WP-Safety

Simple Sponsorships Security & Risk Analysis

wordpress.org/plugins/simple-sponsorships

Accept Sponsorships for any type of site, event or product. Manage & Display Sponsors.

90 active installs v1.8.1 PHP + WP 4.4+ Updated Apr 17, 2022
eventspaymentpodcastssponsorssponsorships
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Simple Sponsorships Safe to Use in 2026?

Generally Safe

Score 85/100

Simple Sponsorships has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The overall security posture of the simple-sponsorships plugin v1.8.1 appears to be moderately good, with several positive security practices observed. The plugin demonstrates a strong reliance on prepared statements for SQL queries and a high percentage of properly escaped output, which are crucial for preventing common web vulnerabilities. The presence of numerous nonce and capability checks, while zero capability checks are explicitly listed, suggests an attempt to secure various operations within the plugin. The plugin's vulnerability history is currently clear, with no known CVEs, which is a positive indicator of its historical security.

However, there are significant concerns arising from the static analysis. The presence of the `unserialize` function is a critical risk, as it can lead to Remote Code Execution if used with untrusted input. While the data doesn't explicitly state where `unserialize` is used or if it's user-controlled, its mere presence is a red flag. The taint analysis reveals two high-severity flows and eight flows with unsanitized paths, indicating potential injection vulnerabilities or other issues where data is not properly validated or escaped before being used in sensitive operations. The absence of any explicit capability checks in the reported data is also a concern, as it implies that some functionalities might be accessible to users without the appropriate permissions.

In conclusion, while the plugin benefits from a clean vulnerability history and good practices in SQL and output handling, the identified high-severity taint flows and the presence of `unserialize` represent substantial risks that require immediate attention. The lack of explicitly detailed capability checks adds to this concern. The plugin is not inherently insecure due to its clean history, but these code-level findings significantly elevate its risk profile.

Key Concerns

  • Dangerous function unserialize present
  • High severity taint flow (2 instances)
  • Flows with unsanitized paths (8 instances)
  • No explicit capability checks listed
  • Bundled Freemius library (v1.0)
Vulnerabilities
None known

Simple Sponsorships Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Simple Sponsorships Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
20 prepared
Unescaped Output
144
428 escaped
Nonce Checks
14
Capability Checks
0
File Operations
1
External Requests
2
Bundled Libraries
1

Dangerous Functions Found

unserialize$value = @unserialize( $this->session[ $key ] );includes\class-session.php:167

Bundled Libraries

Freemius1.0

SQL Query Safety

95% prepared21 total queries

Output Escaping

75% escaped572 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

13 flows8 with unsanitized paths
extra_tablenav (includes\admin\sponsorships\class-sponsorships-table-list.php:480)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Simple Sponsorships Attack Surface

