WP-Safety

League Table Importer for SportsPress Security & Risk Analysis

wordpress.org/plugins/league-table-importer-for-sportspress

Import league tables for SportsPress and add non existing teams to WordPress.

70 active installs v1.1 PHP + WP 4.0+ Updated Jan 6, 2016
importsportspress
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is League Table Importer for SportsPress Safe to Use in 2026?

Generally Safe

Score 85/100

League Table Importer for SportsPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The plugin 'league-table-importer-for-sportspress' v1.1 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. There are no known CVEs associated with this plugin, and its vulnerability history is clean, suggesting a well-maintained and secure codebase over time. The code analysis reveals good practices such as 100% of SQL queries using prepared statements and a high percentage of output escaping. Capability checks and nonce checks are also present.

However, there are several areas of concern. The presence of 11 instances of the `unserialize` function is a significant risk. If serialized data originates from an untrusted source, this function can lead to Remote Code Execution vulnerabilities. While taint analysis found no critical or high severity flows with unsanitized paths, the four analyzed flows all exhibited unsanitized paths, which warrants attention, especially when combined with the `unserialize` function. The plugin also bundles two libraries, dompdf and TCPDF, which, if outdated or having known vulnerabilities, could introduce risks, although specific version information is not provided here.

In conclusion, while the plugin benefits from a lack of known historical vulnerabilities and good practices in SQL and output handling, the heavy reliance on `unserialize` and the findings in taint analysis present a notable risk that requires careful consideration and mitigation strategies, particularly regarding how serialized data is handled and sourced.

Key Concerns

  • Dangerous function unserialize used 11 times
  • 4 taint flows with unsanitized paths
  • Bundled libraries dompdf, TCPDF
Vulnerabilities
None known

League Table Importer for SportsPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

League Table Importer for SportsPress Code Analysis

Dangerous Functions
11
Raw SQL Queries
0
7 prepared
Unescaped Output
29
159 escaped
Nonce Checks
4
Capability Checks
9
File Operations
190
External Requests
0
Bundled Libraries
2

Dangerous Functions Found

unserialize$this->currentObject = unserialize($obj);includes\PHPExcel\PHPExcel\CachedObjectStorage\APC.php:152
unserialize$this->currentObject = unserialize(fread($this->fileHandle, $this->cellCache[$pCoord]['sz']));includes\PHPExcel\PHPExcel\CachedObjectStorage\DiscISAM.php:118
unserialize$this->currentObject = unserialize($obj);includes\PHPExcel\PHPExcel\CachedObjectStorage\Memcache.php:156
unserialize$this->currentObject = unserialize(gzinflate($this->cellCache[$pCoord]));includes\PHPExcel\PHPExcel\CachedObjectStorage\MemoryGZip.php:93
unserialize$this->currentObject = unserialize($this->cellCache[$pCoord]);includes\PHPExcel\PHPExcel\CachedObjectStorage\MemorySerialized.php:91
unserialize$this->currentObject = unserialize(fread($this->fileHandle, $this->cellCache[$pCoord]['sz']));includes\PHPExcel\PHPExcel\CachedObjectStorage\PHPTemp.php:113
unserialize$this->currentObject = unserialize($cellResult);includes\PHPExcel\PHPExcel\CachedObjectStorage\SQLite.php:112
unserialize$this->currentObject = unserialize($cellData['value']);includes\PHPExcel\PHPExcel\CachedObjectStorage\SQLite3.php:144
unserialize$this->currentObject = unserialize($obj);includes\PHPExcel\PHPExcel\CachedObjectStorage\Wincache.php:154
unserialize$this->{$key} = unserialize(serialize($val));includes\PHPExcel\PHPExcel\Worksheet.php:2888
unserialize$this->{$key} = unserialize(serialize($val));includes\PHPExcel\PHPExcel.php:881

Bundled Libraries

dompdfTCPDF

SQL Query Safety

100% prepared7 total queries

Output Escaping

85% escaped188 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
save_additional_upload_inputs (includes\class-options-xml.php:44)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

