Does Simple Golf Club have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Golf Club have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Golf Club compatible with WordPress 6.6.5?

According to WordPress.org data, Simple Golf Club 1.7.0b has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Simple Golf Club compatible with PHP 7.0+?

Simple Golf Club requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Golf Club updated?

Simple Golf Club was last updated on Oct 25, 2024. Frequent updates are generally a positive security signal.

What is Simple Golf Club's security score?

Simple Golf Club has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Golf Club Security & Risk Analysis

wordpress.org/plugins/simple-golf-club

A simple interface to manage a small golf club.

10 active installs v1.7.0b PHP 7.0+ WP 5.0+ Updated Oct 25, 2024

clubeventsgolfmanagementsport

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Simple Golf Club Safe to Use in 2026?

Generally Safe

Score 92/100

Simple Golf Club has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "simple-golf-club" plugin v1.7.0b exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices regarding SQL queries, exclusively using prepared statements and shows no recorded historical vulnerabilities, suggesting a generally conscientious development approach in these areas. The absence of dangerous functions, file operations, external HTTP requests, and bundled libraries further contributes to a seemingly cleaner codebase.

However, significant concerns arise from the static analysis. A substantial portion of the attack surface is unprotected, with all 14 REST API routes lacking permission callbacks. This is a critical oversight, as it potentially exposes sensitive functionalities to unauthenticated users. Furthermore, the complete absence of nonce checks across all entry points, including AJAX handlers (even though there are none) and REST API routes, creates a high risk for CSRF (Cross-Site Request Forgery) attacks if any of these endpoints perform state-changing operations. The output escaping, while at 71%, still leaves nearly 30% of outputs unescaped, posing a risk for XSS (Cross-Site Scripting) vulnerabilities.

Given the lack of historical vulnerabilities and the absence of critical taint flows, it might seem that the plugin is safe. However, the identified weaknesses in authentication and authorization for the REST API, coupled with the lack of nonce checks, represent major security gaps that could be easily exploited. The plugin's strength lies in its secure handling of SQL and the absence of known exploits, but its current configuration for API endpoints and the oversight in nonce implementation are significant risks that need immediate attention.

Key Concerns

REST API routes without permission callbacks
No nonce checks on entry points
Significant unescaped output

Vulnerabilities

None known

Simple Golf Club Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Simple Golf Club Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

140

337 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

71% escaped477 total outputs

Attack Surface

14 unprotected

Simple Golf Club Attack Surface

Entry Points27

Unprotected14

REST API Routes 14

GET/wp-json/simplegolfclub/v1/event/info/(?P<event_id>\d+)public\class-sgc-public-events.php:646

GET/wp-json/simplegolfclub/v1/event/tees/(?P<event_id>\d+)public\class-sgc-public-events.php:651

GET/wp-json/simplegolfclub/v1/event/groups/(?P<event_id>\d+)public\class-sgc-public-events.php:656

GET/wp-json/simplegolfclub/v1/event/players/(?P<event_id>\d+)public\class-sgc-public-events.php:661

GET/wp-json/simplegolfclub/v1/event/scorecards/(?P<event_id>\d+)public\class-sgc-public-events.php:666

GET/wp-json/simplegolfclub/v1/event/checkin/(?P<event_id>\d+)/(?P<player_id>\d+)public\class-sgc-public-events.php:671

GET/wp-json/simplegolfclub/v1/location/tees/(?P<location_id>\d+)public\class-sgc-public-locations.php:206

GET/wp-json/simplegolfclub/v1/location/events/(?P<location_id>\d+)public\class-sgc-public-locations.php:211

GET/wp-json/simplegolfclub/v1/player/info/(?P<player_id>\d+)public\class-sgc-public-players.php:320

GET/wp-json/simplegolfclub/v1/player/teams/(?P<player_id>\d+)public\class-sgc-public-players.php:325

GET/wp-json/simplegolfclub/v1/player/scorecards/(?P<player_id>\d+)public\class-sgc-public-players.php:330

GET/wp-json/simplegolfclub/v1/scorecard/info/(?P<scorecard_id>\d+)public\class-sgc-public-scorecards.php:171

GET/wp-json/simplegolfclub/v1/team/players/(?P<team_id>\d+)public\class-sgc-public-teams.php:215

GET/wp-json/simplegolfclub/v1/team/events/(?P<team_id>\d+)public\class-sgc-public-teams.php:220

