Eveeno Security & Risk Analysis
wordpress.org/plugins/eveenoWordPress plugin for embedding eveeno registration forms and upcoming events lists.
Is Eveeno Safe to Use in 2026?
Generally Safe
Score 91/100Eveeno has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The eveeno plugin v2.1 exhibits a generally strong security posture based on the provided static analysis. It demonstrates excellent adherence to secure coding practices by having no dangerous functions, all SQL queries utilizing prepared statements, and all output being properly escaped. The plugin also avoids file operations and external HTTP requests, further reducing its attack surface. A key strength is the presence of capability checks, indicating an awareness of access control.
However, the static analysis does reveal a potential area of concern: the lack of nonce checks on the single identified shortcode. While there are no identified critical or high severity taint flows, this omission means that the shortcode's functionality could be susceptible to CSRF attacks if it performs any sensitive actions. The vulnerability history, while showing no currently unpatched CVEs, does indicate a past medium severity Cross-site Scripting (XSS) vulnerability, which suggests that input validation or output sanitization might not always be consistently applied, even though the current static analysis shows 100% proper output escaping.
In conclusion, eveeno v2.1 is well-developed from a secure coding standpoint, with key areas like SQL and output handling being robust. The main weakness lies in the potential for CSRF on the shortcode due to missing nonce checks. The past XSS vulnerability, while resolved, serves as a reminder that ongoing vigilance is necessary. Despite this, the current version appears to be in a relatively secure state, provided the shortcode does not perform highly sensitive operations.
Key Concerns
- Shortcode missing nonce check
- Past medium severity XSS vulnerability
Eveeno Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Eveeno <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Eveeno Release Timeline
Eveeno Code Analysis
Output Escaping
Eveeno Attack Surface
Shortcodes 1
WordPress Hooks 4
Maintenance & Trust
Eveeno Maintenance & Trust
Maintenance Signals
Community Trust
Eveeno Alternatives
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
custom-registration-form-builder-with-submission-manager
Create customized user registration forms, accept payments, track submissions, manage users, analyze stats, assign user roles and more!
Events Calendar GForms Registration
ecgf-registration
Use Gravity Forms to handle registration for The Events Calendar events.
Event Espresso Requirements Check
event-espresso-requirements-check
This plugin checks your web hosting environment to ensure compatibility with Event Espresso, the premium event management plugin for WordPress.
RegiFair
regi-fair
RegiFair is an event registrations manager that provides a form builder and supports waiting lists, group registrations and email notifications.
Sugar Events Calendar – Ninja Forms Add-on
sugar-events-calendar-ninja-forms-add-on
Add registrations forms for your Sugar Events Calendar events using Ninja Forms.
Eveeno Developer Profile
2 plugins · 200 total installs
How We Detect Eveeno
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/eveeno/assets/js/embed.min.js/wp-content/plugins/eveeno/assets/js/embed.min.jseveeno/assets/js/embed.min.js?ver=HTML / DOM Fingerprints
eveenoWidgetdata-wppluginversion<div class="eveenoWidget"