Does BuddyPress Simple Events have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is BuddyPress Simple Events compatible with WordPress 6.8.5?

According to WordPress.org data, BuddyPress Simple Events 6.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is BuddyPress Simple Events compatible with PHP 7.2+?

BuddyPress Simple Events requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BuddyPress Simple Events updated?

BuddyPress Simple Events was last updated on Apr 19, 2025. Frequent updates are generally a positive security signal.

What is BuddyPress Simple Events's security score?

BuddyPress Simple Events has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BuddyPress Simple Events Security & Risk Analysis

wordpress.org/plugins/buddypress-simple-events

A simple Events plugin for BuddyPress or the BuddyBoss Platform.

200 active installs v6.1 PHP 7.2+ WP 4.0+ Updated Apr 19, 2025

buddybossbuddypresseventevents

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is BuddyPress Simple Events Safe to Use in 2026?

Generally Safe

Score 92/100

BuddyPress Simple Events has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The buddypress-simple-events plugin, version 6.1, exhibits a generally good security posture based on the provided static analysis. The absence of known vulnerabilities (CVEs) and a lack of critical or high-severity taint flows are positive indicators. The plugin also demonstrates good practices by implementing nonce checks and capability checks, which are crucial for preventing common web attacks. However, a significant concern arises from the output escaping. With 122 total outputs and only 20% properly escaped, there is a high potential for cross-site scripting (XSS) vulnerabilities. While the plugin's attack surface appears minimal with no direct entry points like AJAX handlers, REST API routes, or shortcodes, the inadequate output sanitization creates a considerable risk. The vulnerability history being clean is reassuring, but it doesn't negate the risks identified in the code analysis. Future development should prioritize robust output escaping to mitigate potential XSS threats and further strengthen the plugin's security.

Key Concerns

Low percentage of properly escaped output
No mention of prepared statements in SQL queries

Vulnerabilities

None known

BuddyPress Simple Events Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

BuddyPress Simple Events Release Timeline

v6.1Current

v6.0

v5.2

v5.1

v5.0

v4.2

v4.1

v4.0

v3.3

v3.2

v3.1

v3.0

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2

v2.1

v2.0

v1.4.6

Code Analysis

Analyzed Mar 16, 2026

BuddyPress Simple Events Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

25 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

33% prepared3 total queries

Output Escaping

20% escaped122 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

3 flows

settings_update (inc\admin\pp-events-admin-settings.php:354)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

BuddyPress Simple Events Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 28

actionnetwork_admin_menuinc\admin\pp-events-admin-settings.php:27

actionadmin_menuinc\admin\pp-events-admin-settings.php:29

actionadmin_enqueue_scriptsinc\admin\pp-events-admin-settings.php:32

actionadmin_enqueue_scriptsinc\admin\pp-events-admin.php:16

actionadd_meta_boxesinc\admin\pp-events-admin.php:17

actionsave_post_eventinc\admin\pp-events-admin.php:18

filtermanage_edit-event_columnsinc\admin\pp-events-admin.php:19

actionmanage_event_posts_custom_columninc\admin\pp-events-admin.php:20

filterwp_insert_post_datainc\admin\pp-events-admin.php:22

actionbp_loadedinc\pp-events-core.php:221

filterbp_core_render_message_contentinc\pp-events-create-class.php:43

filterpre_get_postsinc\pp-events-functions.php:69

actiontemplate_redirectinc\pp-events-functions.php:84

actiontrash_eventinc\pp-events-functions.php:94

filteris_protected_metainc\pp-events-functions.php:125

actionbp_template_contentinc\pp-events-screens.php:9

actionbp_template_titleinc\pp-events-screens.php:21

actionbp_template_contentinc\pp-events-screens.php:22

actionbp_template_contentinc\pp-events-screens.php:42

actionwp_enqueue_scriptsinc\pp-events-screens.php:90

filterthe_contentinc\pp-events-templates.php:62

actionbp_initinc\pp-events-templates.php:75

actionwidgets_initinc\pp-events-widget.php:102

actionadmin_noticesloader.php:38

actionplugins_loadedloader.php:41

actionplugins_loadedloader.php:52

actionbp_includeloader.php:63

actioninitloader.php:194

Maintenance & Trust

BuddyPress Simple Events Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 19, 2025

PHP min version7.2

Downloads26K

Community Trust

Rating74/100

Number of ratings12

Active installs200

Alternatives

BuddyPress Simple Events Alternatives

EventPress

eventpress

Create Events on WordPress and BuddyPress!

200 No CVEs

BP Events Calendar

bp-events-calendar

The Modern Tribe's Events Calendar add-on that integrated into BuddyPress, and allow users to post events directly from their profile.

20 No CVEs

BP Event Manager

bp-event-manager

Plug and Play Plugin Development. A person can create events for buddypress groups.

10 No CVEs

The Events Calendar

the-events-calendar

The Events Calendar: #1 calendar plugin for WordPress. Create/manage events (virtual too!) on your site with the free plugin.

700K 25 CVEs

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

Optimize your appointment scheduling with our plugin. Sync calendars, automate reminders, and keep your bookings organized.

100K 2 unpatched

Developer Profile

BuddyPress Simple Events Developer Profile

shanebp

9 plugins · 2K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

124 days

View full developer profile

Detection Fingerprints

How We Detect BuddyPress Simple Events

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/buddypress-simple-events/css/events-admin.css/wp-content/plugins/buddypress-simple-events/css/events-public.css/wp-content/plugins/buddypress-simple-events/js/events-admin.js/wp-content/plugins/buddypress-simple-events/js/events-public.js

Script Paths

/wp-content/plugins/buddypress-simple-events/js/events-admin.js/wp-content/plugins/buddypress-simple-events/js/events-public.js

Version Parameters

buddypress-simple-events/css/events-admin.css?ver=buddypress-simple-events/css/events-public.css?ver=buddypress-simple-events/js/events-admin.js?ver=buddypress-simple-events/js/events-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

bp-simple-events-wrappp-event-formpp-event-metapp-event-locationpp-event-datepp-event-timepp-event-organizerpp-event-attendees+2 more

HTML Comments

<!-- Note:  if you don't see 'Reply' links on post comments or SWA - make sure that wp-admin > Settings > Discussion > nested comments is checked and set to a high number -->

Data Attributes

data-event-iddata-user-iddata-action

JS Globals

pp_events_paramsBP_Simple_Events

REST Endpoints

/wp-json/bp-simple-events/v1/

Shortcode Output

[bp_simple_events_list][bp_simple_events_calendar][bp_simple_events_form]

FAQ