WP-Safety

BP Event Manager Security & Risk Analysis

wordpress.org/plugins/bp-event-manager

Plug and Play Plugin Development. A person can create events for buddypress groups.

10 active installs v1.1.0 PHP 5.6.20+ WP 1.0.0+ Updated Oct 13, 2019
bp-event-managerbuddypressevent-managereventsmeetup
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is BP Event Manager Safe to Use in 2026?

Generally Safe

Score 85/100

BP Event Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The bp-event-manager v1.1.0 plugin exhibits a mixed security posture. A significant strength is its complete lack of known CVEs and the use of prepared statements for all SQL queries, indicating good practices in data sanitization for database interactions. Furthermore, the absence of file operations and external HTTP requests reduces common attack vectors. However, a major concern lies in its substantial attack surface, with 12 out of 15 entry points (AJAX handlers) lacking authentication checks. While taint analysis did not reveal any immediate critical or high-severity issues, this large number of unprotected AJAX endpoints presents a significant risk. The output escaping is also a weakness, with only 37% of outputs being properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities. The plugin's history of zero vulnerabilities is positive, but it does not mitigate the current risks identified in the static analysis. A balanced conclusion is that while the plugin avoids some common pitfalls, its unprotected entry points and insufficient output escaping represent considerable security concerns that require attention.

Key Concerns

  • AJAX handlers without auth checks
  • Insufficient output escaping
Vulnerabilities
None known

BP Event Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

BP Event Manager Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
106
63 escaped
Nonce Checks
6
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

37% escaped169 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<bpem-post-type> (bpem-dash\bpem-post-type.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
12 unprotected

BP Event Manager Attack Surface

Entry Points15
Unprotected12

AJAX Handlers 12

authwp_ajax_bpem_remove_attendybpem-dash\bpem_remove_attendy.php:9
noprivwp_ajax_bpem_remove_attendybpem-dash\bpem_remove_attendy.php:13
authwp_ajax_bpem_event_form_responsebpem-front\bpem-event-form-response.php:5
noprivwp_ajax_bpem_event_form_responsebpem-front\bpem-event-form-response.php:6
authwp_ajax_bpem_event_delete_responsebpem-front\bpem_event_delete_response.php:5
noprivwp_ajax_bpem_event_delete_responsebpem-front\bpem_event_delete_response.php:6
authwp_ajax_bpem_event_update_responsebpem-front\bpem_event_update_response.php:4
noprivwp_ajax_bpem_event_update_responsebpem-front\bpem_event_update_response.php:5
authwp_ajax_bpem_leave_eventbpem-front\bpem_leave_event.php:3
noprivwp_ajax_bpem_leave_eventbpem-front\bpem_leave_event.php:5
authwp_ajax_bpem_persons_who_attend_eventbpem-front\bpem_persons_who_attend_event.php:3
noprivwp_ajax_bpem_persons_who_attend_eventbpem-front\bpem_persons_who_attend_event.php:5

Shortcodes 3

[eventdetail] bpem-front\bpem-event-further-details.php:45
[attendees] bpem-front\bpem-list-of-attendees.php:29
[bpem_map] bpem-front\bpem_google_map.php:65
WordPress Hooks 25
actioninitbp-event-manager.php:33
actioninitbp-event-manager.php:35
actioninitbp-event-manager.php:37
actionadmin_enqueue_scriptsbp-event-manager.php:39
actionadmin_menubp-event-manager.php:41
actionadd_meta_boxesbp-event-manager.php:43
actionplugins_loadedbp-event-manager.php:45
actionadmin_initbp-event-manager.php:47
actionadmin_footerbp-event-manager.php:49
actionwidgets_initbp-event-manager.php:51
actionadmin_menubpem-dash\bpem-admin-settings-page.php:5
actionadmin_initbpem-dash\bpem-admin-settings-page.php:15
actionadd_meta_boxesbpem-dash\bpem-post-type.php:321
actionsave_postbpem-dash\bpem-post-type.php:1234
filtermanage_bpem_event_posts_columnsbpem-dash\bpem-post-type.php:1254
actionmanage_bpem_event_posts_custom_columnbpem-dash\bpem-post-type.php:1364
actionwpbpem-front\bpem-event-calendar.php:57
actionbp_template_contentbpem-front\bpem-event-calendar.php:70
actionwpbpem-front\bpem-event-form.php:33
actionbp_template_contentbpem-front\bpem-event-form.php:37
actionwpbpem-front\bpem-list-events.php:26
actionbp_template_titlebpem-front\bpem-list-events.php:29
actionbp_template_contentbpem-front\bpem-list-events.php:30
actionwp_footerbpem-front\bpem-list-events.php:294
filterthe_contentbpem-front\bpem_event_info.php:65
Maintenance & Trust

BP Event Manager Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24
Last updatedOct 13, 2019
PHP min version5.6.20
Downloads3K

Community Trust

Rating20/100
Number of ratings2
Active installs10
Alternatives

BP Event Manager Alternatives

Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered)

Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered)

wp-event-solution

B
82

Create and manage events with a flexible WordPress events calendar plugin. Add recurring events, RSVP, ticket booking, and WooCommerce ticket selling &hellip;

10K 19 CVEs
VS Event List

VS Event List

very-simple-event-list

A
100

With this lightweight plugin you can create an event list.

9K No CVEs
Quick Event Manager

Quick Event Manager

quick-event-manager

A
98

Simple event manager. No messing about, just add events and a shortcode and the plugin does the rest for you.

2K 5 CVEs
Import Meetup Events – Meetup Sync & Event Aggregator for WordPress

Import Meetup Events – Meetup Sync & Event Aggregator for WordPress

import-meetup-events

A
100

Automatically import and sync Meetup.com events into WordPress without a Meetup Pro account. Works with The Events Calendar, Events Manager, EventON, &hellip;

300 No CVEs
BuddyPress Simple Events

BuddyPress Simple Events

buddypress-simple-events

A
100

A simple Events plugin for BuddyPress or the BuddyBoss Platform.

200 No CVEs
Developer Profile

BP Event Manager Developer Profile

zaheer01

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BP Event Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bp-event-manager/inc/css/bpem-style.css/wp-content/plugins/bp-event-manager/inc/css/jquery-ui.css/wp-content/plugins/bp-event-manager/inc/css/jquery.timepicker.min.css/wp-content/plugins/bp-event-manager/inc/css/font-awesome-4.7.0/css/font-awesome.min.css/wp-content/plugins/bp-event-manager/inc/css/fullcalendar.min.css/wp-content/plugins/bp-event-manager/inc/css/simplePagination.min.css/wp-content/plugins/bp-event-manager/inc/js/jquery.timepicker.min.js/wp-content/plugins/bp-event-manager/inc/js/bpem_script.js+4 more
Script Paths
https://cdn.jsdelivr.net/npm/jquery-validation@1.19.0/dist/jquery.validate.min.js
Version Parameters
bpem-style?ver=bpem-jquery-ui?ver=bpem-timepicker?ver=font-awesome?ver=bpem-fc?ver=bpem-pagination?ver=bpem-timepicker?ver=bpem-script?ver=moments?ver=bpem-clndr?ver=bpem-pagination?ver=bpem-admin?ver=

HTML / DOM Fingerprints

CSS Classes
attandeeswrap_bxboxremove_attendybox_attendee
Data Attributes
user-idevent-id
JS Globals
ajax_object
FAQ

Frequently Asked Questions about BP Event Manager