WP-Safety

Event Calendar Newsletter Security & Risk Analysis

wordpress.org/plugins/event-calendar-newsletter

Stop manually copying the events you’re promoting from your WordPress events calendar!

600 active installs v2.17 PHP 7.4+ WP 5.8+ Updated Feb 7, 2026
all-in-one-event-calendarevent-calendar-newsletterthe-events-calendarwordpress-event-calendarwordpress-events-calendar
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Event Calendar Newsletter Safe to Use in 2026?

Generally Safe

Score 100/100

Event Calendar Newsletter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The event-calendar-newsletter plugin version 2.17 exhibits a generally strong security posture, particularly concerning the handling of SQL queries and the absence of known critical vulnerabilities. The static analysis reveals that all SQL queries are properly prepared, and there are no identified taint flows with unsanitized paths, indicating good practices in preventing common injection attacks. The plugin also implements nonce and capability checks, which are essential for securing its entry points.

However, the analysis does highlight a potential area for improvement regarding output escaping. With 76% of outputs properly escaped, there's a 24% portion that remains unescaped, which could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is rendered directly without proper sanitization. The single external HTTP request also warrants attention, as it represents a potential vector for attacks if the target endpoint is compromised or if the request is not handled securely. The plugin's history of zero recorded vulnerabilities is a positive indicator, suggesting a consistent effort towards security by the developers, but it does not negate the risks identified in the current analysis.

In conclusion, while the plugin benefits from robust SQL sanitization and a clean vulnerability history, the incomplete output escaping and the external HTTP request present minor but addressable security concerns. The overall risk is assessed as low, with recommendations to further strengthen output sanitization and scrutinize the external HTTP request for potential security implications.

Key Concerns

  • Unescaped output present
  • External HTTP request present
Vulnerabilities
None known

Event Calendar Newsletter Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Event Calendar Newsletter Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
43
137 escaped
Nonce Checks
5
Capability Checks
2
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

76% escaped180 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
optin_notice (tracking\class-plugin-usage-tracker.php:775)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Event Calendar Newsletter Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_fetch_eventsincludes\ecnadmin.class.php:33
authwp_ajax_fetch_other_plugin_optionsincludes\ecnadmin.class.php:34
authwp_ajax_fetch_allowed_tagsincludes\ecnadmin.class.php:35
authwp_ajax_goodbye_formtracking\class-plugin-usage-tracker.php:128
WordPress Hooks 22
actionplugins_loadedevent-calendar-newsletter.php:70
actioninitincludes\ecnadmin.class.php:28
actionadmin_initincludes\ecnadmin.class.php:31
actionadmin_menuincludes\ecnadmin.class.php:32
actionadmin_enqueue_scriptsincludes\ecnadmin.class.php:38
actionadmin_enqueue_scriptsincludes\ecnadmin.class.php:40
actionecn_main_before_resultsincludes\ecnadmin.class.php:42
actionecn_additional_filters_settings_htmlincludes\ecnadmin.class.php:45
actionadmin_menuincludes\ecnsettings.class.php:7
filterecn_image_sizeincludes\ecnsettings.class.php:9
filterecn_admin_capabilityincludes\ecnsettings.class.php:10
filterecn_output_formatincludes\output_formats\compact.php:10
filterecn_output_formatincludes\output_formats\default.php:10
actionafter_switch_themetracking\class-plugin-usage-tracker.php:86
actionswitch_themetracking\class-plugin-usage-tracker.php:87
filtercron_schedulestracking\class-plugin-usage-tracker.php:113
actionput_do_weekly_actiontracking\class-plugin-usage-tracker.php:115
actionadmin_inittracking\class-plugin-usage-tracker.php:121
actionadmin_noticestracking\class-plugin-usage-tracker.php:122
actionadmin_noticestracking\class-plugin-usage-tracker.php:123
actionadmin_footer-plugins.phptracking\class-plugin-usage-tracker.php:127
actionadmin_inittracking\class-plugin-usage-tracker.php:784

Scheduled Events 1

put_do_weekly_action
Maintenance & Trust

Event Calendar Newsletter Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 7, 2026
PHP min version7.4
Downloads38K

Community Trust

Rating96/100
Number of ratings16
Active installs600
Alternatives

Event Calendar Newsletter Alternatives

The Events Calendar Shortcode & Block

The Events Calendar Shortcode & Block

the-events-calendar-shortcode

A
98

Add shortcode, block, Elementor and Bricks functionality to The Events Calendar Plugin, so you can easily list and promote your events anywhere.

20K 2 CVEs
Events Widgets For Elementor And The Events Calendar

Events Widgets For Elementor And The Events Calendar

events-widgets-for-elementor-and-the-events-calendar

A
99

The Events Calendar Elementor widgets help you manage and display an upcoming events list with date, time, venue and event ticket booking details.

10K 1 CVE
Events Shortcodes For The Events Calendar

Events Shortcodes For The Events Calendar

template-events-calendar

A
99

Add The Events Calendar shortcode or Gutenberg block to show upcoming events list with event details on any WordPress page using smart event filters.

10K 1 CVE
Event Single Page Builder For The Events Calendar

Event Single Page Builder For The Events Calendar

event-page-templates-addon-for-the-events-calendar

A
100

The Events Calendar addon to create custom single event page templates and replace the default event single page layout with your own branded design.

6K No CVEs
Event Countdown for The Events Calendar

Event Countdown for The Events Calendar

countdown-for-the-events-calendar

A
98

Event countdown timer addon for The Events Calendar plugin to display upcoming event countdowns anywhere using a simple shortcode.

3K 2 CVEs
Developer Profile

Event Calendar Newsletter Developer Profile

Brian Hogg

2 plugins · 21K total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
4 days
View full developer profile
Detection Fingerprints

How We Detect Event Calendar Newsletter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/event-calendar-newsletter/css/icon.css/wp-content/plugins/event-calendar-newsletter/css/admin.css/wp-content/plugins/event-calendar-newsletter/js/admin.js
Script Paths
/wp-content/plugins/event-calendar-newsletter/js/admin.js
Version Parameters
ecn.icon.css?ver=ecn.admin.css?ver=ecn.admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
ecn-select2-dropdownecn-select2-containerecn-select2-selectionecn-select2-arrowecn-select2-searchecn-select2-resultsecn-select2-result-label
HTML Comments
<!-- BEGIN ECN DYNAMIC CONTENT --><!-- END ECN DYNAMIC CONTENT --><!-- DYNAMIC CONTENT --><!-- SHORTCODE CONTENT -->
Data Attributes
data-ecn-admindata-ecn-noncedata-ecn-post-id
JS Globals
ECNAdminECNProECN_VERSIONecn_admin_classecn_saved_optionsecn_admin_settings+4 more
REST Endpoints
/wp-json/event-calendar-newsletter/v1/settings/wp-json/event-calendar-newsletter/v1/templates
Shortcode Output
[event_calendar_newsletter][ecn_events]
FAQ

Frequently Asked Questions about Event Calendar Newsletter