Events Slider, Events Carousel, Events Grid and Events Filter Bar for The Events Calendar – Eventful Security & Risk Analysis

Display events in sliders, carousels and grids with a filter bar. Eventful is a flexible addon for The Events Calendar with shortcode & block support.

200 active installs v2.1.18 PHP 7.2+ WP 5.0+ Updated Mar 13, 2026

event-calendareventsevents-gridthe-events-calendar

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Events Slider, Events Carousel, Events Grid and Events Filter Bar for The Events Calendar – Eventful Safe to Use in 2026?

Generally Safe

Score 100/100

Events Slider, Events Carousel, Events Grid and Events Filter Bar for The Events Calendar – Eventful has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 21d ago

Risk Assessment

The 'eventful' plugin version 2.1.18 exhibits a generally good security posture with several strengths, including 100% of SQL queries using prepared statements, a high percentage of properly escaped output, and a significant number of nonce and capability checks. The absence of known CVEs and vulnerabilities in its history is also a positive indicator.

However, there are notable concerns that introduce risk. The presence of two AJAX handlers without authentication checks creates a significant attack surface. Additionally, the use of the `unserialize` function, even if it's not currently flagged by taint analysis, is inherently risky as it can lead to deserialization vulnerabilities if the input is not strictly controlled and validated. The single unsanitized path identified in the taint analysis, though not classified as critical or high, warrants attention as it could potentially be exploited.

Overall, while the plugin demonstrates good security practices in many areas, the unprotected AJAX endpoints and the use of `unserialize` represent the most immediate threats. The lack of historical vulnerabilities is reassuring but does not entirely mitigate the risks identified in the static analysis. Addressing the unprotected entry points and carefully auditing the usage of `unserialize` would significantly improve the plugin's security.

Key Concerns

Unprotected AJAX handlers
Dangerous function (unserialize) used
Taint flow with unsanitized path

Vulnerabilities

None known

Events Slider, Events Carousel, Events Grid and Events Filter Bar for The Events Calendar – Eventful Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Events Slider, Events Carousel, Events Grid and Events Filter Bar for The Events Calendar – Eventful Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

215

1897 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$plugins = unserialize($response['body']);src\Admin\HelpPage\Help.php:177

SQL Query Safety

100% prepared2 total queries

Output Escaping

90% escaped2112 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

9 flows1 with unsanitized paths

eventful_live_search_bar (src\Frontend\Helpers\EventfulLiveFilter.php:392)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Events Slider, Events Carousel, Events Grid and Events Filter Bar for The Events Calendar – Eventful Attack Surface

Entry Points32

Unprotected2

AJAX Handlers 30

authwp_ajax_eventful_get_termssrc\Admin\Framework\functions\actions.php:44

authwp_ajax_eventful-get-iconssrc\Admin\Framework\functions\actions.php:82

authwp_ajax_eventful-exportsrc\Admin\Framework\functions\actions.php:119

authwp_ajax_eventful-importsrc\Admin\Framework\functions\actions.php:155

authwp_ajax_eventful-resetsrc\Admin\Framework\functions\actions.php:182

authwp_ajax_eventful-chosensrc\Admin\Framework\functions\actions.php:221

authwp_ajax_eventful-never-show-review-noticesrc\Admin\Helpers\ReviewNotice.php:29

authwp_ajax_themeatelier_dismiss_offer_bannersrc\Admin\Helpers\ThemeAtelier_Offer_Banner.php:37