Entry Points5
Unprotected0

Shortcodes 5

[ss_sponsor_form] includes\class-shortcodes.php:28
[ss_sponsorship_details] includes\class-shortcodes.php:29
[ss_sponsors] includes\class-shortcodes.php:30
[ss_packages] includes\class-shortcodes.php:31
[ss_account] includes\class-shortcodes.php:32
WordPress Hooks 89
filterwp_mail_fromincludes\abstract\class-email.php:105
filterwp_mail_from_nameincludes\abstract\class-email.php:106
filterwp_mail_content_typeincludes\abstract\class-email.php:107
filterss_settings_gatewaysincludes\abstract\class-payment-gateway.php:140
filterss_get_settings_sectionsincludes\abstract\class-payment-gateway.php:141
actionadmin_menuincludes\admin\class-admin.php:42
actionadmin_initincludes\admin\class-admin.php:43
actionadmin_enqueue_scriptsincludes\admin\class-admin.php:44
actionss_admin_page_ss_integrationsincludes\admin\class-integrations.php:19
actionss_admin_page_ss_packagesincludes\admin\class-packages.php:27
actionss_new-packageincludes\admin\class-packages.php:28
actionss_edit-packageincludes\admin\class-packages.php:29
actionss_admin_page_ss_reportsincludes\admin\class-reports.php:21
actionss_admin_page_ss_settingsincludes\admin\class-settings.php:33
actionadmin_initincludes\admin\class-settings.php:34
actionadd_meta_boxesincludes\admin\class-sponsors.php:25
actionadd_meta_boxesincludes\admin\class-sponsors.php:26
actionsave_postincludes\admin\class-sponsors.php:27
actionsave_postincludes\admin\class-sponsors.php:28
filtermanage_sponsors_posts_columnsincludes\admin\class-sponsors.php:30
actionmanage_sponsors_posts_custom_columnincludes\admin\class-sponsors.php:31
filterdisplay_post_statesincludes\admin\class-sponsors.php:33
actionss_admin_page_ss_sponsorshipsincludes\admin\class-sponsorships.php:37
actionss_new-sponsorshipincludes\admin\class-sponsorships.php:38
actionss_edit-sponsorshipincludes\admin\class-sponsorships.php:39
actionss_settings_field_sponsorship_package_selectincludes\admin\class-sponsorships.php:40
actionss_sponsorship_sponsor_createdincludes\admin\class-sponsorships.php:42
actionenqueue_block_editor_assetsincludes\class-blocks.php:19
filterblock_categoriesincludes\class-blocks.php:20
actioninitincludes\class-blocks.php:21
actioninitincludes\class-content-types.php:19
actioninitincludes\class-content-types.php:20
filtergutenberg_can_edit_post_typeincludes\class-content-types.php:21
filteruse_block_editor_for_post_typeincludes\class-content-types.php:22
actionss_email_headerincludes\class-emails.php:12
actionss_email_footerincludes\class-emails.php:13
actioninitincludes\class-query.php:43
actionwp_loadedincludes\class-query.php:45
filterquery_varsincludes\class-query.php:46
actionparse_requestincludes\class-query.php:47
filterthe_titleincludes\class-query.php:48
actioninitincludes\class-session.php:72
filterwp_session_expiration_variantincludes\class-session.php:95
filterwp_session_expirationincludes\class-session.php:96
actionplugins_loadedincludes\class-session.php:101
actioninitincludes\class-session.php:103
actioninitincludes\class-shortcodes.php:21
actionwidgets_initincludes\class-widgets.php:26
filterposts_whereincludes\db\class-db-sponsors.php:37
filterposts_joinincludes\db\class-db-sponsors.php:38
filterposts_distinctincludes\db\class-db-sponsors.php:39
filterss_sponsor_form_field_valueincludes\functions-forms.php:408
actionss_after_sponsor_form_fieldsincludes\functions-forms.php:423
filterss_form_sponsors_posted_dataincludes\functions-forms.php:466
actioninitincludes\functions-gateways.php:19
actioninitincludes\functions-gateways.php:43
actionss_settings_field_bank_transfer_accountincludes\gateways\class-bank-transfer.php:35
actionss_settings_field_paypal_documentationincludes\gateways\class-paypal.php:28
actiongform_field_advanced_settingsincludes\integrations\gravityforms\class-gf-addon.php:80
actiongform_editor_jsincludes\integrations\gravityforms\class-gf-addon.php:81
filtergform_form_settingsincludes\integrations\gravityforms\class-gf-addon.php:83
filtergform_pre_form_settings_saveincludes\integrations\gravityforms\class-gf-addon.php:84
actiongform_after_submissionincludes\integrations\gravityforms\class-gf-addon.php:86
actionplugins_loadedsimple-sponsorships.php:240
actioninitsimple-sponsorships.php:241
actioninitsimple-sponsorships.php:242
actionwp_enqueue_scriptssimple-sponsorships.php:243
actionplugins_loadedsimple-sponsorships.php:244
actionss_sponsorship_detailssimple-sponsorships.php:245
actionss_sponsorship_sponsorsimple-sponsorships.php:246
actionss_sponsorship_customer_detailssimple-sponsorships.php:247
actionss_sponsor_form_sponsorship_createdsimple-sponsorships.php:248
actionss_sponsorship_activatedsimple-sponsorships.php:249
actionss_sponsorship_activatedsimple-sponsorships.php:250
actionss_sponsorship_status_updatedsimple-sponsorships.php:251
actionss_sponsorship_status_updatedsimple-sponsorships.php:257
actionss_sponsorship_status_rejectedsimple-sponsorships.php:263
actionss_sponsor_formsimple-sponsorships.php:269
actionss_payment_formsimple-sponsorships.php:270
actionss_sponsorship_formsimple-sponsorships.php:271
filterthe_contentsimple-sponsorships.php:272
actionss_account_contentsimple-sponsorships.php:273
actionss_account_sponsorships_endpointsimple-sponsorships.php:274
actionss_account_view-sponsorship_endpointsimple-sponsorships.php:275
actionss_account_sponsor-info_endpointsimple-sponsorships.php:276
actionss_account_sponsored-content_endpointsimple-sponsorships.php:277
actionss_account_reports_endpointsimple-sponsorships.php:278
actionss_account_navigationsimple-sponsorships.php:279
actionss_insert_reportsimple-sponsorships.php:280
Maintenance & Trust

