Does Community Events have any unpatched vulnerabilities?

No. All known vulnerabilities in Community Events have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Community Events compatible with WordPress 6.9.4?

According to WordPress.org data, Community Events 1.5.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Community Events updated?

Community Events was last updated on Feb 15, 2026. Frequent updates are generally a positive security signal.

What is Community Events's security score?

Community Events has a WP-Safety security score of 77/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Community Events Security & Risk Analysis

wordpress.org/plugins/community-events

The purpose of this plugin is to allow users to create a schedule of upcoming events and display events for the next 7 days in an AJAX-driven box or d …

30 active installs v1.5.9 PHP + WP 3.0+ Updated Feb 15, 2026

ajaxcalendarcommunityeventslist

B · Generally Safe

CVEs total12

Unpatched0

Last CVEMar 6, 2026

Plugin page Download

Safety Verdict

Is Community Events Safe to Use in 2026?

Mostly Safe

Score 77/100

Community Events is generally safe to use. 12 past CVEs were resolved. Keep it updated.

12 known CVEsLast CVE: Mar 6, 2026Updated 1mo ago

Risk Assessment

The "community-events" plugin v1.5.9 presents a mixed security posture. While the code analysis reveals no dangerous functions and a reasonable percentage of SQL queries using prepared statements, significant concerns arise from the attack surface. A substantial number of AJAX handlers (6 out of 8) lack authentication checks, presenting a clear entry point for unauthorized actions. The taint analysis further exacerbates this, with 5 high-severity flows indicating potential risks related to unsanitized input, even if no critical severity issues were found. The plugin's historical vulnerability record is particularly alarming, with 12 known CVEs, including 3 critical and 2 high-severity issues, despite the absence of currently unpatched vulnerabilities. This pattern of past critical and high-severity issues, often related to authorization, CSRF, XSS, and SQL injection, suggests a recurring struggle with secure coding practices and highlights the potential for similar vulnerabilities to emerge in the future if not addressed comprehensively.

In conclusion, while the absence of critical taint flows and actively unpatched vulnerabilities are positive indicators, the substantial number of unprotected AJAX endpoints and the plugin's history of severe vulnerabilities are significant red flags. The plugin's overall security is compromised by these factors, requiring careful consideration and likely remediation. The potential for exploitation through unprotected AJAX endpoints, coupled with past severe security flaws, necessitates a cautious approach to its deployment and use.

Key Concerns

Unprotected AJAX handlers
High severity taint flows
Large number of past critical CVEs
Large number of past high CVEs
SQL queries not using prepared statements (48%)
Output escaping not properly handled (40%)
Unsanitized paths in taint flows
Past medium severity CVEs

Vulnerabilities

Community Events Security Vulnerabilities

CVEs by Year

1 CVE in 2015

2015

1 CVE in 2021

2021

1 CVE in 2022

2022

2 CVEs in 2024

2024

4 CVEs in 2025

2025

3 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

12 total CVEs

CVE-2026-2429medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Community Events <= 1.5.8 - Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field

Mar 6, 2026 Patched in 1.5.9 (1d)

CVE-2026-1649medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Community Events <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ce_venue_name' Parameter

Feb 17, 2026 Patched in 1.5.8 (1d)

CVE-2025-14029medium · 5.3Missing Authorization

Community Events <= 1.5.6 - Missing Authorization to Unauthenticated Arbitrary Event Approval via 'eventlist' Parameter

Jan 16, 2026 Patched in 1.5.7 (1d)

CVE-2025-12646high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Community Events <= 1.5.4 - Unauthenticated SQL Injection

Nov 18, 2025 Patched in 1.5.5 (1d)

CVE-2025-11995high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Community Events <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting

Oct 31, 2025 Patched in 1.5.3 (1d)

CVE-2025-10586critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Community Events <= 1.5.1 - Unauthenticated SQL Injection

Oct 8, 2025 Patched in 1.5.2 (1d)

CVE-2025-10587critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Community Events <= 1.5.1 - Unauthenticated SQL Injection

Oct 7, 2025 Patched in 1.5.2 (1d)

CVE-2024-6270medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Community Events <= 1.5 - Authenticated (Admin+) Stored Cross-Site Scripting

Jul 15, 2024 Patched in 1.5.1 (26d)

CVE-2024-6271medium · 4.3Cross-Site Request Forgery (CSRF)

Community Events <= 1.4.9 - Cross-Site Request Forgery

Jul 1, 2024 Patched in 1.5 (40d)

CVE-2022-44742medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Community Events <= 1.4.8 - Authenticated (Administrator+) Stored Cross Site Scripting

