WP-Safety

CE21 Suite Security & Risk Analysis

wordpress.org/plugins/ce21-suite

CE21 Suite is a plugin that allow the addition of CE21 components to you WordPress site.

50 active installs v2.3.5 PHP 7.4+ WP 6.3+ Updated Feb 6, 2026
education-online-courseshybrid-conferencevirtual-event-services
28
F · Critical Risk
CVEs total6
Unpatched4
Last CVENov 3, 2025
Plugin page Download
Safety Verdict

Is CE21 Suite Safe to Use in 2026?

Critical Risk — Avoid

Score 28/100

CE21 Suite is critically unsafe with 6 known CVEs, 4 still unpatched. Avoid in production.

6 known CVEs 4 unpatched Last CVE: Nov 3, 2025Updated 1mo ago
Risk Assessment

The "ce21-suite" plugin v2.3.5 exhibits a concerning security posture, largely due to a significant number of unprotected entry points and a history of severe vulnerabilities. While the code demonstrates good practices in output escaping and uses prepared statements for a majority of its SQL queries, the sheer volume of AJAX handlers and REST API routes lacking proper authentication and authorization checks presents a substantial attack surface. Furthermore, the taint analysis revealed multiple flows with unsanitized paths, indicating potential for injection vulnerabilities. The plugin's vulnerability history is particularly alarming, with a high number of critical and unpatched CVEs, including common types like authentication bypass and exposure of sensitive information. This pattern suggests recurring, fundamental security flaws that have not been adequately addressed, increasing the likelihood of exploitation. The presence of bundled libraries without specific version information also introduces a potential unknown risk.

Key Concerns

  • Unpatched critical vulnerabilities (4)
  • High number of unprotected AJAX handlers (26)
  • Unprotected REST API routes (3)
  • Taint analysis with unsanitized paths (13)
  • Critical severity taint flows (4)
  • Missing nonce checks on AJAX handlers (implied by lack of auth)
  • Vulnerability history pattern (multiple critical/authentication issues)
Vulnerabilities
6

CE21 Suite Security Vulnerabilities

CVEs by Year

4 CVEs in 2024 · unpatched
2024
2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Critical
5
Medium
1

6 total CVEs

CVE-2025-11008critical · 9.8Insertion of Sensitive Information into Log File

CE21 Suite <= 2.3.1 - Unauthenticated Sensitive Information Exposure to Privilege Escalation

Nov 3, 2025Unpatched
CVE-2025-11007critical · 9.8Missing Authentication for Critical Function

CE21 Suite 2.2.1 - 2.3.1 - Missing Authorization to Unauthenticated Privilege Escalation via Plugin Settings Update

Nov 3, 2025Unpatched
CVE-2024-54293critical · 9.8Improper Privilege Management

CE21 Suite <= 2.2.0 - Unauthenticated Privilege Escalation

Dec 11, 2024 Patched in 2.2.1 (9d)
CVE-2024-10284critical · 9.8Authentication Bypass Using an Alternate Path or Channel

CE21 Suite <= 2.2.0 - Authentication Bypass

Nov 8, 2024 Patched in 2.2.1 (33d)
CVE-2024-10285critical · 9.8Exposure of Sensitive Information to an Unauthorized Actor

CE21 Suite <= 2.2.0 - JWT Token Disclosure

Nov 8, 2024Unpatched
CVE-2024-10294medium · 6.5Missing Authorization

CE21 Suite <= 2.2.0 - Missing Authorization to Unauthenticated Plugin Settings Change

Nov 8, 2024Unpatched
Code Analysis
Analyzed Mar 16, 2026

CE21 Suite Code Analysis

Dangerous Functions
0
Raw SQL Queries
24
22 prepared
Unescaped Output
19
448 escaped
Nonce Checks
6
Capability Checks
3
File Operations
0
External Requests
15
Bundled Libraries
1

Bundled Libraries

DataTables

SQL Query Safety

48% prepared46 total queries

Output Escaping

96% escaped467 total outputs
Data Flows
13 unsanitized

Data Flow Analysis

15 flows13 with unsanitized paths
get_filtered_ads (classified\templates\classified-ads-template.php:57)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
29 unprotected

