Does The Soccer Stats have any unpatched vulnerabilities?

No. All known vulnerabilities in The Soccer Stats have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is The Soccer Stats compatible with WordPress 4.6.30?

According to WordPress.org data, The Soccer Stats 1.08 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is The Soccer Stats updated?

The Soccer Stats was last updated on Nov 25, 2016. Frequent updates are generally a positive security signal.

What is The Soccer Stats's security score?

The Soccer Stats has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

The Soccer Stats Security & Risk Analysis

wordpress.org/plugins/the-soccer-stats

Ultimate tool for your football (soccer) team site.

10 active installs v1.08 PHP + WP 3.0.1+ Updated Nov 25, 2016

clubfootballsoccersportsports

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is The Soccer Stats Safe to Use in 2026?

Generally Safe

Score 85/100

The Soccer Stats has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "the-soccer-stats" v1.08 plugin exhibits a mixed security posture. On the positive side, it shows strong practices in database interaction, with all SQL queries utilizing prepared statements, and no file operations or external HTTP requests are detected. The absence of known historical vulnerabilities (CVEs) and a lack of critical taint analysis findings are also encouraging signs. However, there are significant security concerns stemming from its attack surface. A substantial number of AJAX handlers (8 out of 22) lack proper authentication checks, creating potential entry points for unauthorized actions. While the taint analysis did not reveal critical or high-severity issues, the presence of unsanitized paths in all analyzed flows, even if flagged as low severity, warrants attention as it could be exploited in conjunction with other weaknesses. The limited number of nonce and capability checks on AJAX handlers further exacerbates the risk posed by the unprotected entry points.

Key Concerns

Unprotected AJAX handlers
Unsanitized paths in taint flows
Limited capability checks on AJAX
Limited nonce checks on AJAX

Vulnerabilities

None known

The Soccer Stats Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

The Soccer Stats Code Analysis

Dangerous Functions

Raw SQL Queries

28 prepared

Unescaped Output

199

378 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared28 total queries

Output Escaping

66% escaped577 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

8 flows8 with unsanitized paths

tss_add_player_to_season (ajax\ajax-admin.php:17)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

The Soccer Stats Attack Surface

Entry Points22

Unprotected8

AJAX Handlers 22

authwp_ajax_add_player_to_seasonajax\ajax-admin.php:57

noprivwp_ajax_add_player_to_seasonajax\ajax-admin.php:58

authwp_ajax_add_substitutionajax\ajax-admin.php:113

noprivwp_ajax_add_substitutionajax\ajax-admin.php:114

authwp_ajax_add_goalajax\ajax-admin.php:175

noprivwp_ajax_add_goalajax\ajax-admin.php:176

authwp_ajax_add_cardajax\ajax-admin.php:241

noprivwp_ajax_add_cardajax\ajax-admin.php:242

authwp_ajax_delete_player_from_seasonajax\ajax-admin.php:277

noprivwp_ajax_delete_player_from_seasonajax\ajax-admin.php:278

authwp_ajax_delete_from_team_statsajax\ajax-admin.php:332

noprivwp_ajax_delete_from_team_statsajax\ajax-admin.php:333

authwp_ajax_add_team_statsajax\ajax-admin.php:396

noprivwp_ajax_add_team_statsajax\ajax-admin.php:397

authwp_ajax_rebuild_match_titlesajax\ajax-admin.php:434

noprivwp_ajax_rebuild_match_titlesajax\ajax-admin.php:435

authwp_ajax_update_seasonal_statsajax\ajax-admin.php:459

noprivwp_ajax_update_seasonal_statsajax\ajax-admin.php:460

authwp_ajax_update_seasonal_stats_playerajax\ajax-admin.php:479

noprivwp_ajax_update_seasonal_stats_playerajax\ajax-admin.php:480

authwp_ajax_update_opponent_statsajax\ajax-admin.php:501

noprivwp_ajax_update_opponent_statsajax\ajax-admin.php:502

WordPress Hooks 17

actionadd_meta_boxesmeta-boxes\matches.php:31

actionsave_postmeta-boxes\matches.php:472

actionadd_meta_boxesmeta-boxes\players.php:30

actionsave_postmeta-boxes\players.php:218

actioninitpost-types\post-types.php:11

actioninitpost-types\post-types.php:56

actioninitpost-types\post-types.php:101

actioninitpost-types\post-types.php:146

actioninitpost-types\post-types.php:190

actionadmin_initsettings\settings.php:19

actionadmin_menuthe-soccer-stats.php:45

actionadmin_enqueue_scriptsthe-soccer-stats.php:79

actionwp_headthe-soccer-stats.php:81

actionwp_enqueue_scriptsthe-soccer-stats.php:115

actionedit_form_after_titlethe-soccer-stats.php:136

filtersingle_templatethe-soccer-stats.php:153

actionplugins_loadedthe-soccer-stats.php:266

Maintenance & Trust

The Soccer Stats Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedNov 25, 2016

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

The Soccer Stats Alternatives

Soccer Engine – Soccer Plugin for WordPress

soccer-engine-lite

Soccer Engine is a plugin that lets bloggers and clubs add results, fixtures, match commentaries, transfers, and a wide range of stats to articles.

90 1 CVE

Player Transfers for SportsPress

player-transfers-for-sportspress

100

Manage and display player transfers seamlessly within SportsPress. Enhance your sports website with structured transfer records and team history.

20 No CVEs

Football Club Manager

football-club-manager

100

Easily manage your amateur football club. Create team pages, player info, and integrate match data!

0 No CVEs

SportsPress – Sports Club & League Manager

sportspress

SportsPress is an extendable all-in-one sports data plugin that helps sports clubs set up and manage a league or club site quickly and easily.

10K 6 CVEs

AnWP Football Leagues

football-leagues-by-anwppro

A complete solution for any football site. Knockout and round-robin competitions, player profiles and statistics, squads, standings and stadiums.

1K 2 CVEs

Developer Profile

The Soccer Stats Developer Profile

lepileppanen

3 plugins · 930 total installs

trust score

Avg Security Score

90/100

Avg Patch Time

2 days

View full developer profile

Detection Fingerprints

How We Detect The Soccer Stats

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/the-soccer-stats/css/tss-bootstrap.css/wp-content/plugins/the-soccer-stats/plugins/bootstrap/bootstrap.min.js/wp-content/plugins/the-soccer-stats/js/admin-main.js/wp-content/plugins/the-soccer-stats/plugins/select2/select2.min.js/wp-content/plugins/the-soccer-stats/css/tss-admin.css/wp-content/plugins/the-soccer-stats/plugins/select2/select2.min.css/wp-content/plugins/the-soccer-stats/css/tss-default.css/wp-content/plugins/the-soccer-stats/plugins/font-awesome/css/font-awesome.min.css+2 more

Version Parameters

the-soccer-stats/tss-bootstrap.css?ver=the-soccer-stats/plugins/bootstrap/bootstrap.min.js?ver=the-soccer-stats/js/admin-main.js?ver=the-soccer-stats/plugins/select2/select2.min.js?ver=the-soccer-stats/css/tss-admin.css?ver=the-soccer-stats/plugins/select2/select2.min.css?ver=the-soccer-stats/css/tss-default.css?ver=the-soccer-stats/plugins/font-awesome/css/font-awesome.min.css?ver=the-soccer-stats/plugins/tablesorter/jquery.tablesorter.min.js?ver=the-soccer-stats/js/main.js?ver=

HTML / DOM Fingerprints

JS Globals

ajaxurl

FAQ