Does Awesome Event Booking have any unpatched vulnerabilities?

No. All known vulnerabilities in Awesome Event Booking have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Awesome Event Booking compatible with WordPress 6.7.5?

According to WordPress.org data, Awesome Event Booking 2.8.5 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Awesome Event Booking compatible with PHP 7.0+?

Awesome Event Booking requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Awesome Event Booking updated?

Awesome Event Booking was last updated on Mar 26, 2025. Frequent updates are generally a positive security signal.

What is Awesome Event Booking's security score?

Awesome Event Booking has a WP-Safety security score of 89/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Awesome Event Booking Security & Risk Analysis

wordpress.org/plugins/awesome-event-booking

You can now easily create events, accept bookings and manage these with our powerful Event Booking plugin.

40 active installs v2.8.5 PHP 7.0+ WP 4.1+ Updated Mar 26, 2025

bookingsevent-bookingeventsresellerwoocommerce

A · Safe

CVEs total4

Unpatched0

Last CVEApr 1, 2025

Plugin page Download

Safety Verdict

Is Awesome Event Booking Safe to Use in 2026?

Generally Safe

Score 89/100

Awesome Event Booking has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Apr 1, 2025Updated 1yr ago

Risk Assessment

The 'awesome-event-booking' v2.8.5 plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query handling (99% prepared statements) and output escaping (84%), significant concerns arise from its large, unprotected attack surface. A substantial number of AJAX handlers (29 out of 33) lack proper authorization checks, creating numerous entry points for potential attackers. The taint analysis further highlights this, with 13 high-severity flows indicating potential vulnerabilities stemming from unsanitized input, despite no critical severity findings.

The plugin's vulnerability history, with 4 medium-severity CVEs primarily involving missing authorization, CSRF, and XSS, reinforces the risks associated with insufficient input validation and authorization. The fact that the last vulnerability was relatively recent suggests ongoing security challenges. Although no unpatched CVEs are currently present, the pattern of past vulnerabilities combined with the identified code signals like `unserialize` and numerous unprotected AJAX endpoints indicates a need for significant improvement in securing these entry points and thoroughly sanitizing all user-supplied data. The presence of bundled libraries also warrants scrutiny for potential outdated versions, though no specific issues are detailed here.

Key Concerns

Unprotected AJAX handlers
High severity taint flows
Use of unserialize function
Past medium severity CVEs
Lack of nonce checks on AJAX (implied)

Vulnerabilities

Awesome Event Booking Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2025-31416medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Awesome Event Booking <= 2.8.4 - Reflected Cross-Site Scripting

Apr 1, 2025 Patched in 2.8.5 (8d)

CVE-2025-22668medium · 5.3Missing Authorization

Awesome Event Booking <= 2.7.2 - Missing Authorization

Feb 3, 2025 Patched in 2.7.5 (10d)

CVE-2025-22669medium · 4.3Cross-Site Request Forgery (CSRF)

Awesome Event Booking <= 2.7.5 - Cross-Site Request Forgery

Feb 3, 2025 Patched in 2.8.0 (10d)

CVE-2025-24560medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Awesome Event Booking <= 2.7.1 - Reflected Cross-Site Scripting

Nov 27, 2024 Patched in 2.7.2 (86d)

Code Analysis

Analyzed Mar 16, 2026

Awesome Event Booking Code Analysis

Dangerous Functions

Raw SQL Queries

70 prepared

Unescaped Output

159

847 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$_eventDates = unserialize($_eventDates);admin\functions.php:1245

Bundled Libraries

dompdfTCPDFDataTablesSelect2

SQL Query Safety

99% prepared71 total queries

Output Escaping

84% escaped1006 total outputs

Data Flows

15 unsanitized

Data Flow Analysis

20 flows15 with unsanitized paths

<out> (library\mpdf\mpdf\data\out.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