Nov 25, 2022 Patched in 1.4.9 (424d)

CVE-2021-24496medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Community Events <= 1.4.7 - Reflected Cross-Site Scripting

Jul 2, 2021 Patched in 1.4.8 (935d)

CVE-2015-3313critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Community Events < 1.4 - SQL Injection

Apr 20, 2015 Patched in 1.4 (3200d)

Code Analysis

Analyzed Mar 16, 2026

Community Events Code Analysis

Dangerous Functions

Raw SQL Queries

32 prepared

Unescaped Output

112

166 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

52% prepared62 total queries

Output Escaping

60% escaped278 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

14 flows6 with unsanitized paths

ajax_frontend_event_list (community-events.php:93)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Community Events Attack Surface

Entry Points11

Unprotected6

AJAX Handlers 8

authwp_ajax_community_events_frontend_listcommunity-events.php:54

noprivwp_ajax_community_events_frontend_listcommunity-events.php:55

authwp_ajax_community_events_admin_listcommunity-events.php:57

noprivwp_ajax_community_events_admin_listcommunity-events.php:58

authwp_ajax_community_events_click_trackercommunity-events.php:60

noprivwp_ajax_community_events_click_trackercommunity-events.php:61

authwp_ajax_community_events_approvalcommunity-events.php:63

noprivwp_ajax_community_events_approvalcommunity-events.php:64

Shortcodes 3

[community-events-7day] community-events.php:72

[community-events-full] community-events.php:73

[community-events-addevent] community-events.php:74

WordPress Hooks 12

filterscreen_layout_columnscommunity-events.php:44

actionadmin_menucommunity-events.php:46

actionadmin_post_save_community_events_generalcommunity-events.php:48

actionadmin_post_save_community_events_event_typescommunity-events.php:49

actionadmin_post_save_community_events_venuescommunity-events.php:50

actionadmin_post_save_community_events_eventscommunity-events.php:51

actionadmin_post_save_community_events_stylesheetcommunity-events.php:52

actionwp_enqueue_scriptscommunity-events.php:66

actionadmin_enqueue_scriptscommunity-events.php:69

actionwp_headcommunity-events.php:76

actioninitcommunity-events.php:78

actionce_daily_eventcommunity-events.php:80

Scheduled Events 1

ce_daily_event

Maintenance & Trust

Community Events Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 15, 2026

PHP min version

Downloads19K

Community Trust

Rating60/100

Number of ratings2

Active installs30

Alternatives

Community Events Alternatives

WP FullCalendar

wp-fullcalendar

Uses the FullCalendar library to create a stunning calendar view of events, posts and other custom post types

9K 2 unpatched

Events Search For The Events Calendar

events-search-addon-for-the-events-calendar

100

Adds an AJAX-based events search bar on any page via shortcode to quickly find any upcoming event created with The Events Calendar plugin.

3K No CVEs

Events Block For The Events Calendar

events-block-for-the-events-calendar

100

The Events Block for The Events Calendar lets you showcase your events from The Events Calendar right within the Gutenberg pages.

2K No CVEs

Simple Event Planner

simple-event-planner

A powerful & flexible plugin to create event listing and event calendar on your website in a simple & elegant way.

1K 2 CVEs

Eventful for Elementor – Events Showcase For The Events Calendar

eventful-for-elementor

100

Seamlessly showcase events from The Events Calendar in Elementor with customizable widgets and dynamic layouts.

200 No CVEs

Developer Profile

Community Events Developer Profile

Yannick Lefebvre

8 plugins · 11K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

529 days

View full developer profile

Detection Fingerprints

How We Detect Community Events

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/community-events/css/ui-lightness/jquery-ui-1.8.4.custom.css/wp-content/plugins/community-events/tiptip/tipTip.css/wp-content/plugins/community-events/tiptip/jquery.tipTip.minified.js

Script Paths

/wp-content/plugins/community-events/tiptip/jquery.tipTip.minified.js

Version Parameters

community-events/css/ui-lightness/jquery-ui-1.8.4.custom.css?ver=community-events/tiptip/tipTip.css?ver=community-events/tiptip/jquery.tipTip.minified.js?ver=

HTML / DOM Fingerprints

CSS Classes

ce_event_list_item

HTML Comments

+1 more

Data Attributes

data-event-id

JS Globals

community_events_admin_ajax_urlcommunity_events_frontend_ajax_urlcommunity_events_click_tracker_ajax_urlcommunity_events_approval_ajax_url

REST Endpoints

/wp-json/community-events/v1/events

Shortcode Output

[community-events-7day][community-events-full][community-events-addevent]

FAQ