Agenda Security & Risk Analysis
wordpress.org/plugins/agendaCreates events posts for your wordpress. Manipulate it easily and intuitivily. Using the_agenda_loop() you generates a $the_event object that have al …
Is Agenda Safe to Use in 2026?
Generally Safe
Score 85/100Agenda has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "agenda" v1.7 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals a remarkably small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events exposed. Furthermore, there are no recorded CVEs for this plugin, suggesting a relatively stable security history.
However, significant concerns arise from the code analysis. The presence of two instances of `create_function` is a major red flag, as this function is deprecated and can be a source of security vulnerabilities if not handled with extreme care. The complete lack of prepared statements for its single SQL query and the absence of any output escaping are critical weaknesses that open the door to SQL injection and cross-site scripting (XSS) vulnerabilities. While taint analysis shows no critical or high-severity flows, the presence of unsanitized paths warrants attention. The absence of nonce checks on potential entry points (though none were identified) and a lack of comprehensive capability checks also contribute to potential security gaps.
In conclusion, while the plugin's limited attack surface and lack of CVEs are strengths, the identified code quality issues, particularly the use of `create_function`, raw SQL queries, and unescaped output, present substantial security risks that must be addressed. The plugin's history of no vulnerabilities might be due to its limited exposure or the fact that these underlying weaknesses have not yet been exploited, rather than inherent robust security.
Key Concerns
- Unescaped output
- Raw SQL query without prepared statements
- Use of deprecated and potentially dangerous function
- Missing nonce checks (potential)
Agenda Security Vulnerabilities
Agenda Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
Data Flow Analysis
Agenda Attack Surface
WordPress Hooks 5
Maintenance & Trust
Agenda Maintenance & Trust
Maintenance Signals
Community Trust
Agenda Alternatives
Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories
post-expirator
PublishPress Future can make scheduled changes to your content. You can unpublish posts, move posts to a new status, update the categories, and more.
WP Meta and Date Remover
wp-meta-and-date-remover
Remove meta author and date information from posts and pages. Hide from Humans and Search engines.SEO friendly and most advance plugin.
Bulk Post Update Date
bulk-post-update-date
Change the Post Update date for all posts and pages in one click. This will help your blog in search engines and your blog will look alive.
Post Date Randomizer
post-date-randomizer
Simple plugin that bulk changes the publication date of published posts and/or approved comments to random dates within a specified time range.
WP Author, Date and Meta Remover
wp-author-date-and-meta-remover
Don't need the post date and author meta data on your pages? Install WP Author, Date and Meta Remover and its gone. It's that easy!
Agenda Developer Profile
6 plugins · 70 total installs
How We Detect Agenda
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/agenda/css/agenda.css/wp-content/plugins/agenda/js/agenda.js/wp-content/plugins/agenda/js/agenda.jsagenda/style.css?ver=agenda/agenda.js?ver=HTML / DOM Fingerprints
agenda-widget-titleagenda_optionsagenda_widget_control<!-- Its dangerous, use carefuly... -->data-destakdata-show_datedata-nextdata-beforedata-afteragenda_widget_lista<li class="agenda_widget_control">