WP-Safety

AM Events Security & Risk Analysis

wordpress.org/plugins/am-events

Manage and display your events. Allows fully customizable layouts and includes a widget for upcoming events.

100 active installs v1.13.1 PHP + WP 3.3.1+ Updated Nov 14, 2017
calendardateseventeventsvenue
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEDec 26, 2025
Plugin page Download
Safety Verdict

Is AM Events Safe to Use in 2026?

Use With Caution

Score 63/100

AM Events has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Dec 26, 2025Updated 8yr ago
Risk Assessment

The 'am-events' plugin v1.13.1 presents a mixed security posture. The static analysis reveals a commendably small attack surface with zero identified entry points, which is a strong indicator of good security design. Furthermore, the complete absence of dangerous functions and external HTTP requests, along with the exclusive use of prepared statements for SQL queries, are excellent security practices. The presence of nonce and capability checks on identified code paths further bolsters its defensive mechanisms. However, a significant concern arises from the output escaping, where only 42% of outputs are properly escaped, indicating a substantial risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled with sufficient sanitization before rendering. The plugin's vulnerability history, specifically one unpatched medium-severity CVE related to XSS, directly corroborates this weakness and highlights an ongoing risk. While the current version appears to address some previous issues, the persistence of an unpatched vulnerability and the low output escaping rate suggest that users should exercise caution.

Key Concerns

  • Unpatched CVE
  • Low output escaping percentage
Vulnerabilities
1

AM Events Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-69006medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

AM Events <= 1.13.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Dec 26, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

AM Events Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
72
53 escaped
Nonce Checks
2
Capability Checks
6
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

42% escaped125 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<am-events> (am-events.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

AM Events Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 33
actioninitam-events.php:109
actionplugins_loadedam-events.php:110
actioninitam-events.php:111
actionadmin_menuam-events.php:115
actionadmin_initam-events.php:116
filterpost_row_actionsam-events.php:125
filterparse_queryam-events.php:126
filterpost_updated_messagesam-events.php:127
filtermanage_edit-am_event_sortable_columnsam-events.php:128
filtermanage_am_event_posts_columnsam-events.php:129
actionsave_postam-events.php:134
actionadd_meta_boxesam-events.php:135
actionadmin_menuam-events.php:136
actionadd_meta_boxesam-events.php:137
actionsave_postam-events.php:138
actionwp_trash_postam-events.php:139
actionadmin_print_styles-post-new.phpam-events.php:144
actionadmin_print_styles-post.phpam-events.php:145
actionadmin_print_styles-edit.phpam-events.php:146
actionadmin_enqueue_scriptsam-events.php:147
actionadmin_footer-edit.phpam-events.php:148
actionadmin_enqueue_scriptsam-events.php:149
actionwidgets_initam-events.php:151
actionrestrict_manage_postsam-events.php:153
actionmanage_am_event_posts_custom_columnam-events.php:154
actionload-edit.phpam-events.php:155
actionquick_edit_custom_boxam-events.php:156
actionadmin_noticesam-events.php:157
actiongenerate_rewrite_rulesam-events.php:158
actionpre_get_postsam-events.php:161
actionwp_trash_postam-events.php:979
actionsave_postam-events.php:1150
filterrequestam-events.php:1259
Maintenance & Trust

AM Events Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedNov 14, 2017
PHP min version
Downloads14K

Community Trust

Rating94/100
Number of ratings7
Active installs100
Alternatives

AM Events Alternatives

Calendar

Calendar

calendar

A
90

A simple but effective Calendar plugin for WordPress that allows you to manage your events and appointments and display them to the world.

4K 5 CVEs
Simple Event Planner

Simple Event Planner

simple-event-planner

A
99

A powerful & flexible plugin to create event listing and event calendar on your website in a simple & elegant way.

1K 2 CVEs
Bulk Edit Events – Create Events in a Bulk Editor

Bulk Edit Events – Create Events in a Bulk Editor

bulk-edit-events

A
100

Modern Bulk Editor for Events, create and edit events in a spreadsheet inside wp-admin. No need to export/import, all the changes are applied live.

100 No CVEs
FT Calendar

FT Calendar

ft-calendar

A
85

A calendar plugin supporting multiple calendars, recurring events, and several different widgets / shortcodes. More info at http://calendar-plugin.com

100 No CVEs
Event CLNDR

Event CLNDR

event-clndr

A
85

An uncomplicated event manager with a highly customisable (developer-friendly) front-end calendar utilising CLNDR.js.

70 No CVEs
Developer Profile

AM Events Developer Profile

Atte Moisio

1 plugin · 100 total installs

68
trust score
Avg Security Score
63/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect AM Events

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/am-events/admin-edit.css/wp-content/plugins/am-events/admin-edit.js/wp-content/plugins/am-events/am-events.css/wp-content/plugins/am-events/am-events.js/wp-content/plugins/am-events/am-events-admin.css/wp-content/plugins/am-events/am-events-admin.js/wp-content/plugins/am-events/css/am-events-admin.css/wp-content/plugins/am-events/css/am-events-frontend.css+2 more
Script Paths
/wp-content/plugins/am-events/admin-edit.js/wp-content/plugins/am-events/am-events.js/wp-content/plugins/am-events/am-events-admin.js/wp-content/plugins/am-events/js/am-events-admin.js/wp-content/plugins/am-events/js/am-events-frontend.js
Version Parameters
/wp-content/plugins/am-events/admin-edit.css?ver=/wp-content/plugins/am-events/admin-edit.js?ver=/wp-content/plugins/am-events/am-events.css?ver=/wp-content/plugins/am-events/am-events.js?ver=/wp-content/plugins/am-events/am-events-admin.css?ver=/wp-content/plugins/am-events/am-events-admin.js?ver=/wp-content/plugins/am-events/css/am-events-admin.css?ver=/wp-content/plugins/am-events/css/am-events-frontend.css?ver=/wp-content/plugins/am-events/js/am-events-admin.js?ver=/wp-content/plugins/am-events/js/am-events-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
am-event-titleam-event-venueam-event-categoryam-event-dateam-upcoming-events-widgetam-event-listam-event-itemam-event-details+6 more
HTML Comments
Widget template shortcodes:The event titleThe start date of the event (uses the date format from the feed options, if it is set. Otherwise uses the default WordPress date format)The end date of the event (uses the date format from the feed options, if it is set. Otherwise uses the default WordPress date format)+10 more
Data Attributes
data-plugin="am-events"data-event-iddata-event-titledata-event-datedata-event-venuedata-event-category
JS Globals
AM_EVENTS_ADMIN_OPTIONSAM_EVENTS_FRONTEND_OPTIONS
Shortcode Output
[event-title][start-date][end-date][event-venue]
FAQ

Frequently Asked Questions about AM Events