Event Scheduler Security & Risk Analysis

wordpress.org/plugins/event-scheduler

Event scheduler can be used for planning of recurring events.

10 active installs v1.0.4 PHP + WP + Updated Aug 23, 2021
eventplanerplannerschedulersport
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Event Scheduler Safe to Use in 2026?

Generally Safe

Score 85/100

Event Scheduler has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The 'event-scheduler' v1.0.4 plugin exhibits a generally strong security posture based on the static analysis. The absence of known CVEs and critical taint flows is a significant positive indicator. The plugin also demonstrates good practices by utilizing prepared statements for all SQL queries and implementing capability checks for its entry points. However, a notable weakness lies in the output escaping, with only 33% of outputs being properly escaped. This could potentially lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not adequately sanitized before being rendered in the frontend or backend. Furthermore, the lack of nonce checks on the identified entry points is a concern, as it could make the plugin susceptible to Cross-Site Request Forgery (CSRF) attacks. While the attack surface is relatively small, the absence of these critical security mechanisms on the available entry points warrants attention.

Key Concerns

  • Low percentage of properly escaped output
  • No nonce checks on entry points
Vulnerabilities
None known

Event Scheduler Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Event Scheduler Release Timeline

v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

Event Scheduler Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
27 prepared
Unescaped Output
81
40 escaped
Nonce Checks
0
Capability Checks
4
File Operations
4
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared27 total queries

Output Escaping

33% escaped121 total outputs
Attack Surface

Event Scheduler Attack Surface

Entry Points4
Unprotected0

Shortcodes 4

[event_scheduler_event_list] public/class-event-scheduler-public.php:137
[event_scheduler_holiday] public/class-event-scheduler-public.php:138
[event_scheduler_member_list] public/class-event-scheduler-public.php:139
[event_scheduler_event_statistics] public/class-event-scheduler-public.php:140
WordPress Hooks 9
actionplugins_loadedincludes/class-event-scheduler.php:142
actionadmin_enqueue_scriptsincludes/class-event-scheduler.php:157
actionadmin_enqueue_scriptsincludes/class-event-scheduler.php:158
actionadmin_menuincludes/class-event-scheduler.php:161
actionadmin_initincludes/class-event-scheduler.php:168
actionwp_enqueue_scriptsincludes/class-event-scheduler.php:183
actionwp_enqueue_scriptsincludes/class-event-scheduler.php:184
actioninitincludes/class-event-scheduler.php:185
actionevent_scheduler_mail_notificationpublic/class-event-scheduler-public.php:82
Maintenance & Trust

Event Scheduler Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedAug 23, 2021
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Event Scheduler Developer Profile

Thomas Poisl

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Event Scheduler

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/event-scheduler/admin/css/event-scheduler-admin.css/wp-content/plugins/event-scheduler/admin/js/event-scheduler-admin.js
Script Paths
/wp-content/plugins/event-scheduler/admin/js/event-scheduler-admin.js
Version Parameters
event-scheduler-admin.css?ver=event-scheduler-admin.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Event Scheduler