StatsFC Live Security & Risk Analysis
wordpress.org/plugins/statsfc-liveThis widget will display live football scores on your website, for a chosen competition or team.
Is StatsFC Live Safe to Use in 2026?
Generally Safe
Score 100/100StatsFC Live has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "statsfc-live" v3.0.1 plugin exhibits a generally positive security posture based on the static analysis. The absence of dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), file operations, and external HTTP requests are strong indicators of good development practices. Furthermore, the plugin has no recorded vulnerabilities (CVEs), which suggests a history of secure code or effective patching.
However, there are notable areas for concern. The plugin's output escaping is only properly implemented for 46% of its outputs, indicating a potential for cross-site scripting (XSS) vulnerabilities. While the attack surface is small, the presence of a shortcode without explicit capability checks or nonce validation could be a weak point if it handles sensitive data or user input. The taint analysis revealing flows with unsanitized paths, although not classified as critical or high severity, warrants attention as it points to potential logic flaws or unhandled data.
In conclusion, the plugin has several strengths, particularly its lack of critical vulnerabilities and secure handling of SQL queries. The primary weaknesses lie in the insufficient output escaping and potential for XSS, as well as the unspecified handling of input within the shortcode. Addressing the output escaping and ensuring the shortcode is properly secured against potential injection or misuse would significantly enhance its security.
Key Concerns
- Insufficient output escaping
- Potential XSS due to unsanitized paths
- Shortcode without capability/nonce checks
StatsFC Live Security Vulnerabilities
StatsFC Live Code Analysis
Output Escaping
Data Flow Analysis
StatsFC Live Attack Surface
Shortcodes 1
WordPress Hooks 2
Maintenance & Trust
StatsFC Live Maintenance & Trust
Maintenance Signals
Community Trust
StatsFC Live Alternatives
StatsFC Fixtures
statsfc-fixtures
This widget will display a list of football fixtures on your website, for a chosen competition or team.
StatsFC Next Fixture
statsfc-next-fixture
This widget will show the next fixture for a Premier League team on your website.
Soccer Widgets – Football Results & Rankings
webeki-soccer-scores
Soccer Widgets: use shortcodes to deliver updated soccer data like various table rankings and football results by competition.
Soccer Engine – Soccer Plugin for WordPress
soccer-engine-lite
Soccer Engine is a plugin that lets bloggers and clubs add results, fixtures, match commentaries, transfers, and a wide range of stats to articles.
StatsFC Table
statsfc-table
This widget will place a football league table on your website.
StatsFC Live Developer Profile
13 plugins · 360 total installs
How We Detect StatsFC Live
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/statsfc-live/statsfc-live.css/wp-content/plugins/statsfc-live/statsfc-live.js/wp-content/plugins/statsfc-live/statsfc-live.jsstatsfc-live/statsfc-live.css?ver=statsfc-live/statsfc-live.js?ver=HTML / DOM Fingerprints
statsfc-live-widgetdata-statsfc-live-keydata-statsfc-live-competitiondata-statsfc-live-teamdata-statsfc-live-highlightdata-statsfc-live-goalsdata-statsfc-live-assists+4 moreStatsFC_Live[statsfc_live