29 unprotected

Awesome Event Booking Attack Surface

Entry Points42

Unprotected29

AJAX Handlers 33

authwp_ajax_record_analytics_clickadmin\event_analytics.php:175

noprivwp_ajax_record_analytics_clickadmin\event_analytics.php:176

authwp_ajax_fetch_analytics_dashboard_dataadmin\event_analytics.php:216

noprivwp_ajax_fetch_analytics_dashboard_dataadmin\event_analytics.php:217

authwp_ajax_fetch_analytics_data_by_dateadmin\event_analytics.php:271

noprivwp_ajax_fetch_analytics_data_by_dateadmin\event_analytics.php:272

authwp_ajax_fetch_analytics_data_by_eventadmin\event_analytics.php:324

noprivwp_ajax_fetch_analytics_data_by_eventadmin\event_analytics.php:325

authwp_ajax_fetch_analytics_data_monthlyadmin\event_analytics.php:372

noprivwp_ajax_fetch_analytics_data_monthlyadmin\event_analytics.php:373

authwp_ajax_fetch_analytics_data_by_event_monthlyadmin\event_analytics.php:420

noprivwp_ajax_fetch_analytics_data_by_event_monthlyadmin\event_analytics.php:421

authwp_ajax_fetch_analytics_data_in_dated_chartadmin\event_analytics.php:468

noprivwp_ajax_fetch_analytics_data_in_dated_chartadmin\event_analytics.php:469

authwp_ajax_fetch_analytics_data_in_monthly_chartadmin\event_analytics.php:517

noprivwp_ajax_fetch_analytics_data_in_monthly_chartadmin\event_analytics.php:518

authwp_ajax_pull_attendeesadmin\functions.php:8

authwp_ajax_create_event_locationadmin\functions.php:68

authwp_ajax_create_event_manageradmin\functions.php:109

authwp_ajax_create_location_regionadmin\functions.php:142

authwp_ajax_create_event_customeradmin\functions.php:171

authwp_ajax_get_event_customersadmin\functions.php:292

authwp_ajax_get_eventsadmin\functions.php:348

authwp_ajax_assing_customer_to_eventadmin\functions.php:1351

authwp_ajax_wpeb_location_region_preferenceadmin\functions.php:1880

authwp_ajax_pull_cities_from_regionpublic\functions.php:315

noprivwp_ajax_pull_cities_from_regionpublic\functions.php:316

authwp_ajax_pull_events_from_citypublic\functions.php:441

noprivwp_ajax_pull_events_from_citypublic\functions.php:442

authwp_ajax_pull_events_from_regionpublic\functions.php:612

noprivwp_ajax_pull_events_from_regionpublic\functions.php:613

authwp_ajax_wpeb_validate_multiple_bookingspublic\functions.php:1564

noprivwp_ajax_wpeb_validate_multiple_bookingspublic\functions.php:1565

Shortcodes 9

[wpeb_my_accounts] public\not-in-use--shortcodes.php:3

[wpeb_checkout] public\shortcodes\checkout.php:3

[wp_event_form] public\shortcodes\checkout.php:183

[wpeb_events_page] public\shortcodes\events.php:3

[wpeb_events] public\shortcodes\events.php:160

[wpeb_events_page] public\shortcodes\fsdfsdfsdf.php:3

[wpeb_events] public\shortcodes\fsdfsdfsdf.php:71

[wpeb_my_accounts] public\shortcodes\my-accounts.php:3

[wpeb_my_accounts] public\shortcodes.php:3

WordPress Hooks 138

actionadmin_menuadmin\admin_settings.php:8

actionadmin_initadmin\admin_settings.php:18

actionadmin_initadmin\admin_settings.php:19

actionadmin_initadmin\admin_settings.php:20

actionadmin_initadmin\admin_settings.php:21

actionwpeb_settings_menuadmin\admin_settings.php:176

actionwpeb_settings_new_menu_itemadmin\admin_settings.php:186

actionwpeb_settings_new_menu_itemadmin\admin_settings.php:191

actionwpeb_settings_new_menu_itemadmin\admin_settings.php:196

actionwpeb_settings_new_menu_itemadmin\admin_settings.php:201

actionwpeb_settings_contentadmin\admin_settings.php:208

actionwpeb_settings_contentadmin\admin_settings.php:216

actionwpeb_settings_contentadmin\admin_settings.php:223

actionwpeb_settings_contentadmin\admin_settings.php:230

actionwpeb_event_booking_email_templatesadmin\admin_settings.php:240

actionwpeb_event_booking_email_templatesadmin\admin_settings.php:266