authwp_ajax_admin_event_grid_ajaxsrc\Admin\Preview\Preview.php:52

noprivwp_ajax_admin_event_grid_ajaxsrc\Admin\Preview\Preview.php:53

authwp_ajax_admin_event_pagination_barsrc\Admin\Preview\Preview.php:55

noprivwp_ajax_admin_event_pagination_barsrc\Admin\Preview\Preview.php:56

authwp_ajax_admin_event_pagination_bar_mobilesrc\Admin\Preview\Preview.php:58

noprivwp_ajax_admin_event_pagination_bar_mobilesrc\Admin\Preview\Preview.php:59

authwp_ajax_admin_event_ordersrc\Admin\Preview\Preview.php:61

noprivwp_ajax_admin_event_ordersrc\Admin\Preview\Preview.php:62

authwp_ajax_eventful_admin_previewsrc\Admin\Preview\Preview.php:67

authwp_ajax_event_grid_ajaxsrc\Frontend\Frontend.php:60

noprivwp_ajax_event_grid_ajaxsrc\Frontend\Frontend.php:61

authwp_ajax_event_pagination_barsrc\Frontend\Frontend.php:63

noprivwp_ajax_event_pagination_barsrc\Frontend\Frontend.php:64

authwp_ajax_event_pagination_bar_mobilesrc\Frontend\Frontend.php:66

noprivwp_ajax_event_pagination_bar_mobilesrc\Frontend\Frontend.php:67

authwp_ajax_event_ordersrc\Frontend\Frontend.php:69

noprivwp_ajax_event_ordersrc\Frontend\Frontend.php:70

authwp_ajax_eventful_live_filter_resetsrc\Frontend\Helpers\EventfulLiveFilter.php:31

authwp_ajax_eventful_admin_live_filter_resetsrc\Frontend\Helpers\EventfulLiveFilter.php:32

noprivwp_ajax_eventful_live_filter_resetsrc\Frontend\Helpers\EventfulLiveFilter.php:33

authwp_ajax_eventful_export_shortcodessrc\Includes\Eventful.php:305

authwp_ajax_eventful_import_shortcodessrc\Includes\Eventful.php:306

Shortcodes 2

[eventful] src\Admin\Preview\Preview.php:64

[eventful] src\Frontend\Frontend.php:75

WordPress Hooks 53

actionadmin_menusrc\Admin\Admin.php:47

filterinitsrc\Admin\Admin.php:48

actionadmin_enqueue_scriptssrc\Admin\Admin.php:49

actionafter_setup_themesrc\Admin\Admin.php:50

filteradmin_footer_textsrc\Admin\Admin.php:76

filterplugin_row_metasrc\Admin\Admin.php:78

actionplugins_loadedsrc\Admin\DBUpdates.php:36

actionadmin_action_eventful_duplicate_shortcodesrc\Admin\Eventful_Duplicator.php:29

filterpost_row_actionssrc\Admin\Eventful_Duplicator.php:30

actionelementor/preview/enqueue_scriptssrc\Admin\Eventful_Element_Shortcode_Block.php:62

actionelementor/preview/enqueue_stylessrc\Admin\Eventful_Element_Shortcode_Block.php:63

actionelementor/initsrc\Admin\Eventful_Element_Shortcode_Block.php:111

actionelementor/widgets/registersrc\Admin\Eventful_Element_Shortcode_Block.php:129

actionwp_enqueue_scriptssrc\Admin\Framework\Classes\abstract.class.php:28

actionafter_setup_themesrc\Admin\Framework\Classes\Eventful.php:76

actioninitsrc\Admin\Framework\Classes\Eventful.php:77

actionswitch_themesrc\Admin\Framework\Classes\Eventful.php:78

actionadmin_enqueue_scriptssrc\Admin\Framework\Classes\Eventful.php:79

actionwp_enqueue_scriptssrc\Admin\Framework\Classes\Eventful.php:80

actionwp_headsrc\Admin\Framework\Classes\Eventful.php:81

filteradmin_body_classsrc\Admin\Framework\Classes\Eventful.php:82

actioncustomize_registersrc\Admin\Framework\Classes\EventfulCustomizeOptions.php:52

actioncustomize_save_aftersrc\Admin\Framework\Classes\EventfulCustomizeOptions.php:53

actionwp_enqueue_scriptssrc\Admin\Framework\Classes\EventfulCustomizeOptions.php:57

actionadd_meta_boxessrc\Admin\Framework\Classes\EventfulMetabox.php:60

actionsave_postsrc\Admin\Framework\Classes\EventfulMetabox.php:61

actionedit_attachmentsrc\Admin\Framework\Classes\EventfulMetabox.php:62

actionadmin_menusrc\Admin\Framework\Classes\EventfulOptions.php:115

actionadmin_bar_menusrc\Admin\Framework\Classes\EventfulOptions.php:116

actionnetwork_admin_menusrc\Admin\Framework\Classes\EventfulOptions.php:120

filteradmin_footer_textsrc\Admin\Framework\Classes\EventfulOptions.php:463

actionadmin_initsrc\Admin\Framework\Classes\EventfulTaxonomyOptions.php:43

actionadmin_footersrc\Admin\Framework\fields\icon\icon.php:42

actioncustomize_controls_print_footer_scriptssrc\Admin\Framework\fields\icon\icon.php:43

