WP-Safety

Subject Registration Addon Security & Risk Analysis

wordpress.org/plugins/subject-registration-addon

Simple addon that enables you to add online subjects and display them for your gravity form.

0 active installs v0.1 PHP + WP 4.6+ Updated Jan 15, 2019
gravity-formgravity-form-addononline-registrationsubject-registrationtutor
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Subject Registration Addon Safe to Use in 2026?

Generally Safe

Score 85/100

Subject Registration Addon has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "subject-registration-addon" plugin v0.1 presents a significant security risk due to a large number of unprotected AJAX handlers. While the plugin does not exhibit known vulnerabilities in its history and uses prepared statements for its SQL queries, the complete absence of authentication and authorization checks on all 26 identified AJAX entry points is a major concern. This creates a wide attack surface where any unauthenticated user could potentially trigger these handlers, leading to unintended actions or information disclosure.

The static analysis reveals that 100% of its outputs are not properly escaped, which, combined with the unprotected AJAX handlers, strongly suggests a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. Although the taint analysis did not flag critical or high severity flows, the analysis was limited to only 3 flows, and the presence of unsanitized paths indicates potential issues that may not have been fully captured.

In conclusion, the plugin's lack of basic security measures like nonce and capability checks on its AJAX endpoints, coupled with unescaped output, makes it highly vulnerable. The absence of past vulnerabilities is a positive sign but does not mitigate the immediate risks posed by the current codebase. Developers should prioritize implementing proper authentication and sanitization mechanisms.

Key Concerns

  • 26 unprotected AJAX handlers
  • 0% output escaping
  • No nonce checks
  • No capability checks
  • Limited taint analysis (3 flows)
Vulnerabilities
None known

Subject Registration Addon Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Subject Registration Addon Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
16
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped16 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
rsgsrf_get_post_contents (rsgsrf-admin\functions\rsgsrf-single_post.php:5)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
26 unprotected

Subject Registration Addon Attack Surface

Entry Points26
Unprotected26

AJAX Handlers 26

noprivwp_ajax_rsgsrf_school_lvl_addrsgsrf-admin\functions\rsgsrf-school_level.php:52
authwp_ajax_rsgsrf_school_lvl_addrsgsrf-admin\functions\rsgsrf-school_level.php:53
noprivwp_ajax_rsgsrf_school_lvl_editrsgsrf-admin\functions\rsgsrf-school_level.php:69
authwp_ajax_rsgsrf_school_lvl_editrsgsrf-admin\functions\rsgsrf-school_level.php:70
noprivwp_ajax_rsgsrf_school_lvl_delrsgsrf-admin\functions\rsgsrf-school_level.php:80
authwp_ajax_rsgsrf_school_lvl_delrsgsrf-admin\functions\rsgsrf-school_level.php:81
noprivwp_ajax_rsgsrf_get_post_contentsrsgsrf-admin\functions\rsgsrf-single_post.php:3
authwp_ajax_rsgsrf_get_post_contentsrsgsrf-admin\functions\rsgsrf-single_post.php:4
noprivwp_ajax_rsgsrf_save_post_contentrsgsrf-admin\functions\rsgsrf-single_post.php:59
authwp_ajax_rsgsrf_save_post_contentrsgsrf-admin\functions\rsgsrf-single_post.php:60
noprivwp_ajax_rsgsrf_table_addrsgsrf-admin\functions\rsgsrf-tables_page.php:53
authwp_ajax_rsgsrf_table_addrsgsrf-admin\functions\rsgsrf-tables_page.php:54
noprivwp_ajax_rsgsrf_table_editrsgsrf-admin\functions\rsgsrf-tables_page.php:71
authwp_ajax_rsgsrf_table_editrsgsrf-admin\functions\rsgsrf-tables_page.php:72
noprivwp_ajax_rsgsrf_table_delrsgsrf-admin\functions\rsgsrf-tables_page.php:82
authwp_ajax_rsgsrf_table_delrsgsrf-admin\functions\rsgsrf-tables_page.php:83
noprivwp_ajax_rsgsrf_tutoring_type_addrsgsrf-admin\functions\rsgsrf-tutoring_type.php:52
authwp_ajax_rsgsrf_tutoring_type_addrsgsrf-admin\functions\rsgsrf-tutoring_type.php:53
noprivwp_ajax_rsgsrf_tutoring_type_editrsgsrf-admin\functions\rsgsrf-tutoring_type.php:70
authwp_ajax_rsgsrf_tutoring_type_editrsgsrf-admin\functions\rsgsrf-tutoring_type.php:71
noprivwp_ajax_rsgsrf_tutoring_type_delrsgsrf-admin\functions\rsgsrf-tutoring_type.php:81
authwp_ajax_rsgsrf_tutoring_type_delrsgsrf-admin\functions\rsgsrf-tutoring_type.php:82
noprivwp_ajax_rsgsrf_get_all_subjects_tablersgsrf-client\functions\rsgsrf-subjects_table.php:4
authwp_ajax_rsgsrf_get_all_subjects_tablersgsrf-client\functions\rsgsrf-subjects_table.php:5
noprivwp_ajax_rsgsrf_get_added_subject_pricersgsrf-client\functions\rsgsrf-subjects_table.php:74
authwp_ajax_rsgsrf_get_added_subject_pricersgsrf-client\functions\rsgsrf-subjects_table.php:75
WordPress Hooks 7
actioninitrsgsrf.php:35
actionadmin_menursgsrf.php:36
actionadmin_menursgsrf.php:37
actionadmin_menursgsrf.php:38
actionadmin_menursgsrf.php:39
actionadmin_enqueue_scriptsrsgsrf.php:40
actionwp_enqueue_scriptsrsgsrf.php:42
Maintenance & Trust