CE21 Suite Attack Surface

Entry Points44
Unprotected29

AJAX Handlers 35

authwp_ajax_ce21_save_classifiedads_list_settingsclassified\ce21-classified-ads-functions.php:37
noprivwp_ajax_ce21_save_classifiedads_list_settingsclassified\ce21-classified-ads-functions.php:38
authwp_ajax_ce21_update_classifiedads_list_settingsclassified\ce21-classified-ads-functions.php:114
noprivwp_ajax_ce21_update_classifiedads_list_settingsclassified\ce21-classified-ads-functions.php:115
authwp_ajax_ce21_delete_classifiedadsclassified\ce21-classified-ads-functions.php:196
authwp_ajax_filter_classified_adsclassified\ce21-classified-ads-functions.php:380
noprivwp_ajax_filter_classified_adsclassified\ce21-classified-ads-functions.php:381
authwp_ajax_ce21_save_classifiedads_list_settingsclassified\ce21-classified-ads-functions.php:401
authwp_ajax_ce21_update_classifiedads_list_settingsclassified\ce21-classified-ads-functions.php:402
authwp_ajax_manage_wp_posts_using_bulk_quick_save_bulk_editincludes\ce21-functions.php:130
authwp_ajax_data_fetchincludes\ce21-functions.php:177
noprivwp_ajax_data_fetchincludes\ce21-functions.php:178
authwp_ajax_ce21_single_sign_on_save_api_settingsincludes\ce21-functions.php:367
noprivwp_ajax_ce21_single_sign_on_save_api_settingsincludes\ce21-functions.php:368
authwp_ajax_get_ce21_single_sign_on_calendar_eventsincludes\ce21-functions.php:507
noprivwp_ajax_get_ce21_single_sign_on_calendar_eventsincludes\ce21-functions.php:508
authwp_ajax_ce21_ss_add_new_calendar_eventincludes\ce21-functions.php:691
noprivwp_ajax_ce21_ss_add_new_calendar_eventincludes\ce21-functions.php:692
authwp_ajax_ce21_ss_delete_calendar_eventincludes\ce21-functions.php:763
noprivwp_ajax_ce21_ss_delete_calendar_eventincludes\ce21-functions.php:764
authwp_ajax_get_ce21_single_sign_on_calendar_eventincludes\ce21-functions.php:803
noprivwp_ajax_get_ce21_single_sign_on_calendar_eventincludes\ce21-functions.php:804
authwp_ajax_ce21_ss_edit_calendar_eventincludes\ce21-functions.php:865
noprivwp_ajax_ce21_ss_edit_calendar_eventincludes\ce21-functions.php:866
authwp_ajax_load_ce21_single_sign_on_calendar_eventsincludes\ce21-functions.php:934
noprivwp_ajax_load_ce21_single_sign_on_calendar_eventsincludes\ce21-functions.php:935
authwp_ajax_get_ce21_mini_calendarincludes\ce21-functions.php:1584
noprivwp_ajax_get_ce21_mini_calendarincludes\ce21-functions.php:1585
authwp_ajax_ce21_save_programs_list_settingsprograms\ce21-programs-functions.php:21
noprivwp_ajax_ce21_save_programs_list_settingsprograms\ce21-programs-functions.php:22
authwp_ajax_update_program_settingsprograms\ce21-programs-functions.php:358
authwp_ajax_ce21_delete_programprograms\ce21-programs-functions.php:457
noprivwp_ajax_ce21_sign_in_ajax_apisingle-sign-on-ce21.php:1016
authwp_ajax_load_ce21_classified_adssingle-sign-on-ce21.php:1084
noprivwp_ajax_load_ce21_classified_adssingle-sign-on-ce21.php:1085

REST API Routes 3

GET/wp-json/ce21authenticationsingle-sign-on-ce21.php:221
POST/wp-json/ce21membership/updatesingle-sign-on-ce21.php:230
GET/wp-json/ce21logoffsingle-sign-on-ce21.php:239