actionadmin_print_footer_scriptssrc\Admin\Framework\fields\link\link.php:65

actionprint_default_editor_scriptssrc\Admin\Framework\fields\wp_editor\wp_editor.php:62

actioninitsrc\Admin\GutenbergBlock\Gutenberg_Block_Init.php:42

actionenqueue_block_editor_assetssrc\Admin\GutenbergBlock\Gutenberg_Block_Init.php:43

actionadmin_noticessrc\Admin\Helpers\ReviewNotice.php:28

actionadmin_noticessrc\Admin\Helpers\ThemeAtelier_Offer_Banner.php:36

actioneventful_recommended_page_menusrc\Admin\HelpPage\Help.php:68

actionadmin_print_scriptssrc\Admin\HelpPage\Help.php:74

actionadmin_enqueue_scriptssrc\Admin\HelpPage\Help.php:75

actionadmin_enqueue_scriptssrc\Frontend\Frontend.php:72

actionwp_loadedsrc\Frontend\Frontend.php:73

actionwp_footersrc\Frontend\Frontend.php:79

filterimage_resize_dimensionssrc\Frontend\Helpers\EventfulImageResizer.php:85

actionadmin_noticessrc\Includes\Eventful.php:111

actionplugins_loadedsrc\Includes\Eventful.php:295

actionactivated_pluginsrc\Includes\Eventful.php:296

actionplugins_loadedsrc\Includes\Eventful.php:297

filtermanage_eventful_posts_columnssrc\Includes\Eventful.php:299

actionmanage_eventful_posts_custom_columnsrc\Includes\Eventful.php:300

Maintenance & Trust

Events Slider, Events Carousel, Events Grid and Events Filter Bar for The Events Calendar – Eventful Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version7.2

Downloads8K

Community Trust

Rating100/100

Number of ratings5

Active installs200

Alternatives

Events Slider, Events Carousel, Events Grid and Events Filter Bar for The Events Calendar – Eventful Alternatives

Events Widgets For Elementor And The Events Calendar

events-widgets-for-elementor-and-the-events-calendar

The Events Calendar Elementor widgets help you manage and display an upcoming events list with date, time, venue and event ticket booking details.

10K 1 CVE

Events Shortcodes For The Events Calendar

template-events-calendar

Add The Events Calendar shortcode or Gutenberg block to show upcoming events list with event details on any WordPress page using smart event filters.

10K 1 CVE

Event Single Page Builder For The Events Calendar

event-page-templates-addon-for-the-events-calendar

100

The Events Calendar addon to create custom single event page templates and replace the default event single page layout with your own branded design.

6K No CVEs

Event Countdown for The Events Calendar

countdown-for-the-events-calendar

Event countdown timer addon for The Events Calendar plugin to display upcoming event countdowns anywhere using a simple shortcode.

3K 2 CVEs

Events Search For The Events Calendar

events-search-addon-for-the-events-calendar

100

Adds an AJAX-based events search bar on any page via shortcode to quickly find any upcoming event created with The Events Calendar plugin.

3K No CVEs

Developer Profile

Events Slider, Events Carousel, Events Grid and Events Filter Bar for The Events Calendar – Eventful Developer Profile

ThemeAtelier

7 plugins · 4K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

6 days

View full developer profile

Detection Fingerprints

How We Detect Events Slider, Events Carousel, Events Grid and Events Filter Bar for The Events Calendar – Eventful

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/eventful/src/Admin/assets/css/review-notice.css/wp-content/plugins/eventful/src/Admin/assets/css/eventful-admin.css/wp-content/plugins/eventful/src/Admin/assets/js/eventful-admin.js

Script Paths

/wp-content/plugins/eventful/src/Admin/assets/js/eventful-admin.js

Version Parameters

eventful-admin.js?ver=eventful-admin.css?ver=review-notice.css?ver=

HTML / DOM Fingerprints

CSS Classes

eventful-admin-wrapeventful-settings-sectioneventful-tools-sectioneventful-builder-wrap

Data Attributes

data-eventful-iddata-eventful-layoutdata-eventful-source

JS Globals

eventful_admin_paramsEventful_Data

Shortcode Output

[eventful_displayeventful_display_template

FAQ