Simple Sponsorships Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedApr 17, 2022
PHP min version
Downloads6K

Community Trust

Rating74/100
Number of ratings3
Active installs90
Alternatives

Simple Sponsorships Alternatives

Paystack for The Events Calendar

Paystack for The Events Calendar

paystack-for-events-calendar

A
100

The Events Calendar provides calendars, ticketing, and powerful WordPress tools to manage your events from start to finish, and with this plugin, you …

100 No CVEs
Events Manager Pro – Payment Gateway Selector

Events Manager Pro – Payment Gateway Selector

stonehenge-em-gateway-selector

A
100

Easily set or unset your activated payment gateway(s) per individual single event in Event Manager Pro with a simple checkbox.

20 No CVEs
Jovvie In Person Payments for Event Tickets

Jovvie In Person Payments for Event Tickets

tec-jovvie-payments-gateway

A
100

Accept in person card payments for events using Event Tickets within the The Events Calendar ecosystem.

0 No CVEs
WooPayments: Integrated WooCommerce Payments

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

A
97

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 6 CVEs
WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
Developer Profile

Simple Sponsorships Developer Profile

Igor Benic

12 plugins · 2K total installs

68
trust score
Avg Security Score
84/100
Avg Patch Time
479 days
View full developer profile
Detection Fingerprints

How We Detect Simple Sponsorships

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/simple-sponsorships/assets/css/admin.css/wp-content/plugins/simple-sponsorships/assets/css/frontend.css/wp-content/plugins/simple-sponsorships/assets/js/admin.js/wp-content/plugins/simple-sponsorships/assets/js/frontend.js/wp-content/plugins/simple-sponsorships/assets/js/sponsorship-payment-validation.js/wp-content/plugins/simple-sponsorships/assets/js/sponsorship-form-validation.js/wp-content/plugins/simple-sponsorships/assets/js/custom-package-fields.js/wp-content/plugins/simple-sponsorships/assets/js/sponsorship-countdown.js+3 more
Script Paths
/wp-content/plugins/simple-sponsorships/assets/js/admin.js/wp-content/plugins/simple-sponsorships/assets/js/frontend.js/wp-content/plugins/simple-sponsorships/assets/js/sponsorship-payment-validation.js/wp-content/plugins/simple-sponsorships/assets/js/sponsorship-form-validation.js/wp-content/plugins/simple-sponsorships/assets/js/custom-package-fields.js/wp-content/plugins/simple-sponsorships/assets/js/sponsorship-countdown.js+2 more
Version Parameters
simple-sponsorships/assets/css/admin.css?ver=simple-sponsorships/assets/css/frontend.css?ver=simple-sponsorships/assets/js/admin.js?ver=simple-sponsorships/assets/js/frontend.js?ver=simple-sponsorships/assets/js/sponsorship-payment-validation.js?ver=simple-sponsorships/assets/js/sponsorship-form-validation.js?ver=simple-sponsorships/assets/js/custom-package-fields.js?ver=simple-sponsorships/assets/js/sponsorship-countdown.js?ver=simple-sponsorships/assets/js/package-slots.js?ver=simple-sponsorships/assets/js/recurring-payments.js?ver=simple-sponsorships/freemius/start.php?ver=

HTML / DOM Fingerprints

CSS Classes
simple-sponsorshipsss-sponsorship-formss-package-formss-package-detailsss-sponsor-listss-sponsorship-itemss-payment-formss-admin-settings
HTML Comments
<!-- Simple Sponsorships Payment Form --><!-- Sponsorship Item Start --><!-- Sponsorship Item End --><!-- Simple Sponsorships Package Details -->+3 more
Data Attributes
data-ss-package-iddata-ss-sponsor-iddata-ss-payment-intent
JS Globals
simpleSponsorshipsFrontendsimpleSponsorshipsAdminss_payment_paramsss_form_params
REST Endpoints
/wp-json/simple-sponsorships/v1/payment-gateway/wp-json/simple-sponsorships/v1/sponsorships/wp-json/simple-sponsorships/v1/packages
Shortcode Output
[simple_sponsorships_form][simple_sponsorships_packages][simple_sponsorships_sponsor_list][simple_sponsorships_package_details]
FAQ

Frequently Asked Questions about Simple Sponsorships