Does StatsFC Form have any unpatched vulnerabilities?

No. All known vulnerabilities in StatsFC Form have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is StatsFC Form compatible with WordPress 6.2.9?

According to WordPress.org data, StatsFC Form 3.0.1 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

How often is StatsFC Form updated?

StatsFC Form was last updated on Jun 21, 2023. Frequent updates are generally a positive security signal.

What is StatsFC Form's security score?

StatsFC Form has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

StatsFC Form Security & Risk Analysis

wordpress.org/plugins/statsfc-form

This widget will place a current football form guide in your website.

20 active installs v3.0.1 PHP + WP 3.3+ Updated Jun 21, 2023

footballpremier-leaguesoccerwidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is StatsFC Form Safe to Use in 2026?

Generally Safe

Score 85/100

StatsFC Form has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The 'statsfc-form' plugin v3.0.1 exhibits a generally good security posture with no recorded vulnerabilities and a limited attack surface consisting of a single shortcode. The plugin also demonstrates positive development practices by exclusively using prepared statements for SQL queries and not performing file operations or external HTTP requests, which significantly reduces common attack vectors. However, there are notable areas of concern that detract from its overall security.

A significant weakness identified is the lack of proper output escaping, with only 53% of outputs being correctly sanitized. This leaves the plugin susceptible to Cross-Site Scripting (XSS) vulnerabilities, particularly if user-supplied data is rendered without adequate escaping within the shortcode's output. Furthermore, the analysis reveals two taint flows with unsanitized paths, although they are not classified as critical or high severity. The absence of nonce checks and capability checks on its entry points is also a concern, as it implies that unauthorized users could potentially trigger unintended functionality or manipulate data, especially given the presence of a shortcode that could be invoked by various users.

In conclusion, while the plugin benefits from a clean vulnerability history and responsible SQL handling, the unescaped outputs and lack of authentication/authorization checks on its single entry point present clear security risks. Addressing the output escaping and implementing appropriate checks would greatly enhance its security.

Key Concerns

Insufficient output escaping (47% unescaped)
Taint flows with unsanitized paths detected
Missing nonce checks on entry points
Missing capability checks on entry points

Vulnerabilities

None known

StatsFC Form Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

StatsFC Form Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

16 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

53% escaped30 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

widget (statsfc-form.php:212)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

StatsFC Form Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[statsfc-form] statsfc-form.php:310

WordPress Hooks 2

actionwp_print_footer_scriptsstatsfc-form.php:283

actionwidgets_initstatsfc-form.php:306

Maintenance & Trust

StatsFC Form Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedJun 21, 2023

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings1

Active installs20

Alternatives

StatsFC Form Alternatives

StatsFC Table

statsfc-table

This widget will place a football league table on your website.

80 No CVEs

StatsFC Fixtures

statsfc-fixtures

This widget will display a list of football fixtures on your website, for a chosen competition or team.

50 No CVEs

StatsFC Results

statsfc-results

This widget will place list of football results in your website.

40 No CVEs

StatsFC Next Fixture

statsfc-next-fixture

This widget will show the next fixture for a Premier League team on your website.

30 No CVEs

StatsFC Top Assisters

statsfc-top-assisters

This widget will place a live football top assisters table in your website.

10 No CVEs

Developer Profile

StatsFC Form Developer Profile

Will Woodward

13 plugins · 360 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect StatsFC Form

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/statsfc-form/css/style.css

Script Paths

/wp-content/plugins/statsfc-form/js/statsfc-form.js

Version Parameters

statsfc-form/css/style.css?ver=statsfc-form/js/statsfc-form.js?ver=

HTML / DOM Fingerprints

CSS Classes

statsfc-widget-containerstatsfc-tablestatsfc-team-highlight

HTML Comments

Data Attributes

data-statsfc-keydata-statsfc-competitiondata-statsfc-teamdata-statsfc-yeardata-statsfc-datedata-statsfc-highlight+4 more

JS Globals

StatsFC

Shortcode Output

[statsfc_form

FAQ