WP-Safety

Event Organiser Security & Risk Analysis

wordpress.org/plugins/event-organiser

Create and maintain events, including complex reoccurring patterns, venue management (with Google Maps or OpenStreetMap), calendars and customisable e …

20K active installs v3.12.8 PHP + WP 3.8.0+ Updated Oct 10, 2024
eventevent-categoriesevent-organizereventsevents-calendar
70
B · Generally Safe
CVEs total1
Unpatched1
Last CVEDec 27, 2025
Plugin page Download
Safety Verdict

Is Event Organiser Safe to Use in 2026?

Mostly Safe

Score 70/100

Event Organiser is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Dec 27, 2025Updated 1yr ago
Risk Assessment

The "event-organiser" plugin version 3.12.8 exhibits a mixed security posture. While it demonstrates good practices in SQL query preparation (69%) and output escaping (68%), and implements a reasonable number of nonce and capability checks, there are significant concerns related to its attack surface and historical vulnerabilities. A notable portion of its AJAX handlers (8 out of 11) lack authentication checks, presenting a broad entry point for potential attacks. The presence of the `unserialize` function, coupled with taint analysis revealing 3 high-severity flows with unsanitized paths, further amplifies these concerns, suggesting potential for remote code execution or data manipulation if these flows are reachable without proper validation.

The plugin's vulnerability history, though appearing to have a single medium-severity CVE, is problematic due to its recency (December 2025) and the fact that it is currently unpatched. This indicates a persistent security weakness that has not been addressed, and the common vulnerability type of 'Missing Authorization' aligns with the static analysis findings of unprotected AJAX handlers. While the plugin has strengths in secure coding practices for SQL and output, the combination of a large unprotected attack surface, the dangerous `unserialize` function, high-severity unsanitized taint flows, and an unpatched historical vulnerability creates a concerning risk profile.

Key Concerns

  • Unpatched CVE found
  • High severity unsanitized taint flows (3)
  • Large attack surface without auth (8 AJAX)
  • Dangerous function used (unserialize)
  • SQL queries not always prepared
  • Output escaping not fully proper
Vulnerabilities
1 published

Event Organiser Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-69012medium · 4.3Missing Authorization

Event Organiser <= 3.12.8 - Missing Authorization

Dec 27, 2025Unpatched
Version History

Event Organiser Release Timeline

v3.12.8Current1 CVE
CVE-2025-69012
v3.12.71 CVE
CVE-2025-69012
v3.12.61 CVE
CVE-2025-69012
v3.12.51 CVE
CVE-2025-69012
v3.12.41 CVE
CVE-2025-69012
v3.12.31 CVE
CVE-2025-69012
v3.12.21 CVE
CVE-2025-69012
v3.12.11 CVE
CVE-2025-69012
v3.12.01 CVE
CVE-2025-69012
v3.11.11 CVE
CVE-2025-69012
v3.11.01 CVE
CVE-2025-69012
v3.10.81 CVE
CVE-2025-69012
v3.10.71 CVE
CVE-2025-69012
v3.10.61 CVE
CVE-2025-69012
v3.10.51 CVE
CVE-2025-69012
v3.10.41 CVE
CVE-2025-69012
v3.10.31 CVE
CVE-2025-69012
v3.10.21 CVE
CVE-2025-69012
v3.10.11 CVE
CVE-2025-69012
v3.10.01 CVE
CVE-2025-69012
Code Analysis
Analyzed Mar 16, 2026

Event Organiser Code Analysis

Dangerous Functions
1
Raw SQL Queries
17
37 prepared
Unescaped Output
198
421 escaped
Nonce Checks
15
Capability Checks
33
File Operations
2
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

unserialize$plugin_obj = ( 'plugin_info' == $action ? unserialize( $request['body'] ) : $request['body'] );includes\class-eo-extension.php:474

SQL Query Safety

69% prepared54 total queries

Output Escaping

68% escaped619 total outputs
Data Flows · Security
5 unsanitized

Data Flow Analysis

9 flows5 with unsanitized paths
download_debug_info (event-organiser-debug.php:486)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Event Organiser Attack Surface

