WP-Safety

Events by Devllo Security & Risk Analysis

wordpress.org/plugins/devllo-events

This is a simple event management plugin for adding and listing your events, show event locations on map, link to online Event locations.

10 active installs v1.0.4.3 PHP 5.5+ WP 4.4+ Updated Nov 2, 2022
calendareventevent-managementevent-managerevents
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Events by Devllo Safe to Use in 2026?

Generally Safe

Score 85/100

Events by Devllo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "devllo-events" plugin version 1.0.4.3 exhibits a generally good security posture based on the provided static analysis. The absence of known CVEs and a clean vulnerability history is a strong positive indicator, suggesting the plugin has been developed with security in mind and has not historically been a significant target for vulnerabilities.

However, the static analysis reveals areas for improvement. While the attack surface is small and appears to be protected, the SQL query usage is concerning. Only 25% of the SQL queries are prepared statements, meaning a significant portion are likely vulnerable to SQL injection if user input is not meticulously sanitized before being passed to these queries. Furthermore, nearly half of the output operations are not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if dynamic content is rendered without proper sanitization.

Despite these identified code-level concerns, the lack of critical or high severity taint flows and the presence of nonce and capability checks on the limited entry points are encouraging. The bundled jQuery version is outdated, which is a common practice that could introduce vulnerabilities if exploitable issues exist in that specific version. Overall, while the plugin's history is clean, the static analysis highlights potential weaknesses in SQL query handling and output escaping that require attention to maintain a robust security profile.

Key Concerns

  • SQL queries not using prepared statements
  • Output escaping is not fully implemented
  • Bundled outdated library (jQuery v1.12.4)
Vulnerabilities
None known

Events by Devllo Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Events by Devllo Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
1 prepared
Unescaped Output
45
65 escaped
Nonce Checks
2
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

jQuery1.12.4

SQL Query Safety

25% prepared4 total queries

Output Escaping

59% escaped110 total outputs
Attack Surface

Events by Devllo Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[devllo-calendar] templates\calendar-event.php:7
[devllo-events] templates\template-events.php:6
WordPress Hooks 28
actionadmin_initadmin\class-devllo-events-addons-page.php:33
actionadmin_enqueue_scriptsadmin\class-devllo-events-addons-page.php:34
actionadmin_menuadmin\class-devllo-events-admin-menu.php:20
actionadmin_initadmin\class-devllo-events-admin-settings.php:33
actionadmin_enqueue_scriptsadmin\class-devllo-events-admin-settings.php:34
actionadmin_initadmin\class-devllo-events-dashboard-page.php:33
actionadmin_enqueue_scriptsadmin\class-devllo-events-dashboard-page.php:35
actionsave_postadmin\class-devllo-events-posts-admin.php:17
actionadd_meta_boxesadmin\class-devllo-events-posts-admin.php:18
actionplugins_loadeddevllo-events.php:53
actionadmin_enqueue_scriptsdevllo-events.php:56
actionwp_enqueue_scriptsdevllo-events.php:57
filterscript_loader_tagdevllo-events.php:58
actionplugins_loadeddevllo-events.php:203
actionadmin_initincludes\class-devllo-events-activator.php:33
actioninitincludes\class-devllo-events-post-types.php:40
actioninitincludes\class-devllo-events-post-types.php:41
actionadmin_initincludes\class-devllo-events-post-types.php:43
actionshutdownincludes\class-devllo-events-session.php:35
filtersingle_templateincludes\devllo-events-functions.php:37
filterarchive_templateincludes\devllo-events-functions.php:39
filtertemplate_includeincludes\devllo-events-functions.php:41
filtergettextincludes\devllo-events-functions.php:45
actionadmin_action_devllo_event_duplicate_post_as_draftincludes\devllo-events-functions.php:47
filterpost_row_actionsincludes\devllo-events-functions.php:49
actionwp_before_admin_bar_renderincludes\devllo-events-functions.php:51
actionwp_enqueue_scriptstemplates\calendar-event.php:6
actionwp_enqueue_scriptstemplates\template-events.php:5
Maintenance & Trust

Events by Devllo Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedNov 2, 2022
PHP min version5.5
Downloads12K

Community Trust

Rating100/100
Number of ratings2
Active installs10
Alternatives

Events by Devllo Alternatives

Sched Event Management Software

Sched Event Management Software

embed-sched

A
85

Easily manage and promote events! Complete with mobile apps, multiple event calendar views, customization, speaker/sponsor directories and more!

200 No CVEs
Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform

Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform

sugar-calendar-lite

B
76

Easily manage events and sell tickets on your WordPress site. Sugar Calendar is easy-to-use, reliable, and exceptionally powerful. See for yourself.

10K 1 unpatched
Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered)

Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered)

wp-event-solution

B
82

Create and manage events with a flexible WordPress events calendar plugin. Add recurring events, RSVP, ticket booking, and WooCommerce ticket selling …

10K 19 CVEs
EventON – Events Calendar

EventON – Events Calendar

eventon-lite

A
85

Create beautiful, responsive event calendars with unlimited events, repeating schedules, virtual support, and a sleek minimal design!

6K 12 CVEs
Quick Event Manager

Quick Event Manager

quick-event-manager

A
98

Simple event manager. No messing about, just add events and a shortcode and the plugin does the rest for you.

2K 5 CVEs
Developer Profile

Events by Devllo Developer Profile

Devllo Plugins

2 plugins · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Events by Devllo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/devllo-events/includes/assets/css/style.css/wp-content/plugins/devllo-events/admin/assets/css/dashboard.css/wp-content/plugins/devllo-events/admin/assets/css/jquery-ui.css/wp-content/plugins/devllo-events/admin/assets/css/style.css/wp-content/plugins/devllo-events/admin/assets/css/jquery.timepicker.min.css/wp-content/plugins/devllo-events/includes/assets/js/jquery-1.12.4.js/wp-content/plugins/devllo-events/includes/assets/js/jquery-ui.js/wp-content/plugins/devllo-events/admin/assets/js/jquery.timepicker.min.js+2 more
Script Paths
https://maps.googleapis.com/maps/api/js?key=

HTML / DOM Fingerprints

CSS Classes
devllo-event-listings
Data Attributes
devllo_events_admin_page
JS Globals
initAutocomplete
Shortcode Output
[devllo_events_listings][devllo_events_calendar]
FAQ

Frequently Asked Questions about Events by Devllo