Subject Registration Addon Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25
Last updatedJan 15, 2019
PHP min version
Downloads933

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Subject Registration Addon Alternatives

Clone Gravity Form Entry

Clone Gravity Form Entry

clone-gravity-form-entry

A
100

Clone your gravity form entries with just one click event.

100 No CVEs
Gravity Forms Zero Spam

Gravity Forms Zero Spam

gravity-forms-zero-spam

A
100

Enhance your Gravity Forms to include anti-spam measures originally based on the work of David Walsh's "Zero Spam" technique.

100K No CVEs
Gravity Booster – Styles & Layouts for Gravity Forms

Gravity Booster – Styles & Layouts for Gravity Forms

styles-and-layouts-for-gravity-forms

A
100

Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi …

40K No CVEs
Advanced Custom Fields: Gravity Forms Add-on

Advanced Custom Fields: Gravity Forms Add-on

acf-gravityforms-add-on

A
100

Provides an Advanced Custom Field which allows a WordPress user to select a Gravity Form as part of a field group configuration.

30K No CVEs
Event Tracking for Gravity Forms

Event Tracking for Gravity Forms

gravity-forms-google-analytics-event-tracking

A
92

Easily add event tracking using Gravity Forms and your Google Analytics or Google Tag Manager account. Supports Google Analytics v3 and Gravity Forms …

20K No CVEs
Developer Profile

Subject Registration Addon Developer Profile

Ryner

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Subject Registration Addon

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/subject-registration-addon/rsgsrf-admin/assets/rsg_admin_styles.css/wp-content/plugins/subject-registration-addon/rsgsrf-admin/assets/rsg_admin_scripts.js/wp-content/plugins/subject-registration-addon/rsgsrf-client/assets/client_styles.css/wp-content/plugins/subject-registration-addon/rsgsrf-client/assets/client_scripts.js
Script Paths
https://use.fontawesome.com/releases/v5.5.0/css/all.css
Version Parameters
rsgsrf_admin_stylesrsgsrf_admin_scriptsrsgsrf_admin_extend_client_stylesrsgsrf_admin_extend_client_scriptsrsgsrf_client_stylesrsgsrf_client_scripts

HTML / DOM Fingerprints

CSS Classes
rsgsrf__contents_mainrsgsrf_reg_titlerynerg_rsgsrfrsgsrf_admin
JS Globals
myAjax
FAQ

Frequently Asked Questions about Subject Registration Addon