Does Advanced Event Manager have any unpatched vulnerabilities?

Yes — Advanced Event Manager currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Advanced Event Manager compatible with WordPress 4.9.29?

According to WordPress.org data, Advanced Event Manager 1.1.6 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Advanced Event Manager updated?

Advanced Event Manager was last updated on Feb 22, 2018. Frequent updates are generally a positive security signal.

What is Advanced Event Manager's security score?

Advanced Event Manager has a WP-Safety security score of 64/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Advanced Event Manager Security & Risk Analysis

wordpress.org/plugins/advanced-event-manager

Calendar plugin by Stachethemes

20 active installs v1.1.6 PHP + WP 4.7+ Updated Feb 22, 2018

ajaxapicalendarcountdownstachethemes

C · Use Caution

CVEs total1

Unpatched1

Last CVENov 22, 2024

Download

Safety Verdict

Is Advanced Event Manager Safe to Use in 2026?

Use With Caution

Score 64/100

Advanced Event Manager has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Nov 22, 2024Updated 8yr ago

Risk Assessment

The 'advanced-event-manager' v1.1.6 plugin exhibits a mixed security posture. While the static analysis shows a limited attack surface with no directly identified unprotected entry points and a reasonable number of nonce and capability checks, several concerning code signals and a recent vulnerability history raise flags. The presence of the `unserialize` function is a significant concern, as it can lead to Remote Code Execution if it processes untrusted data. Furthermore, the lack of prepared statements for SQL queries is a potential vector for SQL Injection vulnerabilities, especially given the limited output escaping identified.

Key Concerns

Unpatched CVE found
Dangerous function unserialize used
SQL queries not using prepared statements
Low percentage of properly escaped output

Vulnerabilities

Advanced Event Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-53721medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced Event Manager <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 22, 2024Unpatched

Code Analysis

Analyzed Mar 16, 2026

Advanced Event Manager Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

456

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$content = unserialize($content);admin\class\class.admin.php:1066

unserialize$content = unserialize($content);admin\class\class.settings.php:431

unserialize$cache = unserialize(file_get_contents($cache_file));stachethemes\less\Less.php:525