Entry Points16
Unprotected8

AJAX Handlers 11

authwp_ajax_eventorganiser-fullcalincludes\event-organiser-ajax.php:6
noprivwp_ajax_eventorganiser-fullcalincludes\event-organiser-ajax.php:7
authwp_ajax_event-admin-calincludes\event-organiser-ajax.php:8
authwp_ajax_eofc-edit-dateincludes\event-organiser-ajax.php:9
authwp_ajax_eofc-format-timeincludes\event-organiser-ajax.php:10
authwp_ajax_eo-search-venueincludes\event-organiser-ajax.php:11
noprivwp_ajax_eo_widget_agendaincludes\event-organiser-ajax.php:12
authwp_ajax_eo_widget_agendaincludes\event-organiser-ajax.php:13
noprivwp_ajax_eo_widget_calincludes\event-organiser-ajax.php:14
authwp_ajax_eo_widget_calincludes\event-organiser-ajax.php:15
authwp_ajax_eo_toggle_addon_pageincludes\event-organiser-ajax.php:16

Shortcodes 5

[eo_calendar] classes\class-eventorganiser-shortcodes.php:16
[eo_fullcalendar] classes\class-eventorganiser-shortcodes.php:17
[eo_venue_map] classes\class-eventorganiser-shortcodes.php:18
[eo_events] classes\class-eventorganiser-shortcodes.php:19
[eo_subscribe] classes\class-eventorganiser-shortcodes.php:20
WordPress Hooks 118
actionwp_footerclasses\class-eo-agenda-widget.php:82
actionwidgets_initclasses\class-eo-agenda-widget.php:174
actionwp_footerclasses\class-eo-calendar-widget.php:160
actionwidgets_initclasses\class-eo-calendar-widget.php:415
actionwidgets_initclasses\class-eo-event-list-widget.php:343
actionwidgets_initclasses\class-eo-widget-categories.php:135
actionwidgets_initclasses\class-eo-widget-venues.php:133
actioninitclasses\class-eventorganiser-admin-page.php:15
actioninitclasses\class-eventorganiser-admin-page.php:16
actionadmin_menuclasses\class-eventorganiser-admin-page.php:20
actionwp_footerclasses\class-eventorganiser-shortcodes.php:21
actionadmin_footerevent-organiser-add-ons.php:37
actionadmin_noticesevent-organiser-calendar.php:104
filterscreen_settingsevent-organiser-calendar.php:116
actionadd_meta_boxes_eventevent-organiser-edit.php:25
actionsave_postevent-organiser-edit.php:506
filtermanage_edit-event_columnsevent-organiser-manage.php:41
filtermanage_edit-event_sortable_columnsevent-organiser-manage.php:49
actionmanage_event_posts_custom_columnevent-organiser-manage.php:63
actionrestrict_manage_postsevent-organiser-manage.php:110
actionrestrict_manage_postsevent-organiser-manage.php:130
actionrestrict_manage_postsevent-organiser-manage.php:151
actionquick_edit_custom_boxevent-organiser-manage.php:217
actionbulk_edit_custom_boxevent-organiser-manage.php:218
actionsave_postevent-organiser-manage.php:224
actionadmin_head-edit.phpevent-organiser-manage.php:265
actionadmin_initevent-organiser-settings.php:62
actioneventorganiser_event_settings_permalinksevent-organiser-settings.php:118
actionadmin_menuevent-organiser-venues.php:26
actionadmin_noticesevent-organiser-venues.php:36
filtermanage_event_page_venues_columnsevent-organiser-venues.php:184
actionafter_setup_themeevent-organiser.php:43
actionplugins_loadedevent-organiser.php:107
actionplugins_loadedevent-organiser.php:118
actionplugins_loadedincludes\class-eo-admin-notice.php:39
actionadmin_noticesincludes\class-eo-admin-notice.php:47
actionadmin_initincludes\class-eo-admin-notice.php:48
actionadmin_print_footer_scriptsincludes\class-eo-admin-notice.php:129
actionadmin_noticesincludes\class-eo-extension.php:88
actionadmin_initincludes\class-eo-extension.php:139
actionnetwork_admin_menuincludes\class-eo-extension.php:145
actionwpmu_optionsincludes\class-eo-extension.php:146
actionupdate_wpmu_optionsincludes\class-eo-extension.php:147
actioneventorganiser_register_tab_generalincludes\class-eo-extension.php:149
filterpre_set_site_transient_update_pluginsincludes\class-eo-extension.php:152
filterplugins_apiincludes\class-eo-extension.php:154
actiontemplate_redirectincludes\class-eo-theme-compatability.php:50
filtertemplate_includeincludes\class-eo-theme-compatability.php:66
filternext_post_linkincludes\class-eo-theme-compatability.php:90
filterprevious_post_linkincludes\class-eo-theme-compatability.php:91
filterthe_contentincludes\class-eo-theme-compatability.php:94
