security score?

Sport Predictions for JoomSport has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sport Predictions for JoomSport Security Review

Safety Verdict

Is Sport Predictions for JoomSport Safe to Use in 2026?

Generally Safe

Score 100/100

Sport Predictions for JoomSport has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The joom-sport-prediction plugin v3.0.7 exhibits a concerning security posture, primarily due to a significant attack surface that lacks authentication. With 22 AJAX handlers and none of them protected by authentication checks, these entry points are wide open to potential abuse. While the plugin does not have a public vulnerability history, the static analysis reveals several concerning code signals, including the presence of the `unserialize` function, which is notoriously dangerous if used with untrusted input. Furthermore, only 30% of output is properly escaped, leaving room for cross-site scripting (XSS) vulnerabilities, and only 36% of SQL queries use prepared statements, increasing the risk of SQL injection. The high number of unsanitized paths in taint analysis, particularly 7 classified as high severity, strongly suggests that user-supplied data is not being adequately validated or sanitized before being processed, creating direct pathways for malicious input to impact the application's behavior or data.

Key Concerns

Large attack surface without auth checks
Dangerous function: unserialize
Low percentage of properly escaped output
Low percentage of prepared SQL statements
High severity taint flows (unsanitized)
Missing nonce checks on AJAX handlers

Vulnerabilities

None known

Sport Predictions for JoomSport Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Sport Predictions for JoomSport Code Analysis

Dangerous Functions

1

Raw SQL Queries

77

44 prepared

Unescaped Output

313

132 escaped

Nonce Checks

6

Capability Checks

3

File Operations

0

External Requests

0

Bundled Libraries

0

Dangerous Functions Found

unserialize$knT = unserialize($knockoutView);includes\joomsport-prediction-actions.php:558

SQL Query Safety

36% prepared121 total queries

Output Escaping

30% escaped445 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

14 flows8 with unsanitized paths

output (includes\meta-boxes\joomsport-prediction-meta-round.php:10)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

22 unprotected

Sport Predictions for JoomSport Attack Surface

Entry Points22

Unprotected22

AJAX Handlers 22

authwp_ajax_jspred_private_league_addincludes\joomsport-prediction-ajax-actions.php:15

noprivwp_ajax_jspred_private_league_addincludes\joomsport-prediction-ajax-actions.php:16

authwp_ajax_jspred_private_league_inviteincludes\joomsport-prediction-ajax-actions.php:18

noprivwp_ajax_jspred_private_league_inviteincludes\joomsport-prediction-ajax-actions.php:19

authwp_ajax_jspred_private_remove_partincludes\joomsport-prediction-ajax-actions.php:21

noprivwp_ajax_jspred_private_remove_partincludes\joomsport-prediction-ajax-actions.php:22

authwp_ajax_jspred_private_joinincludes\joomsport-prediction-ajax-actions.php:24

noprivwp_ajax_jspred_private_joinincludes\joomsport-prediction-ajax-actions.php:25

authwp_ajax_jspred_private_rejectincludes\joomsport-prediction-ajax-actions.php:27

noprivwp_ajax_jspred_private_rejectincludes\joomsport-prediction-ajax-actions.php:28

authwp_ajax_jspred_private_leaveincludes\joomsport-prediction-ajax-actions.php:30

noprivwp_ajax_jspred_private_leaveincludes\joomsport-prediction-ajax-actions.php:31

authwp_ajax_jspred_private_update_leagueincludes\joomsport-prediction-ajax-actions.php:33

noprivwp_ajax_jspred_private_update_leagueincludes\joomsport-prediction-ajax-actions.php:34

authwp_ajax_jspred_private_load_leagueincludes\joomsport-prediction-ajax-actions.php:36

noprivwp_ajax_jspred_private_load_leagueincludes\joomsport-prediction-ajax-actions.php:37

authwp_ajax_jspred_private_usersincludes\joomsport-prediction-ajax-actions.php:39

noprivwp_ajax_jspred_private_usersincludes\joomsport-prediction-ajax-actions.php:40

authwp_ajax_jspred_private_remove_leagueincludes\joomsport-prediction-ajax-actions.php:42

noprivwp_ajax_jspred_private_remove_leagueincludes\joomsport-prediction-ajax-actions.php:43

authwp_ajax_prediction_leaguemodalincludes\posts\joomsport-prediction-post-round.php:20

authwp_ajax_jspred_round_filtersincludes\posts\joomsport-prediction-post-round.php:21