actionwpeb_event_booking_email_templatesadmin\admin_settings.php:290

actionwpeb_event_booking_email_templatesadmin\admin_settings.php:317

actionwpeb_event_booking_email_templatesadmin\admin_settings.php:362

actionwpeb_event_booking_email_templatesadmin\admin_settings.php:388

actionwpeb_event_booking_email_templatesadmin\admin_settings.php:412

actionwpeb_event_booking_email_templatesadmin\admin_settings.php:438

actionwpeb_event_booking_email_templatesadmin\admin_settings.php:485

actionwpeb_documentationadmin\admin_settings.php:501

actionwpeb_documentationadmin\admin_settings.php:505

actionwpeb_documentationadmin\admin_settings.php:509

actionwpeb_documentationadmin\admin_settings.php:513

actionwpeb_documentationadmin\admin_settings.php:517

actionadmin_headadmin\admin_settings.php:531

actionadmin_enqueue_scriptsadmin\enqueue_scripts_and_styles.php:31

actionadmin_enqueue_scriptsadmin\enqueue_scripts_and_styles.php:48

actionadd_meta_boxesadmin\events_meta_box.php:20

actionsave_postadmin\events_meta_box.php:796

actionsave_postadmin\events_meta_box.php:797

actionsave_postadmin\events_meta_box.php:860

actionadmin_enqueue_scriptsadmin\event_analytics.php:28

actionadmin_menuadmin\event_analytics.php:32

actionwpeb_analytics_menuadmin\event_analytics.php:58

actionwpeb_analytics_menu_itemadmin\event_analytics.php:68

actionwpeb_analytics_menu_itemadmin\event_analytics.php:73

actionwpeb_analytics_contentadmin\event_analytics.php:128

actionwpeb_analytics_contentadmin\event_analytics.php:151

actionrestrict_manage_postsadmin\event_booking_filter.php:33

filterpre_get_postsadmin\event_booking_filter.php:36

actionadd_meta_boxesadmin\event_booking_meta_box.php:20

actionsave_postadmin\event_booking_meta_box.php:255

actionedit_form_after_titleadmin\event_booking_meta_box.php:256

actionpost_submitbox_misc_actionsadmin\event_booking_meta_box.php:265

actionsave_postadmin\event_booking_meta_box.php:266

actionadd_meta_boxesadmin\event_manager_meta_box.php:20

actionsave_postadmin\event_manager_meta_box.php:70

actioninitadmin\functions.php:237

actionadmin_headadmin\functions.php:239

actionwp_headadmin\functions.php:256

actionadmin_enqueue_scriptsadmin\functions.php:390

filtermanage_edit-event_booking_columnsadmin\functions.php:419

actionmanage_event_booking_posts_custom_columnadmin\functions.php:433

filterbulk_actions-edit-event_bookingadmin\functions.php:474

filterhandle_bulk_actions-edit-event_bookingadmin\functions.php:483

filterviews_edit-event_bookingadmin\functions.php:516

filterpost_row_actionsadmin\functions.php:570

actionadmin_initadmin\functions.php:596

actionpre_get_postsadmin\functions.php:619

actionshow_user_profileadmin\functions.php:628

actionedit_user_profileadmin\functions.php:629

actionpersonal_options_updateadmin\functions.php:715

actionedit_user_profile_updateadmin\functions.php:716

actioninitadmin\functions.php:738

actionwpeb_event_multi_email_bookingadmin\functions.php:938

actionwpeb_event_date_timeadmin\functions.php:952

filterwpeb_sign_up_AttendantFieldsadmin\functions.php:1014

filterwpeb_sign_up_CompanyFieldsadmin\functions.php:1069

filterwpeb_sign_up_PINadmin\functions.php:1136

filterwpeb_checkout_sign_up_fieldsadmin\functions.php:1147

filterwpeb_sign_up_fieldsadmin\functions.php:1155

actionwpeb_after_canceladmin\functions.php:1167

actionwpeb_after_canceladmin\functions.php:1172

actionwpeb_after_signupadmin\functions.php:1179

filternotification_to_emailadmin\functions.php:1187

filterthe_titleadmin\functions.php:1196

filterwp_mail_content_typeadmin\functions.php:1345

actionadmin_enqueue_scriptsadmin\functions.php:1428

actionadmin_menuadmin\functions.php:1430

