Does StatsFC Player Rater have any unpatched vulnerabilities?

No. All known vulnerabilities in StatsFC Player Rater have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is StatsFC Player Rater compatible with WordPress 6.2.9?

According to WordPress.org data, StatsFC Player Rater 2.0.1 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

How often is StatsFC Player Rater updated?

StatsFC Player Rater was last updated on Jun 21, 2023. Frequent updates are generally a positive security signal.

What is StatsFC Player Rater's security score?

StatsFC Player Rater has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

StatsFC Player Rater Security & Risk Analysis

wordpress.org/plugins/statsfc-player-rater

This widget will place a player rater for all matches of any Premier League team on your website.

20 active installs v2.0.1 PHP + WP 3.3+ Updated Jun 21, 2023

footballplayerratersoccerwidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is StatsFC Player Rater Safe to Use in 2026?

Generally Safe

Score 85/100

StatsFC Player Rater has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "statsfc-player-rater" plugin v2.0.1 exhibits a generally good security posture, with no known vulnerabilities or CVEs in its history. The static analysis reveals a minimal attack surface, consisting solely of a single shortcode. Importantly, the code demonstrates robust SQL hygiene, with all queries utilizing prepared statements, and no dangerous functions or file operations were detected. However, there are areas of concern. The plugin fails to implement any nonce checks or capability checks, which is a significant weakness, especially if the shortcode handles any user-facing interactions. Furthermore, a concerning 52% of output is not properly escaped, leaving it vulnerable to Cross-Site Scripting (XSS) attacks. The taint analysis, while limited in scope, identified two flows with unsanitized paths, which, combined with the unescaped output, suggests a potential avenue for XSS exploitation.

Key Concerns

Missing nonce checks
Missing capability checks
High percentage of unescaped output
Taint flows with unsanitized paths

Vulnerabilities

None known

StatsFC Player Rater Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

StatsFC Player Rater Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

10 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

48% escaped21 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

widget (statsfc-player-rater.php:183)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

StatsFC Player Rater Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[statsfc-player-rater] statsfc-player-rater.php:278

WordPress Hooks 2

actionwp_print_footer_scriptsstatsfc-player-rater.php:251

actionwidgets_initstatsfc-player-rater.php:274

Maintenance & Trust

StatsFC Player Rater Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedJun 21, 2023

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs20

Alternatives

StatsFC Player Rater Alternatives

Soccer Widgets – Football Results & Rankings

webeki-soccer-scores

Soccer Widgets: use shortcodes to deliver updated soccer data like various table rankings and football results by competition.

100 No CVEs

StatsFC Table

statsfc-table

This widget will place a football league table on your website.

80 No CVEs

StatsFC Fixtures

statsfc-fixtures

This widget will display a list of football fixtures on your website, for a chosen competition or team.

50 No CVEs

StatsFC Results

statsfc-results

This widget will place list of football results in your website.

40 No CVEs

StatsFC Live

statsfc-live

100

This widget will display live football scores on your website, for a chosen competition or team.

30 No CVEs

Developer Profile

StatsFC Player Rater Developer Profile

Will Woodward

13 plugins · 360 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect StatsFC Player Rater

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/statsfc-player-rater/statsfc-player-rater.css/wp-content/plugins/statsfc-player-rater/statsfc-player-rater.js

Script Paths

/wp-content/plugins/statsfc-player-rater/statsfc-player-rater.js

Version Parameters

statsfc-player-rater/statsfc-player-rater.css?ver=statsfc-player-rater/statsfc-player-rater.js?ver=

HTML / DOM Fingerprints

CSS Classes

statsfc-player-rater-widget

Data Attributes

data-statsfc-player-rater-options

JS Globals

StatsFCPlayerRaterWidgetstatsfcPlayerRater

Shortcode Output

[statsfc_player_rater

FAQ