League Table Importer for SportsPress Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 25
filtersportspress-lti_optionsincludes\class-options-excel.php:72
filtersportspress-lti_optionsincludes\class-options-xml.php:153
actioninitincludes\class-tgm-plugin-activation.php:275
actionadmin_menuincludes\class-tgm-plugin-activation.php:422
actionadmin_headincludes\class-tgm-plugin-activation.php:423
filterinstall_plugin_complete_actionsincludes\class-tgm-plugin-activation.php:426
filterupdate_plugin_complete_actionsincludes\class-tgm-plugin-activation.php:427
actionadmin_noticesincludes\class-tgm-plugin-activation.php:430
actionadmin_initincludes\class-tgm-plugin-activation.php:431
actionadmin_enqueue_scriptsincludes\class-tgm-plugin-activation.php:432
actionload-plugins.phpincludes\class-tgm-plugin-activation.php:435
actionswitch_themeincludes\class-tgm-plugin-activation.php:439
actionswitch_themeincludes\class-tgm-plugin-activation.php:442
actionadmin_initincludes\class-tgm-plugin-activation.php:447
actionswitch_themeincludes\class-tgm-plugin-activation.php:452
filterupgrader_source_selectionincludes\class-tgm-plugin-activation.php:797
actionplugins_loadedincludes\class-tgm-plugin-activation.php:1913
filtertgmpa_table_data_itemsincludes\class-tgm-plugin-activation.php:2037
filterupgrader_source_selectionincludes\class-tgm-plugin-activation.php:2764
actionadmin_initincludes\class-tgm-plugin-activation.php:2924
actionupgrader_process_completeincludes\class-tgm-plugin-activation.php:3019
filterupgrader_post_installincludes\class-tgm-plugin-activation.php:3076
filterupgrader_post_installincludes\class-tgm-plugin-activation.php:3218
actiontgmpa_registerleague-table-importer-sportspress.php:40
actionadmin_menuleague-table-importer-sportspress.php:47
Maintenance & Trust

League Table Importer for SportsPress Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedJan 6, 2016
PHP min version
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs70
Alternatives

League Table Importer for SportsPress Alternatives

All-in-One WP Migration and Backup

All-in-One WP Migration and Backup

all-in-one-wp-migration

A
90

Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.

5.0M 13 CVEs
WordPress Importer

WordPress Importer

wordpress-importer

A
98

Import posts, pages, comments, custom fields, categories, tags and more from a WordPress export file.

2.0M 1 CVE
One Click Demo Import

One Click Demo Import

one-click-demo-import

A
97

Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.

1.0M 2 CVEs
Widget Importer & Exporter

Widget Importer & Exporter

widget-importer-exporter

A
100

Import and export your widgets.

200K No CVEs
WP Migrate Lite – Migration Made Easy

WP Migrate Lite – Migration Made Easy

wp-migrate-db

A
99

Migrate your database. Export full sites including media, themes, and plugins. Find and replace content with support for serialized data.

200K 1 CVE
Developer Profile

League Table Importer for SportsPress Developer Profile

Igor Benic

12 plugins · 2K total installs

68
trust score
Avg Security Score
84/100
Avg Patch Time
479 days
View full developer profile
Detection Fingerprints

How We Detect League Table Importer for SportsPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/league-table-importer-for-sportspress/css/lti-admin.css/wp-content/plugins/league-table-importer-for-sportspress/js/lti-admin.js/wp-content/plugins/league-table-importer-for-sportspress/css/lti-frontend.css/wp-content/plugins/league-table-importer-for-sportspress/js/lti-frontend.js/wp-content/plugins/league-table-importer-for-sportspress/css/chosen.min.css/wp-content/plugins/league-table-importer-for-sportspress/js/chosen.jquery.min.js
Script Paths
/wp-content/plugins/league-table-importer-for-sportspress/js/lti-admin.js/wp-content/plugins/league-table-importer-for-sportspress/js/lti-frontend.js/wp-content/plugins/league-table-importer-for-sportspress/js/chosen.jquery.min.js
Version Parameters
/wp-content/plugins/league-table-importer-for-sportspress/css/lti-admin.css?ver=/wp-content/plugins/league-table-importer-for-sportspress/js/lti-admin.js?ver=/wp-content/plugins/league-table-importer-for-sportspress/css/lti-frontend.css?ver=/wp-content/plugins/league-table-importer-for-sportspress/js/lti-frontend.js?ver=/wp-content/plugins/league-table-importer-for-sportspress/css/chosen.min.css?ver=/wp-content/plugins/league-table-importer-for-sportspress/js/chosen.jquery.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
lti-admin-wraplti-frontend-wraplti-league-tablelti-team-namelti-team-logolti-team-playedlti-team-wonlti-team-drawn+8 more
Data Attributes
data-league-iddata-team-id
JS Globals
lti_admin_paramslti_frontend_params
Shortcode Output
[league_table[match_input
FAQ

Frequently Asked Questions about League Table Importer for SportsPress