SQL Query Safety

0% prepared2 total queries

Output Escaping

2% escaped465 total outputs

Attack Surface

Advanced Event Manager Attack Surface

Entry Points8

Unprotected0

Shortcodes 8

[saem_aside_employee] shortcodes\saem_aside_employee.php:21

[saem_aside_employees] shortcodes\saem_aside_employees.php:21

[saem_base] shortcodes\saem_base.php:22

[saem_event_countdown] shortcodes\saem_event_countdown.php:21

[saem_grid_events] shortcodes\saem_grid_events.php:21

[saem_images_slider] shortcodes\saem_images_slider.php:21

[saem_list_events] shortcodes\saem_list_events.php:21

[saem_list_services] shortcodes\saem_list_services.php:21

WordPress Hooks 50

actionadmin_noticesadmin\class\class.admin.php:64

actionadmin_noticesadmin\class\class.admin.php:115

actionpre_get_postsadmin\class\class.admin.php:539

actionrest_api_initapi\class.api.php:21

actionsaem_admin_ajax_task_handlerinc\inc.admin-ajax-task-handler.php:32

actionsaem_add_admin_menuinc\inc.admin-menu.php:20

actionsaem_add_admin_menu_assetsinc\inc.admin-menu.php:46

actionsaem_cron_hourlyinc\inc.cron.php:23

actionsaem_register_custom_postinc\inc.custom-posts.php:20

filtersingle_templateinc\inc.posts-templates.php:20

actionwp_enqueue_scriptsinc\inc.posts-templates.php:39

actionwp_enqueue_scriptsinc\inc.posts-templates.php:63

actionwp_enqueue_scriptsinc\inc.posts-templates.php:80

actionsaem_post_task_handlerinc\inc.task-handler.php:25

actionsaem_get_task_handlerinc\inc.task-handler.php:566

actionsaem_register_taxonomyinc\inc.taxonomies.php:19

actionadmin_initinstall\activate.php:55

actionvc_before_initinstall\settings\inc.vc-settings.php:28

actionafter_switch_themeinstall\theme-switch.php:8

actionsaem_aside_employee_load_scriptsshortcodes\saem_aside_employee.php:47

actionwp_enqueue_scriptsshortcodes\saem_aside_employee.php:56

actionsaem_aside_employees_load_scriptsshortcodes\saem_aside_employees.php:47

actionwp_enqueue_scriptsshortcodes\saem_aside_employees.php:59

actionsaem_base_load_scriptsshortcodes\saem_base.php:70

actionwp_enqueue_scriptsshortcodes\saem_base.php:87

actionsaem_event_countdown_load_scriptsshortcodes\saem_event_countdown.php:46

actionwp_enqueue_scriptsshortcodes\saem_event_countdown.php:61

actionsaem_grid_events_load_scriptsshortcodes\saem_grid_events.php:39

actionwp_enqueue_scriptsshortcodes\saem_grid_events.php:55

actionsaem_image_slider_load_scriptsshortcodes\saem_images_slider.php:54

actionwp_enqueue_scriptsshortcodes\saem_images_slider.php:66

actionsaem_list_events_load_scriptsshortcodes\saem_list_events.php:40

actionwp_enqueue_scriptsshortcodes\saem_list_events.php:58

actionsaem_list_services_load_scriptsshortcodes\saem_list_services.php:84

actionwp_enqueue_scriptsshortcodes\saem_list_services.php:94

actionwp_headstachethemes\abstract.plugin.php:68

actionadmin_headstachethemes\abstract.plugin.php:69

actionstyle_loader_tagstachethemes\abstract.plugin.php:70

actionadmin_menustachethemes\abstract.plugin.php:325

filterplugin_row_metastachethemes\abstract.plugin.php:601

actioninitstachethemes-aem.php:66

actionwp_logoutstachethemes-aem.php:72

actionwp_loginstachethemes-aem.php:76

actionplugins_loadedstachethemes-aem.php:90

actioninitstachethemes-aem.php:92

actionwp_loadedstachethemes-aem.php:94

actionsaem_enforce_private_adminstachethemes-aem.php:171

actionsaem_load_headstachethemes-aem.php:266

actionwp_headstachethemes-aem.php:272

actionsaem_add_rewrite_rulesstachethemes-aem.php:301

Scheduled Events 3

saem_cron_hourly

saem_cron_twice_daily

saem_cron_daily

Maintenance & Trust

Advanced Event Manager Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedFeb 22, 2018

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Advanced Event Manager Alternatives

Heartbeat Control

heartbeat-control

Allows you to easily manage the frequency of the WordPress heartbeat API.

80K No CVEs

WP FullCalendar

wp-fullcalendar

Uses the FullCalendar library to create a stunning calendar view of events, posts and other custom post types

9K 2 unpatched

Event Countdown for The Events Calendar

countdown-for-the-events-calendar

Event countdown timer addon for The Events Calendar plugin to display upcoming event countdowns anywhere using a simple shortcode.

3K 2 CVEs

Events Search For The Events Calendar

events-search-addon-for-the-events-calendar

100

Adds an AJAX-based events search bar on any page via shortcode to quickly find any upcoming event created with The Events Calendar plugin.

3K No CVEs

Ajax Archive Calendar

ajax-archive-calendar

100

Ajax Archive Calendar .

1K 1 CVE

Developer Profile

Advanced Event Manager Developer Profile

Stachethemes

3 plugins · 120 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Advanced Event Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/advanced-event-manager/saem-admin/css/backend.css/wp-content/plugins/advanced-event-manager/saem-admin/css/jquery.datetimepicker.css/wp-content/plugins/advanced-event-manager/saem-admin/js/backend.js/wp-content/plugins/advanced-event-manager/saem-admin/js/jquery.datetimepicker.js/wp-content/plugins/advanced-event-manager/saem-admin/js/jquery.multi-select.js/wp-content/plugins/advanced-event-manager/saem-admin/js/select2.min.js/wp-content/plugins/advanced-event-manager/saem-admin/js/moment.min.js/wp-content/plugins/advanced-event-manager/saem-admin/js/fullcalendar.min.js+11 more

Script Paths

/wp-content/plugins/advanced-event-manager/saem-admin/js/backend.js/wp-content/plugins/advanced-event-manager/saem-admin/js/jquery.datetimepicker.js/wp-content/plugins/advanced-event-manager/saem-admin/js/jquery.multi-select.js/wp-content/plugins/advanced-event-manager/saem-admin/js/select2.min.js/wp-content/plugins/advanced-event-manager/saem-admin/js/moment.min.js/wp-content/plugins/advanced-event-manager/saem-admin/js/fullcalendar.min.js+7 more

Version Parameters

advanced-event-manager/saem-admin/css/backend.css?ver=advanced-event-manager/saem-admin/css/jquery.datetimepicker.css?ver=advanced-event-manager/saem-admin/js/backend.js?ver=advanced-event-manager/saem-admin/js/jquery.datetimepicker.js?ver=advanced-event-manager/saem-admin/js/jquery.multi-select.js?ver=advanced-event-manager/saem-admin/js/select2.min.js?ver=advanced-event-manager/saem-admin/js/moment.min.js?ver=advanced-event-manager/saem-admin/js/fullcalendar.min.js?ver=advanced-event-manager/saem-admin/js/stachethemes-aem.js?ver=advanced-event-manager/saem-public/css/frontend.css?ver=advanced-event-manager/saem-public/css/jquery.datetimepicker.css?ver=advanced-event-manager/saem-public/js/frontend.js?ver=advanced-event-manager/saem-public/js/jquery.datetimepicker.js?ver=advanced-event-manager/saem-public/js/moment.min.js?ver=advanced-event-manager/saem-public/js/fullcalendar.min.js?ver=advanced-event-manager/saem-public/js/stachethemes-aem.js?ver=advanced-event-manager/libs/stachethemes/css/responsive.css?ver=advanced-event-manager/libs/stachethemes/css/bootstrap.min.css?ver=advanced-event-manager/libs/stachethemes/js/bootstrap.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

saem-backend-wrappersaem-frontend-wrappersaem-modalsaem-fullcalendar

HTML Comments

+1 more

Data Attributes

data-saem-iddata-saem-datedata-saem-modal-target

JS Globals

saemApisaemAdminAjaxstachethemes_aem_frontend_data

REST Endpoints

/wp-json/saem/v1/events/wp-json/saem/v1/settings

Shortcode Output

[saem_events][saem_calendar][saem_single_event][saem_categories]

FAQ