Does Simple Tournament Brackets have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Tournament Brackets have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Tournament Brackets compatible with WordPress 6.9.4?

According to WordPress.org data, Simple Tournament Brackets 1.3.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Simple Tournament Brackets compatible with PHP 5.6.20+?

Simple Tournament Brackets requires PHP 5.6.20 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Tournament Brackets updated?

Simple Tournament Brackets was last updated on Mar 8, 2026. Frequent updates are generally a positive security signal.

What is Simple Tournament Brackets's security score?

Simple Tournament Brackets has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Tournament Brackets Security & Risk Analysis

wordpress.org/plugins/simple-tournament-brackets

Display tournament brackets on any page using a shortcode. Supports manual seeding and any size tournaments up to 256 competitors.

300 active installs v1.3.1 PHP 5.6.20+ WP 4.7+ Updated Mar 8, 2026

bracketbracket-generatoresportstournament

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Simple Tournament Brackets Safe to Use in 2026?

Generally Safe

Score 100/100

Simple Tournament Brackets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 26d ago

Risk Assessment

The "simple-tournament-brackets" plugin version 1.3.1 exhibits a mixed security posture. On the positive side, the code demonstrates good practices in several areas. It has no recorded vulnerabilities (CVEs) to date, indicating a history of secure development or diligent patching by users. Furthermore, all SQL queries are properly prepared, all analyzed taint flows are sanitized, and the vast majority of output is correctly escaped, significantly reducing the risk of common web vulnerabilities like SQL injection and Cross-Site Scripting (XSS). The absence of dangerous functions and file operations is also a positive sign.

However, there are notable concerns primarily related to the attack surface. The plugin exposes two REST API routes that lack any permission callbacks. This means that potentially sensitive actions or data accessible via these endpoints could be accessed by any user, including unauthenticated ones, if they are not otherwise protected by WordPress's internal logic. While the static analysis and taint analysis did not reveal any immediate critical or high-severity flaws, the unprotected REST API endpoints represent a significant potential entry point for attackers. The plugin's vulnerability history is clean, but this does not negate the risk posed by the current attack surface. Overall, while the plugin appears to follow many security best practices, the unprotected REST API routes are a critical weakness that needs immediate attention to harden its security.

Key Concerns

REST API routes without permission callbacks

Vulnerabilities

None known

Simple Tournament Brackets Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Simple Tournament Brackets Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

98 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped100 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

seed_tournament (includes\classes\class-admin.php:239)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Simple Tournament Brackets Attack Surface

Entry Points2

Unprotected2

REST API Routes 2

GET/wp-json/wp/v2/stb-tournament/tournament-matches/advance/includes\classes\class-initialize.php:185

GET/wp-json/wp/v2/stb-tournament/tournament-matches/clear/includes\classes\class-initialize.php:216

WordPress Hooks 17

actionadmin_menuincludes\classes\class-admin.php:46

actionadmin_initincludes\classes\class-admin.php:47

actionadd_meta_boxes_stb-tournamentincludes\classes\class-admin.php:58

actionadmin_post_stb-activate-licenseincludes\classes\class-admin.php:59

actionadmin_post_stb-save-settingsincludes\classes\class-admin.php:60

filterviews_edit-stb-tournamentincludes\classes\class-admin.php:62

filtermanage_edit-stb-tournament_sortable_columnsincludes\classes\class-admin.php:63

filtermanage_stb-tournament_posts_columnsincludes\classes\class-admin.php:64

filterpost_row_actionsincludes\classes\class-admin.php:65

actionmanage_stb-tournament_posts_custom_columnincludes\classes\class-admin.php:66

actionpre_get_postsincludes\classes\class-admin.php:67

actionadmin_enqueue_scriptsincludes\classes\class-admin.php:68

filterpre_set_site_transient_update_pluginsincludes\classes\class-admin.php:71

filterplugins_apiincludes\classes\class-admin.php:72

actioninitsimple-tournament-brackets.php:59

actionadmin_initsimple-tournament-brackets.php:117

actionadmin_noticessimple-tournament-brackets.php:316

Maintenance & Trust

Simple Tournament Brackets Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 8, 2026

PHP min version5.6.20

Downloads7K

Community Trust

Rating82/100

Number of ratings8

Active installs300

Alternatives

Simple Tournament Brackets Alternatives

CyberPress

cyberpress

100

Manage eSport Tournaments, Matches, Teams and Players.

200 No CVEs

MSTW Bracket Builder

mstw-bracket-builder

Builds and manages tournament brackets. Displays tournament brackets (knockout rounds), and tables of games (fixtures).

100 No CVEs

Tournamatch

tournamatch

A ladder and tournament plugin for eSports, physical sports, board games, and other online gaming leagues.

100 1 unpatched

BracketCloud

bracketcloud

Implements a shortcode for embedding BracketCloud tournaments in post content.

10 No CVEs

Etsy Shop

etsy-shop

Plugin that allow you to insert Etsy Shop sections in pages or posts using the bracket/shortcode method.

4K 3 CVEs

Developer Profile

Simple Tournament Brackets Developer Profile

SimpleTournamentBrackets

1 plugin · 300 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Tournament Brackets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-tournament-brackets/assets/css/admin.css/wp-content/plugins/simple-tournament-brackets/assets/css/frontend.css/wp-content/plugins/simple-tournament-brackets/assets/js/admin.js/wp-content/plugins/simple-tournament-brackets/assets/js/frontend.js

Script Paths

/wp-content/plugins/simple-tournament-brackets/assets/js/admin.js/wp-content/plugins/simple-tournament-brackets/assets/js/frontend.js

Version Parameters

simple-tournament-brackets/assets/css/admin.css?ver=simple-tournament-brackets/assets/css/frontend.css?ver=simple-tournament-brackets/assets/js/admin.js?ver=simple-tournament-brackets/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

stb-bracketstb-matchstb-competitorstb-round-headerstb-entry

HTML Comments

Data Attributes

data-stb-tournament-iddata-stb-match-id

JS Globals

stb_frontend_optionsstb_admin_options

Shortcode Output

<div class="stb-bracket"><div class="stb-round">

FAQ