filterpost_classincludes\class-eo-theme-compatability.php:190
actionloop_startincludes\class-eo-theme-compatability.php:209
actionloop_endincludes\class-eo-theme-compatability.php:210
filterthe_contentincludes\class-eo-theme-compatability.php:213
filterthe_excerptincludes\class-eo-theme-compatability.php:214
filterpost_classincludes\class-eo-theme-compatability.php:217
filterbody_classincludes\class-eo-theme-compatability.php:218
actionwp_footerincludes\class-eo-theme-compatability.php:224
actioneventorganiser_event_settings_imexportincludes\class-event-organiser-im-export.php:80
filterquery_varsincludes\event-organiser-archives.php:30
filterpost_limitsincludes\event-organiser-archives.php:234
filterposts_fieldsincludes\event-organiser-archives.php:239
filterposts_joinincludes\event-organiser-archives.php:240
filterposts_whereincludes\event-organiser-archives.php:241
filterposts_orderbyincludes\event-organiser-archives.php:242
filterposts_groupbyincludes\event-organiser-archives.php:243
actionpre_get_postsincludes\event-organiser-archives.php:245
actionpre_get_postsincludes\event-organiser-archives.php:248
filterthe_postsincludes\event-organiser-archives.php:643
actioninitincludes\event-organiser-cpt.php:212
actioninitincludes\event-organiser-cpt.php:314
filterpost_updated_messagesincludes\event-organiser-cpt.php:358
filtermap_meta_capincludes\event-organiser-cpt.php:411
actionwp_update_nav_menu_itemincludes\event-organiser-cpt.php:429
filterwp_nav_menu_objectsincludes\event-organiser-cpt.php:478
filterwp_list_pagesincludes\event-organiser-cpt.php:507
actionadmin_headincludes\event-organiser-cpt.php:611
actionadmin_menuincludes\event-organiser-cpt.php:632
actioncreated_event-categoryincludes\event-organiser-cpt.php:651
actionedited_event-categoryincludes\event-organiser-cpt.php:652
actiondelete_event-categoryincludes\event-organiser-cpt.php:666
actionevent-category_add_form_fieldsincludes\event-organiser-cpt.php:684
actionevent-category_edit_form_fieldsincludes\event-organiser-cpt.php:705
filtermanage_edit-event-category_columnsincludes\event-organiser-cpt.php:744
filtermanage_event-category_custom_columnincludes\event-organiser-cpt.php:760
actionadmin_print_styles-term.phpincludes\event-organiser-cpt.php:774
actionadmin_print_styles-edit-tags.phpincludes\event-organiser-cpt.php:777
filterget_event-categoryincludes\event-organiser-cpt.php:794
filterget_termsincludes\event-organiser-cpt.php:817
filterget_the_termsincludes\event-organiser-cpt.php:818
actionplugins_loadedincludes\event-organiser-cpt.php:870
actionswitch_blogincludes\event-organiser-cpt.php:871
filterget_termsincludes\event-organiser-cpt.php:918
filterterms_clausesincludes\event-organiser-cpt.php:953
filterget_edit_term_linkincludes\event-organiser-cpt.php:982
actionthreewp_activity_monitor_new_activityincludes\event-organiser-cpt.php:1121
filterpre_get_shortlinkincludes\event-organiser-cpt.php:1141
actionadmin_bar_menuincludes\event-organiser-cpt.php:1178
actionsplit_shared_termincludes\event-organiser-cpt.php:1213
actionadmin_noticesincludes\event-organiser-install.php:263
actionadmin_initincludes\event-organiser-install.php:267
actioninitincludes\event-organiser-register.php:125
actionadmin_initincludes\event-organiser-register.php:204
actionwp_headincludes\event-organiser-register.php:223
actionadmin_initincludes\event-organiser-register.php:238
actionload-settings_page_event-settingsincludes\event-organiser-register.php:239
actioninitincludes\event-organiser-register.php:251
actionadmin_enqueue_scriptsincludes\event-organiser-register.php:323
actionadmin_noticesincludes\event-organiser-register.php:413
filterplugin_action_linksincludes\event-organiser-register.php:434
actioneventorganiser_delete_expiredincludes\event-organiser-register.php:520
actionadmin_print_stylesincludes\event-organiser-register.php:535
actionadmin_noticesincludes\event-organiser-register.php:639
actiontransition_post_statusincludes\event-organiser-register.php:651
actionadmin_footerincludes\event-organiser-utility-functions.php:1399
actiondp_duplicate_postincludes\event.php:282
actiondelete_postincludes\event.php:331