filterpost_row_actionsadmin\functions.php:1590

filtertag_row_actionsadmin\functions.php:1602

filterget_sample_permalink_htmladmin\functions.php:1620

actioninitadmin\functions.php:1622

filterviews_edit-event_bookingadmin\functions.php:1808

actionadmin_footeradmin\functions.php:1925

actionadd_meta_boxesadmin\location_meta_box.php:20

actionsave_postadmin\location_meta_box.php:140

actionadmin_initadmin\new_event_list.php:14

filtermanage_edit-cpt_events_columnsadmin\new_event_list.php:16

filtermanage_edit-cpt_events_sortable_columnsadmin\new_event_list.php:17

actionmanage_cpt_events_posts_custom_columnadmin\new_event_list.php:18

actionpre_get_postsadmin\new_event_list.php:21

actionrestrict_manage_postsadmin\new_event_list.php:101

filterparse_queryadmin\new_event_list.php:184

actionviews_edit-cpt_eventsadmin\new_event_list.php:226

actionpre_get_postsadmin\new_event_list.php:270

actioninitadmin\register_custom_post_types.php:255

actionadmin_initadmin\register_custom_post_types.php:309

actionwpeb_settings_new_menu_itemcaptcha\admin\admin_functions.php:5

actionwpeb_settings_contentcaptcha\admin\admin_functions.php:9

actionwp_enqueue_scriptscaptcha\admin\admin_functions.php:61

actionadmin_initcaptcha\admin\admin_functions.php:73

actionwp_headcaptcha\admin\admin_functions.php:97

actionadmin_footercaptcha\admin\admin_functions.php:119

actionwp_enqueue_scriptspublic\enqueue_scripts_and_styles.php:57

actionplugins_loadedpublic\functions.php:30

filterwpeb_add_new_attendantpublic\functions.php:32

filterwpeb_number_of_participantspublic\functions.php:33

filtervar_participant_countpublic\functions.php:34

actionpre_get_postspublic\functions.php:43

actionwp_headpublic\functions.php:718

filterlogin_redirectpublic\functions.php:1086

filterauthenticatepublic\functions.php:1089

filterwp_mail_content_typepublic\functions.php:1242

actioninitpublic\functions.php:1281

filterwpeb_event_date_listpublic\functions.php:1282

actionwp_footerpublic\functions.php:1381

actionwpeb_customer_after_cancelpublic\functions.php:1420

actionwpeb_customer_after_cancelpublic\functions.php:1425

actionwp_headpublic\functions.php:1430

filtercron_schedulespublic\functions.php:1442

actionevery_five_minute_reminderpublic\functions.php:1456

filterthe_contentpublic\functions.php:1559

filterposts_orderbypublic\shortcodes\events.php:493

filterposts_orderbypublic\shortcodes\events.php:553

filterposts_orderbypublic\shortcodes\events.php:620

filterarchive_templatepublic\template_handler.php:12

filtersingle_templatepublic\template_handler.php:23

filtersingle_templatepublic\template_handler.php:34

filtertemplate_includepublic\template_handler.php:53

actionwppublic\template_handler.php:55

actionpre_get_postspublic\template_handler.php:67

actionplugins_loadedwp_event_booking.php:55

actioninitwp_event_booking.php:65

Scheduled Events 1

every_five_minute_reminder

Maintenance & Trust

Awesome Event Booking Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMar 26, 2025

PHP min version7.0

Downloads12K

Community Trust

Rating100/100

Number of ratings2

Active installs40

Alternatives

Awesome Event Booking Alternatives

Event Booking Manager for WooCommerce

mage-eventpress

Flexible WooCommerce plugin for event booking, attendee management, and responsive ticketing with a modern event calendar.

7K 20 CVEs

WEBD Woo Event Bookings

webd-woo-event-bookings

100

WEBD WooCommerce Event Bookings - Set Day Wise Sale

0 No CVEs

Events Manager – Calendar, Bookings, Tickets, and more!

events-manager

Events calendar with bookings, scheduling, appointments, event registration, tickets, recurring events, and venue management.

