Does Invitations and RSVPs have any unpatched vulnerabilities?

No. All known vulnerabilities in Invitations and RSVPs have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Invitations and RSVPs compatible with WordPress 6.9.4?

According to WordPress.org data, Invitations and RSVPs 1.5.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Invitations and RSVPs compatible with PHP 8.0+?

Invitations and RSVPs requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Invitations and RSVPs updated?

Invitations and RSVPs was last updated on Feb 25, 2026. Frequent updates are generally a positive security signal.

What is Invitations and RSVPs's security score?

Invitations and RSVPs has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Invitations and RSVPs Security Review

Safety Verdict

Is Invitations and RSVPs Safe to Use in 2026?

Generally Safe

Score 100/100

Invitations and RSVPs has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "cwsi-invites" v1.5.1 plugin exhibits a generally strong security posture, with a notable absence of known vulnerabilities and a high percentage of properly escaped output and prepared SQL statements. The static analysis reveals good coding practices, such as the presence of 13 nonce checks, which are crucial for preventing CSRF attacks. The limited attack surface, consisting only of two shortcodes with no unprotected entry points, further contributes to its security. However, a significant concern arises from the taint analysis, which identified 8 flows with unsanitized paths. While no critical or high severity issues were flagged, this indicates a potential for cross-site scripting (XSS) or other injection vulnerabilities if these paths are not handled with extreme care by the developer, even if the direct impact isn't immediately obvious from the static analysis alone.

The plugin's vulnerability history is remarkably clean, with zero known CVEs. This, combined with the high percentage of secure coding practices, suggests a developer who is either very diligent or has not yet encountered significant security challenges. Nevertheless, the presence of unsanitized paths in the taint analysis warrants attention, as it represents a latent risk. The bundled Freemius library, version 1.0, is also an area of potential concern as it might be outdated and contain its own undiscovered vulnerabilities. In conclusion, "cwsi-invites" v1.5.1 is in a strong security position due to its clean vulnerability history and good implementation of common security measures. The primary weakness lies in the identified unsanitized paths from the taint analysis and the potentially outdated bundled library, which require developer attention to fully mitigate any latent risks.

Key Concerns

Taint flows with unsanitized paths found
Bundled Freemius v1.0 library

Vulnerabilities

None known

Invitations and RSVPs Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Invitations and RSVPs Code Analysis

Dangerous Functions

0

Raw SQL Queries

11

36 prepared

Unescaped Output

7

330 escaped

Nonce Checks

13

Capability Checks

0

File Operations

1

External Requests

1

Bundled Libraries

1

Bundled Libraries

Freemius1.0

SQL Query Safety

77% prepared47 total queries

Output Escaping

98% escaped337 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

8 flows8 with unsanitized paths

cwsiEvents_page (admin\class-cwsi-invites-admin.php:247)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Invitations and RSVPs Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[cwsiInviteAnswerForm] public\class-cwsi-invites-public.php:82

[cwsiInviteShowResponses] public\class-cwsi-invites-public.php:83

WordPress Hooks 6

actionadmin_enqueue_scriptsincludes\class-cwsi-invites.php:133

actionadmin_enqueue_scriptsincludes\class-cwsi-invites.php:134

actionadmin_menuincludes\class-cwsi-invites.php:135

actionwp_enqueue_scriptsincludes\class-cwsi-invites.php:149

actionwp_enqueue_scriptsincludes\class-cwsi-invites.php:150

actioninitpublic\class-cwsi-invites-public.php:54

Maintenance & Trust

Invitations and RSVPs Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version8.0

Downloads970

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Invitations and RSVPs Alternatives

Invite Anyone

invite-anyone

B

83

Makes BuddyPress's invitation features more powerful.

1K 6 CVEs

WP eCards – Branded Digital Greeting Cards

wp-ecards-invites

A

99

Add interactive digital greeting cards to your WordPress site — fully branded, customizable, and shareable by visitors through email or social media.

400 1 CVE

Invitations for Slack

invitations-for-slack

A

85

Build a Slack community by allowing your visitors (or registered users) to invite themselves to your Slack team.

30 No CVEs

Eventish WP Widget

eventish

A

85

This plugin displays your www.eventish.com events list in your Wordpress based website as a sidebar widget.

10 No CVEs

WP Social Invites

wp-social-invites

A

85

WP Social Invites allows your visitors to invite their social friends on your website.

10 No CVEs

Developer Profile

Invitations and RSVPs Developer Profile

Charlene Copeland

3 plugins · 0 total installs

94

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Invitations and RSVPs

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cwsi-invites/css/cwsi-invites-admin.css/wp-content/plugins/cwsi-invites/js/cwsi-invites-admin.js/wp-content/plugins/cwsi-invites/public/css/cwsi-invites-public.css/wp-content/plugins/cwsi-invites/public/js/cwsi-invites-public.js

Script Paths

admin/js/cwsi-invites-admin.jspublic/js/cwsi-invites-public.js

Version Parameters

cwsi-invites-admin.css?ver=cwsi-invites-admin.js?ver=cwsi-invites-public.css?ver=cwsi-invites-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

cwsi-invite-form-wrappercwsi-invite-success-messagecwsi-event-list-tablecwsi-invitee-form

HTML Comments

This file is read by WordPress to generate the plugin information in the plugin
 * admin area. This file also includes all of the dependencies used by the plugin,
 * registers the activation and deactivation functions, and defines a function
 * that starts the plugin.

Data Attributes

data-event-iddata-invite-iddata-nonce

JS Globals

cwsi_invite_ajax_object

Shortcode Output

[cwsi-invite-form][cwsi-event-list]

FAQ

Invitations and RSVPs Security & Risk Analysis

Is Invitations and RSVPs Safe to Use in 2026?

Generally Safe

Key Concerns

Invitations and RSVPs Security Vulnerabilities

Invitations and RSVPs Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Invitations and RSVPs Attack Surface

Shortcodes 2

Invitations and RSVPs Maintenance & Trust

Maintenance Signals

Community Trust

Invitations and RSVPs Alternatives

Invite Anyone

WP eCards – Branded Digital Greeting Cards

Invitations for Slack

Eventish WP Widget

WP Social Invites

Invitations and RSVPs Developer Profile

How We Detect Invitations and RSVPs

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Invitations and RSVPs