Does Bandsintown Events have any unpatched vulnerabilities?

No. All known vulnerabilities in Bandsintown Events have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Bandsintown Events compatible with WordPress 5.9.13?

According to WordPress.org data, Bandsintown Events 1.3.4 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

How often is Bandsintown Events updated?

Bandsintown Events was last updated on Mar 7, 2025. Frequent updates are generally a positive security signal.

What is Bandsintown Events's security score?

Bandsintown Events has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Bandsintown Events Security & Risk Analysis

wordpress.org/plugins/bandsintown

Bandsintown's Events plugin for displaying your upcoming events.

4K active installs v1.3.4 PHP + WP 2.7+ Updated Mar 7, 2025

bandsintownconcertseventstour-dates

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 19, 2025

Plugin page Download

Safety Verdict

Is Bandsintown Events Safe to Use in 2026?

Generally Safe

Score 91/100

Bandsintown Events has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 19, 2025Updated 1yr ago

Risk Assessment

The "bandsintown" plugin v1.3.4 exhibits a generally positive security posture based on the static analysis. The plugin demonstrates good practices by having no identified dangerous functions, using prepared statements for all SQL queries, and performing no file operations or external HTTP requests, which significantly reduces potential attack vectors. While the static analysis found no critical or high severity taint flows, indicating a good effort in sanitizing inputs, there is a notable concern regarding output escaping, with only 67% of outputs being properly escaped. This leaves room for potential Cross-Site Scripting (XSS) vulnerabilities if unescaped data is rendered in sensitive contexts. Furthermore, the absence of nonce checks and capability checks on its single shortcode entry point is a significant omission, as it means any authenticated user, regardless of their role, could potentially trigger actions through this shortcode. The vulnerability history reveals one medium severity CVE related to XSS, which, although currently unpatched, aligns with the concern of insufficient output escaping. The presence of a past XSS vulnerability, coupled with less than ideal output escaping and the lack of authorization checks on its entry point, suggests a potential for exploitation if an attacker can influence the data being displayed.

Key Concerns

Unescaped output (33 total, 67% escaped)
Missing nonce checks on entry point (1 shortcode)
Missing capability checks on entry point (1 shortcode)
Medium severity CVE in vulnerability history (unpatched)

Vulnerabilities

Bandsintown Events Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-13802medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bandsintown Events <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 19, 2025 Patched in 1.3.2 (19d)

Code Analysis

Analyzed Mar 16, 2026

Bandsintown Events Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

22 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

67% escaped33 total outputs

Attack Surface

Bandsintown Events Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[bandsintown_events] bandsintown.php:21

WordPress Hooks 4

actionadmin_menubandsintown.php:15

actionadmin_initbandsintown.php:16

actionwp_enqueue_scriptsbandsintown.php:18

actionwidgets_initbandsintown.php:22

Maintenance & Trust

Bandsintown Events Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedMar 7, 2025

PHP min version

Downloads87K

Community Trust

Rating66/100

Number of ratings8

Active installs4K

Alternatives

Bandsintown Events Alternatives

Tour Dates

seatgeek-tour-dates

SeatGeek’s Tour Dates plugin allows artists and fans to display upcoming tour dates for a given performer.

10 No CVEs

Songkick Concerts and Festivals

songkick-concerts-and-festivals

This plugin lets you display events for a Songkick user, artist, venue, or metro area on your WordPress blog, as a widget or shortcode.

500 1 CVE

Better Bandsintown

better-bandsintown

Embed Tour Dates from Bandsintown.com without having to deal with CSS (or an ugly widget).

100 No CVEs

ConcertPress

concertpress

An events management plugin specifically designed for classical musicians.

10 No CVEs

Sinqwell Event Post Manager

sinqwell-event-post-manager

100

Event and concert management made simple. Mobile app integration supported for iOS and Android.

0 No CVEs

Developer Profile

Bandsintown Events Developer Profile

bandsintown_legacy

1 plugin · 4K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

19 days

View full developer profile

Detection Fingerprints

How We Detect Bandsintown Events

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bandsintown/bandsintown-admin.js/wp-content/plugins/bandsintown/bandsintown-admin.css

Script Paths

https://widget.bandsintown.com/main.min.js

HTML / DOM Fingerprints

CSS Classes

bit-widget-initializerwrapbandsintown_wrap

Data Attributes

data-artist-namedata-text-colordata-link-colordata-background-colordata-display-limitdata-link-text-color+4 more

JS Globals

bandsintown_widget

Shortcode Output

<div class="bandsintown-widget" data-artist-name="

FAQ