WP-Safety

Sinatra Core Security & Risk Analysis

wordpress.org/plugins/sinatra-core

Sinatra Core is an optional companion plugin for Sinatra theme. It adds additional features such as widgets, blocks and a collection of pre-built webs …

9K active installs v1.0.5 PHP 7.4+ WP 6.0+ Updated Aug 30, 2023
blockscustom-blocksdemo-templatedemoswidgets
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Sinatra Core Safe to Use in 2026?

Generally Safe

Score 85/100

Sinatra Core has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The SINATRA-core plugin v1.0.5 exhibits a generally strong security posture based on the provided static analysis. A significant positive is the complete absence of known CVEs and a history of no recorded vulnerabilities. The code also demonstrates good practices by using prepared statements for all SQL queries and implementing nonce checks and capability checks for its entry points. The attack surface is small and, critically, all identified entry points (AJAX handlers) appear to have authentication checks, which is a major strength.

However, the static analysis does reveal potential areas for improvement. A notable concern is the output escaping, where only 65% of outputs are properly escaped. This leaves a considerable portion of the plugin's output potentially vulnerable to cross-site scripting (XSS) attacks if user-supplied data is directly reflected without sufficient sanitization. While taint analysis did not reveal any unsanitized paths, the high percentage of unescaped output suggests a risk that could be exploited with carefully crafted input.

In conclusion, SINATRA-core v1.0.5 benefits from a clean vulnerability history and sound security practices in its handling of database interactions and authentication. The primary weakness identified is the suboptimal output escaping, which should be addressed to mitigate potential XSS risks. The absence of any critical or high-severity issues in the static analysis is promising, but the unescaped output is a tangible concern that warrants attention.

Key Concerns

  • Insufficient output escaping
Vulnerabilities
None known

Sinatra Core Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Sinatra Core Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
87
165 escaped
Nonce Checks
6
Capability Checks
3
File Operations
11
External Requests
4
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

65% escaped252 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
import_demo_step (includes\admin\demo-library\class-sinatra-demo-importer.php:97)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Sinatra Core Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_sinatra_core_import_stepincludes\admin\demo-library\class-sinatra-demo-importer.php:85
authwp_ajax_sinatra-core-filter-demosincludes\admin\demo-library\class-sinatra-demo-library.php:95
WordPress Hooks 26
actionafter_setup_themeincludes\admin\class-sinatra-core-admin.php:57
filtersinatra_recommended_pluginsincludes\admin\class-sinatra-core-admin.php:60
actionadmin_noticesincludes\admin\class-sinatra-core-admin.php:85
actionadmin_menuincludes\admin\class-sinatra-core-admin.php:90
actionadmin_menuincludes\admin\class-sinatra-core-admin.php:91
filtersinatra_dashboard_navigation_itemsincludes\admin\class-sinatra-core-admin.php:94
actionsinatra_after_changelogincludes\admin\class-sinatra-core-admin.php:97
actionadmin_enqueue_scriptsincludes\admin\class-sinatra-core-admin.php:100
actioninitincludes\admin\demo-library\class-sinatra-demo-exporter.php:61
filterwp_import_post_data_rawincludes\admin\demo-library\class-sinatra-demo-importer.php:88
actionadmin_menuincludes\admin\demo-library\class-sinatra-demo-library-page.php:52
actionadmin_print_footer_scripts-sinatra_page_sinatra-demo-libraryincludes\admin\demo-library\class-sinatra-demo-library-page.php:53
filtersinatra_admin_page_tabsincludes\admin\demo-library\class-sinatra-demo-library-page.php:54
filtersinatra_dashboard_navigation_itemsincludes\admin\demo-library\class-sinatra-demo-library-page.php:55
actionadmin_enqueue_scriptsincludes\admin\demo-library\class-sinatra-demo-library.php:93
actionadmin_initincludes\admin\demo-library\class-sinatra-demo-library.php:94
filterimport_post_meta_keyincludes\admin\demo-library\importers\class-wordpress-importer.php:105
filterhttp_request_timeoutincludes\admin\demo-library\importers\class-wordpress-importer.php:106
filtersinatra_dynamic_stylesincludes\widgets\class-sinatra-core-custom-list-widget.php:51
filtersinatra_dynamic_stylesincludes\widgets\class-sinatra-core-posts-list-widget.php:54
actionwidgets_initincludes\widgets\widgets.php:62
actionadmin_print_footer_scripts-widgets.phpincludes\widgets\widgets.php:88
actionwp_enqueue_scriptsincludes\widgets\widgets.php:116
actionadmin_print_footer_scripts-widgets.phpincludes\widgets\widgets.php:179
actionplugins_loadedsinatra-core.php:83
actionadmin_noticessinatra-core.php:176
Maintenance & Trust

Sinatra Core Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedAug 30, 2023
PHP min version7.4
Downloads140K

Community Trust

Rating20/100
Number of ratings1
Active installs9K
Alternatives

Sinatra Core Alternatives

Hester Core

Hester Core

hester-core

A
100

Hester Core is an optional companion plugin for Peregrine Themes theme. It adds additional features such as homepage sections, widgets, blocks and a c …

10K No CVEs
Hawk Core

Hawk Core

hawk-core

A
100

Hawk Core is the official companion plugin for the Hawk Theme.

0 No CVEs
SiteOrigin Widgets Bundle

SiteOrigin Widgets Bundle

so-widgets-bundle

A
95

Essential elements for modern websites. Add buttons, sliders, heroes, maps, images, carousels, features, icons, more. Create dynamic pages easily.

400K 11 CVEs
Widget Logic

Widget Logic

widget-logic

A
95

Widget Logic lets you control on which pages widgets appear using WP's conditional tags.

100K 2 CVEs
Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets

Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets

widget-options

B
83

0ddcemmihs4a843ekhaoofzosrunf4bl Widget Options gives you super powers to control your site’s sidebar widgets and all Gutenberg blocks on pages, posts …

100K 7 CVEs
Developer Profile

Sinatra Core Developer Profile

sinatrateam

1 plugin · 9K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Sinatra Core

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sinatra-core/assets/css/frontend.css/wp-content/plugins/sinatra-core/assets/js/frontend.js
Script Paths
/wp-content/plugins/sinatra-core/assets/js/frontend.js
Version Parameters
sinatra-core/assets/css/frontend.css?ver=sinatra-core/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
sinatra-page-builder-container
HTML Comments
Sinatra Page BuilderSinatra CoreSinatraSinatra Core v+1 more
Data Attributes
data-sinatra-builderdata-sinatra-module-typedata-sinatra-module-slug
JS Globals
sinatra_ELEMENTSSINATRA_BUILDER_PARAMSSINATRA_BUILDER_EDITOR_PARAMSsinatraBuilderSINATRA_ELEMENTS_RENDEREDSINATRA_ELEMENTS_RENDER
REST Endpoints
/wp-json/sinatra/v1/elements/wp-json/sinatra/v1/element
Shortcode Output
[sinatra_PAGE_BUILDER][SINATRA_CORE_MODULE]
FAQ

Frequently Asked Questions about Sinatra Core