Shortcodes 13

[sgc_event_info] public\class-sgc-public-events.php:634

[sgc_event_groups] public\class-sgc-public-events.php:635

[sgc_event_players] public\class-sgc-public-events.php:636

[sgc_event_teams] public\class-sgc-public-events.php:637

[sgc_event_tees] public\class-sgc-public-events.php:638

[sgc_event_checkin] public\class-sgc-public-events.php:639

[sgc_location_events] public\class-sgc-public-locations.php:198

[sgc_location_tees] public\class-sgc-public-locations.php:199

[sgc_player_info] public\class-sgc-public-players.php:312

[sgc_player_teams] public\class-sgc-public-players.php:313

[sgc_scorecard_info] public\class-sgc-public-scorecards.php:164

[sgc_team_events] public\class-sgc-public-teams.php:207

[sgc_team_players] public\class-sgc-public-teams.php:208

WordPress Hooks 36

actionplugins_loadedincludes\class-sgc.php:188

actionadmin_enqueue_scriptsincludes\class-sgc.php:201

actionadmin_enqueue_scriptsincludes\class-sgc.php:202

actionpre_get_postsincludes\class-sgc.php:203

actionadmin_menuincludes\class-sgc.php:206

actionadmin_initincludes\class-sgc.php:207

actioninitincludes\class-sgc.php:214

actionadd_meta_boxesincludes\class-sgc.php:215

actionwp_insert_post_dataincludes\class-sgc.php:216

actionsave_postincludes\class-sgc.php:217

actionadmin_enqueue_scriptsincludes\class-sgc.php:218

actioninitincludes\class-sgc.php:221

actionadd_meta_boxesincludes\class-sgc.php:222

actionsave_postincludes\class-sgc.php:223

actionwp_dashboard_setupincludes\class-sgc.php:224

actioninitincludes\class-sgc.php:227

actionadd_meta_boxesincludes\class-sgc.php:228

actionsave_postincludes\class-sgc.php:229

actioninitincludes\class-sgc.php:232

actionadd_meta_boxesincludes\class-sgc.php:233

actionsave_postincludes\class-sgc.php:234

actioninitincludes\class-sgc.php:237

actionadd_meta_boxesincludes\class-sgc.php:238

actionsave_postincludes\class-sgc.php:239

actionwp_enqueue_scriptsincludes\class-sgc.php:253

actionwp_enqueue_scriptsincludes\class-sgc.php:254

actionrest_api_initincludes\class-sgc.php:257

actioninitincludes\class-sgc.php:258

actionrest_api_initincludes\class-sgc.php:261

actioninitincludes\class-sgc.php:262

actionrest_api_initincludes\class-sgc.php:265

actioninitincludes\class-sgc.php:266

actionrest_api_initincludes\class-sgc.php:269

actioninitincludes\class-sgc.php:270

actionrest_api_initincludes\class-sgc.php:273

actioninitincludes\class-sgc.php:274

Maintenance & Trust

Simple Golf Club Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedOct 25, 2024

PHP min version7.0

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Simple Golf Club Alternatives

WP Club Manager – WordPress Sports Club Plugin

wp-club-manager

WP Club Manager is easy to set-up and has everything you need to build and manage an amazing sports club website.

700 3 CVEs

Sports Club Management

sports-club-management

Create members, competitions (leagues, ladder, knockout) (and, optional, invoices) for your (sports) club. Easy to manage and to publish on your site.

70 No CVEs

WP Events Manager

wp-events-manager

The all in one Events Manager for WordPress: create and manage events, sell event tickets online easily. No Coding Required.

30K 2 CVEs

SportsPress – Sports Club & League Manager

sportspress

SportsPress is an extendable all-in-one sports data plugin that helps sports clubs set up and manage a league or club site quickly and easily.

10K 6 CVEs

Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform

sugar-calendar-lite

Easily manage events and sell tickets on your WordPress site. Sugar Calendar is easy-to-use, reliable, and exceptionally powerful. See for yourself.

10K 1 unpatched

Developer Profile

Simple Golf Club Developer Profile

Matthew Linton

1 plugin · 10 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Golf Club

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-golf-club/admin/css/sgc-admin.css/wp-content/plugins/simple-golf-club/admin/css/sgc-admin-settings.css/wp-content/plugins/simple-golf-club/admin/css/sgc-admin-widgets.css/wp-content/plugins/simple-golf-club/admin/css/posts/sgc-admin-scorecard.css/wp-content/plugins/simple-golf-club/admin/css/posts/sgc-admin-events.css/wp-content/plugins/simple-golf-club/admin/css/posts/sgc-admin-locations.css/wp-content/plugins/simple-golf-club/admin/css/posts/sgc-admin-teams.css/wp-content/plugins/simple-golf-club/admin/css/posts/sgc-admin-players.css+5 more

Script Paths

/wp-content/plugins/simple-golf-club/admin/js/sgc-admin.js

Version Parameters

simple-golf-club/admin/css/sgc-admin.css?ver=simple-golf-club/admin/css/sgc-admin-settings.css?ver=simple-golf-club/admin/css/sgc-admin-widgets.css?ver=simple-golf-club/admin/css/posts/sgc-admin-scorecard.css?ver=simple-golf-club/admin/css/posts/sgc-admin-events.css?ver=simple-golf-club/admin/css/posts/sgc-admin-locations.css?ver=simple-golf-club/admin/css/posts/sgc-admin-teams.css?ver=simple-golf-club/admin/css/posts/sgc-admin-players.css?ver=simple-golf-club/admin/css/sgc-admin-select.css?ver=simple-golf-club/admin/css/pickadate/default.css?ver=simple-golf-club/admin/css/pickadate/default.date.css?ver=simple-golf-club/admin/css/pickadate/default.time.css?ver=simple-golf-club/admin/js/sgc-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

sgc-adminsgc-admin-settingssgc-admin-widgetssgc-scorecard-postsgc-events-postsgc-locations-postsgc-teams-postsgc-players-post+1 more

Data Attributes

data-sgc-localedata-sgc-timezonedata-sgc-url-sitedata-sgc-url-plugindata-sgc-url-rest

JS Globals

SGCtxt

REST Endpoints

/wp-json/simplegolfclub/v1

FAQ