Scheduled Events 1

eventorganiser_delete_expired
Maintenance & Trust

Event Organiser Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedOct 10, 2024
PHP min version
Downloads1.8M

Community Trust

Rating92/100
Number of ratings139
Active installs20K
Alternatives

Event Organiser Alternatives

Timetable and Event Schedule by MotoPress

Timetable and Event Schedule by MotoPress

mp-timetable

A
89

Smart event organizer and time-management tool with a clean minimalist design for featuring your timetables and upcoming events.

30K 8 CVEs
The Events Calendar Shortcode & Block

The Events Calendar Shortcode & Block

the-events-calendar-shortcode

A
98

Add shortcode, block, Elementor and Bricks functionality to The Events Calendar Plugin, so you can easily list and promote your events anywhere.

20K 2 CVEs
Events Widgets For Elementor And The Events Calendar

Events Widgets For Elementor And The Events Calendar

events-widgets-for-elementor-and-the-events-calendar

A
99

The Events Calendar Elementor widgets help you manage and display an upcoming events list with date, time, venue and event ticket booking details.

10K 1 CVE
Events Shortcodes For The Events Calendar

Events Shortcodes For The Events Calendar

template-events-calendar

A
99

Add The Events Calendar shortcode or Gutenberg block to show upcoming events list with event details on any WordPress page using smart event filters.

10K 1 CVE
WP FullCalendar

WP FullCalendar

wp-fullcalendar

D
44

Uses the FullCalendar library to create a stunning calendar view of events, posts and other custom post types

9K 2 unpatched
Developer Profile

Event Organiser Developer Profile

Stephen Harris

7 plugins · 23K total installs

82
trust score
Avg Security Score
83/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Event Organiser

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/event-organiser/css/admin-colours.css/wp-content/plugins/event-organiser/css/admin-colours.css/wp-content/plugins/event-organiser/css/admin-notices.css/wp-content/plugins/event-organiser/css/admin-notices.css/wp-content/plugins/event-organiser/css/eo-admin-calendar.css/wp-content/plugins/event-organiser/css/eo-admin-calendar.css/wp-content/plugins/event-organiser/css/eo-admin-styles.css/wp-content/plugins/event-organiser/css/eo-admin-styles.css+116 more

HTML / DOM Fingerprints

CSS Classes
eo-admin-noticeeo-event-metaeo-event-scheduleeo-event-schedule-dateeo-event-schedule-timeeo-event-venueeo-event-venue-detailseo-event-venue-location+92 more
HTML Comments
Copyright 2011 Stephen Harris (contact@stephenharris.info) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or+39 more
Data Attributes
data-eo-datedata-eo-location-latdata-eo-location-lngdata-eo-map-providerdata-eo-venue-iddata-event-id+15 more
JS Globals
eventorganiser_admin_optionseventorganiser_ajax_objecteventorganiser_venues_listeo_admin_calendar_varseo_admin_notices_varseo_admin_vars+5 more
Shortcode Output
[eo_events[eo_calendar[eo_venues
FAQ

Frequently Asked Questions about Event Organiser