Shortcodes 6

[ce21_classifiedads] classified\ce21-classified-ads-functions.php:300
[ce21-sso-sign-in] includes\ce21-functions.php:298
[ce21-calendar] includes\ce21-functions.php:495
[ce21-mini-calendar] includes\ce21-functions.php:1066
[ce21_directory] membership\ce21-membership-functions.php:36
[ce21_programs_list] programs\ce21-programs-functions.php:505
WordPress Hooks 32
actionplugins_loadedclassified\ce21-classified-ads-functions.php:395
actionadmin_initclassified\ce21-classified-ads-functions.php:398
actionwp_footerclassified\templates\classified-ads-template.php:1295
actionbulk_edit_custom_boxincludes\ce21-functions.php:87
actionwp_headincludes\ce21-functions.php:643
actionadmin_menuincludes\class-single-sign-on-ce21.php:86
actionplugins_loadedincludes\class-single-sign-on-ce21.php:149
actionadmin_enqueue_scriptsincludes\class-single-sign-on-ce21.php:164
actionadmin_enqueue_scriptsincludes\class-single-sign-on-ce21.php:165
actionwp_enqueue_scriptsincludes\class-single-sign-on-ce21.php:180
actionwp_enqueue_scriptsincludes\class-single-sign-on-ce21.php:181
actionquick_edit_custom_boxincludes\quick-edit-functions.php:13
actionadmin_enqueue_scriptsincludes\quick-edit-functions.php:14
actionsave_postincludes\quick-edit-functions.php:15
filterallowed_redirect_hostssingle-sign-on-ce21.php:96
actionrest_api_initsingle-sign-on-ce21.php:218
actionadd_meta_boxessingle-sign-on-ce21.php:507
actionsave_postsingle-sign-on-ce21.php:576
filtermanage_posts_columnssingle-sign-on-ce21.php:607
filtermanage_pages_columnssingle-sign-on-ce21.php:608
actionmanage_posts_custom_columnsingle-sign-on-ce21.php:628
actionmanage_pages_custom_columnsingle-sign-on-ce21.php:629
actionwpsingle-sign-on-ce21.php:683
actionwp_trash_postsingle-sign-on-ce21.php:889
actionadmin_menusingle-sign-on-ce21.php:906
actionwpmu_new_blogsingle-sign-on-ce21.php:970
actionwp_initialize_sitesingle-sign-on-ce21.php:973
actionactivate_blogsingle-sign-on-ce21.php:976
actioninitsingle-sign-on-ce21.php:1021
actionupgrader_process_completesingle-sign-on-ce21.php:1062
actionwp_enqueue_scriptssingle-sign-on-ce21.php:1071
actionwp_footersingle-sign-on-ce21.php:1300
Maintenance & Trust

CE21 Suite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 6, 2026
PHP min version7.4
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs50
Alternatives

CE21 Suite Alternatives

No alternatives data available yet.

Developer Profile

CE21 Suite Developer Profile

CE21

1 plugin · 50 total installs

44
trust score
Avg Security Score
28/100
Avg Patch Time
21 days
View full developer profile
Detection Fingerprints

How We Detect CE21 Suite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ce21-suite/includes/js/ce21-sso-admin.js/wp-content/plugins/ce21-suite/includes/js/ce21-sso-frontend.js/wp-content/plugins/ce21-suite/includes/css/ce21-sso-admin.css/wp-content/plugins/ce21-suite/includes/css/ce21-sso-frontend.css/wp-content/plugins/ce21-suite/programs/css/ce21-programs.css/wp-content/plugins/ce21-suite/programs/js/ce21-programs.js/wp-content/plugins/ce21-suite/classified/css/ce21-classified-ads.css/wp-content/plugins/ce21-suite/classified/js/ce21-classified-ads.js+2 more
Script Paths
/wp-content/plugins/ce21-suite/includes/js/ce21-sso-admin.js/wp-content/plugins/ce21-suite/includes/js/ce21-sso-frontend.js/wp-content/plugins/ce21-suite/programs/js/ce21-programs.js/wp-content/plugins/ce21-suite/classified/js/ce21-classified-ads.js/wp-content/plugins/ce21-suite/membership/js/ce21-membership.js
Version Parameters
ce21-suite/includes/css/ce21-sso-admin.css?ver=ce21-suite/includes/js/ce21-sso-admin.js?ver=ce21-suite/includes/css/ce21-sso-frontend.css?ver=ce21-suite/includes/js/ce21-sso-frontend.js?ver=ce21-suite/programs/css/ce21-programs.css?ver=ce21-suite/programs/js/ce21-programs.js?ver=ce21-suite/classified/css/ce21-classified-ads.css?ver=ce21-suite/classified/js/ce21-classified-ads.js?ver=ce21-suite/membership/css/ce21-membership.css?ver=ce21-suite/membership/js/ce21-membership.js?ver=

HTML / DOM Fingerprints

CSS Classes
ce21-sso-admin-wrapce21-login-formce21-programs-listce21-classified-ads-widgetce21-membership-plans
HTML Comments
<!-- Currently plugin version. --><!-- The code that runs before plugin activation. --><!-- The core plugin class that is used to define internationalization, --><!-- admin-specific hooks, and public-facing site hooks. -->+9 more
Data Attributes
data-ce21-sso-noncedata-ce21-program-iddata-ce21-classified-iddata-ce21-membership-plan-id
JS Globals
ce21_sso_ajax_objectce21_programs_ajax_objectce21_classified_ads_ajax_objectce21_membership_ajax_objectsesionHelper
REST Endpoints
/wp-json/ce21/authentication/wp-json/ce21/membership/update
Shortcode Output
[ce21_sso_login_button][ce21_programs_list][ce21_classified_ads][ce21_membership_plans]
FAQ

Frequently Asked Questions about CE21 Suite