70K 34 CVEs

Booking Calendar

booking

Original "Booking Calendar" plugin. Easily manage full-day bookings, time-slot appointments, or events in our all-in-one, outstanding booking system.

50K 28 CVEs

WP Events Manager

wp-events-manager

The all in one Events Manager for WordPress: create and manage events, sell event tickets online easily. No Coding Required.

30K 2 CVEs

Developer Profile

Awesome Event Booking Developer Profile

AwesomeTOGI

3 plugins · 60 total installs

trust score

Avg Security Score

96/100

Avg Patch Time

29 days

View full developer profile

Detection Fingerprints

How We Detect Awesome Event Booking

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/awesome-event-booking/src/css/admin-styles.css/wp-content/plugins/awesome-event-booking/src/css/select2.min.css/wp-content/plugins/awesome-event-booking/src/css/font-awesome.min.css/wp-content/plugins/awesome-event-booking/src/css/jquery.timepicker.min.css/wp-content/plugins/awesome-event-booking/src/css/bootstrap-datepicker.css/wp-content/plugins/awesome-event-booking/src/css/tablesorter.css/wp-content/plugins/awesome-event-booking/src/js/select2.js/wp-content/plugins/awesome-event-booking/src/js/jquery.tablesorter.min.js+10 more

Script Paths

/wp-content/plugins/awesome-event-booking/src/js/select2.js/wp-content/plugins/awesome-event-booking/src/js/jquery.tablesorter.min.js/wp-content/plugins/awesome-event-booking/src/js/jquery.timepicker.js/wp-content/plugins/awesome-event-booking/src/js/datepair.js/wp-content/plugins/awesome-event-booking/src/js/jquery.datepair.js/wp-content/plugins/awesome-event-booking/src/js/bootstrap-datepicker.js+3 more

Version Parameters

awesome-event-booking/src/css/admin-styles.css?ver=awesome-event-booking/src/css/select2.min.css?ver=awesome-event-booking/src/css/font-awesome.min.css?ver=awesome-event-booking/src/css/jquery.timepicker.min.css?ver=awesome-event-booking/src/css/bootstrap-datepicker.css?ver=awesome-event-booking/src/css/tablesorter.css?ver=awesome-event-booking/src/js/select2.js?ver=awesome-event-booking/src/js/jquery.tablesorter.min.js?ver=awesome-event-booking/src/js/jquery.timepicker.js?ver=awesome-event-booking/src/js/datepair.js?ver=awesome-event-booking/src/js/jquery.datepair.js?ver=awesome-event-booking/src/js/bootstrap-datepicker.js?ver=awesome-event-booking/src/js/admin-scripts.js?ver=awesome-event-booking/src/css/analytics.css?ver=awesome-event-booking/src/css/datatables.min.css?ver=awesome-event-booking/src/js/datatables.min.js?ver=awesome-event-booking/src/js/chart.min.js?ver=awesome-event-booking/src/css/jquery-ui.css?ver=

HTML / DOM Fingerprints

CSS Classes

wpeb-analytics-css

HTML Comments

+6 more

Data Attributes

data-tab

JS Globals

WPEB_VERSIONWPEB_NAMEWPEB_URLWPEB_DIR

FAQ

Awesome Event Booking Security & Risk Analysis

Is Awesome Event Booking Safe to Use in 2026?

Generally Safe

Key Concerns

Awesome Event Booking Security Vulnerabilities

CVEs by Year

Severity Breakdown

Awesome Event Booking Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Awesome Event Booking Attack Surface

AJAX Handlers 33

Shortcodes 9

Scheduled Events 1

Awesome Event Booking Maintenance & Trust

Maintenance Signals

Community Trust

Awesome Event Booking Alternatives

Event Booking Manager for WooCommerce

WEBD Woo Event Bookings

Events Manager – Calendar, Bookings, Tickets, and more!

Booking Calendar

WP Events Manager

Awesome Event Booking Developer Profile

How We Detect Awesome Event Booking

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Awesome Event Booking