WordPress Hooks 36

actionedited_joomsport_matchdayincludes\joomsport-prediction-actions.php:9

actionsave_postincludes\joomsport-prediction-actions.php:11

actionadmin_menuincludes\joomsport-prediction-admin-install.php:20

actionadmin_enqueue_scriptsincludes\joomsport-prediction-admin-install.php:43

actionadmin_enqueue_scriptsincludes\joomsport-prediction-admin-install.php:44

actioninitincludes\joomsport-prediction-admin-install.php:193

actionwp_enqueue_scriptsincludes\joomsport-prediction-admin-install.php:194

actionadmin_initincludes\joomsport-prediction-ajax-actions.php:367

actiondelete_postincludes\joomsport-prediction-delete.php:10

actionjsOnMatchDeleteincludes\joomsport-prediction-delete.php:11

actionadmin_initincludes\joomsport-prediction-functions.php:10

actionadmin_noticesincludes\joomsport-prediction-functions.php:13

actionrestrict_manage_postsincludes\joomsport-prediction-functions.php:35

filterparse_queryincludes\joomsport-prediction-functions.php:76

filtermanage_edit-jswprediction_round_columnsincludes\joomsport-prediction-functions.php:94

actionmanage_jswprediction_round_posts_custom_columnincludes\joomsport-prediction-functions.php:110

actioninitincludes\joomsport-prediction-post-types.php:11

actioninitincludes\joomsport-prediction-post-types.php:12

filterthe_contentincludes\joomsport-prediction-templates.php:13

actionwidgets_initincludes\joomsport-prediction-widgets.php:132

filterset-screen-optionincludes\pages\joomsport-prediction-page-myleagues.php:212

filterset-screen-optionincludes\pages\joomsport-prediction-page-openleagues.php:232

actionadmin_initincludes\posts\joomsport-prediction-post-league.php:18

actionedit_form_after_titleincludes\posts\joomsport-prediction-post-league.php:19

actionadmin_print_scripts-post-new.phpincludes\posts\joomsport-prediction-post-league.php:20

actionsave_postincludes\posts\joomsport-prediction-post-league.php:86

filterthe_titleincludes\posts\joomsport-prediction-post-league.php:101

actionadmin_initincludes\posts\joomsport-prediction-post-round.php:18

actionedit_form_after_titleincludes\posts\joomsport-prediction-post-round.php:19

actionsave_postincludes\posts\joomsport-prediction-post-round.php:89

actionjspred_saved_noticesportleague\classes\objects\class-jsport-prediction-userround.php:89

actionjspred_saved_noticesportleague\classes\objects\class-jsport-prediction-userround.php:95

actionjspred_saved_noticesportleague\classes\objects\class-jsport-prediction-userround.php:165

actionjspred_saved_noticesportleague\classes\objects\class-jsport-prediction-userround.php:257

actionjspred_saved_noticesportleague\classes\objects\class-jsport-prediction-userround.php:274

filterthe_titlesportleague\views\default\widgets\user-stat.php:21

Maintenance & Trust

Sport Predictions for JoomSport Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 20, 2026

PHP min version7.4

Downloads15K

Community Trust

Rating92/100

Number of ratings11

Active installs100

Alternatives

Sport Predictions for JoomSport Alternatives

Euro 2012 Predictor

euro-2012-predictor

A

85

Plugin to manage and present a fantasy football (soccer) competition for the UEFA 2012 Euro Championships

10 No CVEs

Football Predictor

football-predictor

A

100

To manage and perform a marvel football competition for the FIFA World Cup 2018.

10 No CVEs

Football Pool

football-pool

A

96

Add some game-day fun to your WordPress site! Let users predict match results, earn points, and go head-to-head in a fantasy sports pool.

700 8 CVEs

National Weather Service Alerts

national-weather-service-alerts

C

61

Easily add official National Weather Service alerts to your website.

100 1 unpatched

Worldtides Widget

worldtides-widget

A

85

This widget is perfect for anyone who wants accurate, low-cost tide predictions on their website. WorldTides.info provides tide predictions at consume …

100 No CVEs

Developer Profile

Sport Predictions for JoomSport Developer Profile

beardev

3 plugins · 1K total installs

75

trust score

Avg Security Score

94/100

Avg Patch Time

456 days

View full developer profile

Detection Fingerprints

How We Detect Sport Predictions for JoomSport

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/joomsport-prediction/sportleague/assets/css/prediction.css/wp-content/plugins/joomsport-prediction/sportleague/assets/js/jsprediction.js/wp-content/plugins/joomsport-prediction/assets/js/common.js/wp-content/plugins/joomsport-prediction/assets/css/common.css/wp-content/plugins/joomsport-prediction/assets/css/iconstyles.css

Script Paths

/wp-content/plugins/joomsport-prediction/sportleague/assets/js/jsprediction.js

Version Parameters

joomsport-prediction/sportleague/assets/css/prediction.css?ver=joomsport-prediction/sportleague/assets/js/jsprediction.js?ver=joomsport-prediction/assets/js/common.js?ver=joomsport-prediction/assets/css/common.css?ver=joomsport-prediction/assets/css/iconstyles.css?ver=

HTML / DOM Fingerprints

CSS Classes

jswprediction_leaguejswprediction_round

Data Attributes

data-wp-i18n

JS Globals