WP-Safety

Eventissimo Security & Risk Analysis

wordpress.org/plugins/eventissimo

Create and organize events into your site. Your events also automatically created on Facebook. Import your Facebook Events.

10 active installs v1.4.3 PHP + WP 3.8+ Updated Jun 23, 2014
calendareventeventsfacebookshortcode
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Eventissimo Safe to Use in 2026?

Generally Safe

Score 85/100

Eventissimo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The Eventissimo plugin v1.4.3 exhibits a concerning security posture primarily due to a significant number of unprotected entry points. While the plugin has no recorded vulnerability history, which is a positive sign, the static analysis reveals several critical areas for improvement. The presence of two AJAX handlers without authentication checks represents a direct pathway for potential unauthorized actions if exploited. Furthermore, the taint analysis indicating three flows with unsanitized paths, though not flagged as critical or high severity, suggests a potential for unexpected behavior or data manipulation if user-supplied data is not properly validated and sanitized. The limited output escaping (23% properly escaped) also raises concerns about Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts through user-generated content or plugin output. While the plugin avoids dangerous functions like `unserialize` in vulnerable ways and utilizes prepared statements for SQL queries, these strengths are overshadowed by the identified weaknesses. The lack of known CVEs is beneficial, but it does not negate the inherent risks posed by the current codebase. Overall, Eventissimo v1.4.3 requires immediate attention to address its insecure entry points and potential data sanitization issues to mitigate significant security risks.

Key Concerns

  • 2 AJAX handlers without auth checks
  • 3 flows with unsanitized paths
  • Only 23% of outputs properly escaped
  • Use of 'unserialize' function
Vulnerabilities
None known

Eventissimo Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Eventissimo Code Analysis

Dangerous Functions
8
Raw SQL Queries
1
1 prepared
Unescaped Output
127
38 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$dayRepeatDate = !is_array(get_post_meta( $post_id , 'dayRepeatSelect' , true )) ? unserialize(get_peventissimo.php:259
unserialize$dayRepeatMon = !is_array(get_post_meta( $post_id , 'dayRepeatMount' , true )) ? unserialize(get_poseventissimo.php:260
unserializeeventissimo_first_date_repeat($dataInizio,$dataFine,unserialize($alldate));eventissimo.php:265
unserialize$data_repeat = unserialize($dayRepeatSelect);function.php:219
unserialize$dayRepeatSelect = isset( $values['dayRepeatSelect'] ) ? unserialize($values['dayRepeatSelect'][0]) meta_post\data_events.php:48
unserialize$dayRepeatSelect = unserialize($dayRepeatSelect);meta_post\data_events.php:51
unserialize$dayRepeatMount = isset( $values['dayRepeatMount'] ) ? unserialize ( $values['dayRepeatMount'][0]) :meta_post\data_events.php:60
unserialize$dayRepeatMount = unserialize($dayRepeatMount);meta_post\data_events.php:62

SQL Query Safety

50% prepared2 total queries

Output Escaping

23% escaped165 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
eventissimo_frontend_calendar (frontend.php:7)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Eventissimo Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_eventissimo_calendarcall_function\calendar.php:42
authwp_ajax_eventissimo_listEvent_ajaxcall_function\listEvents.php:61

Shortcodes 1

[eventissimo] function\shortcode.php:15
WordPress Hooks 32
actioninitendpoint.php:10
filtergenerate_rewrite_rulesendpoint.php:11
actiontemplate_redirectendpoint.php:12
actioninitendpoint.php:14
filtergenerate_rewrite_rulesendpoint.php:21
actionadmin_initeventissimo.php:63
actioniniteventissimo.php:138
actioniniteventissimo.php:192
actionadmin_initeventissimo.php:225
actionadmin_menueventissimo.php:227
filtermanage_events_posts_columnseventissimo.php:231
actionmanage_events_posts_custom_columneventissimo.php:232
filtermanage_edit-events_sortable_columnseventissimo.php:233
actioniniteventissimo.php:320
actionwp_headeventissimo.php:432
actionadmin_headeventissimo.php:433
actionbefore_delete_posteventissimo.php:690
actioniniteventissimo.php:695
filterimage_size_names_chooseeventissimo.php:701
actionadmin_action_eventissimo_duplicate_post_as_draftfunction\duplicatePost.php:94
filterpost_row_actionsfunction\duplicatePost.php:108
actionwidgets_initfunction\widget.php:157
actionwidgets_initfunction\widget.php:301
actionadd_meta_boxesmeta_post\data_events.php:21
actionsave_postmeta_post\data_events.php:402
actionadd_meta_boxesmeta_post\facebook_events.php:21
actionsave_postmeta_post\facebook_events.php:136
actiontransition_post_statusmeta_post\facebook_events.php:245
actionadd_meta_boxesmeta_post\images_events.php:32
actionsave_postmeta_post\images_events.php:198
actionadd_meta_boxesmeta_post\location_events.php:21
actionsave_postmeta_post\location_events.php:104
Maintenance & Trust

Eventissimo Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2
Last updatedJun 23, 2014
PHP min version
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Eventissimo Alternatives

The Events Calendar Shortcode & Block

The Events Calendar Shortcode & Block

the-events-calendar-shortcode

A
98

Add shortcode, block, Elementor and Bricks functionality to The Events Calendar Plugin, so you can easily list and promote your events anywhere.

20K 2 CVEs
Events Shortcodes For The Events Calendar

Events Shortcodes For The Events Calendar

template-events-calendar

A
99

Add The Events Calendar shortcode or Gutenberg block to show upcoming events list with event details on any WordPress page using smart event filters.

10K 1 CVE
Import Social Events

Import Social Events

import-facebook-events

A
99

Import Facebook events into your WordPress website and/or Event Calendar. Nice Display with shortcode & Event widget.

3K 1 CVE
Add infos to The Events Calendar

Add infos to The Events Calendar

add-infos-to-the-events-calendar

A
99

“Add infos to The Events Calendar” provides a shortcode block to single events for The Events Calendar Free Plugin (by MODERN TRIBE)

100 1 CVE
CG Events

CG Events

cg-events

A
100

A simple plugin to display custom events using shortcodes.

0 No CVEs
Developer Profile

Eventissimo Developer Profile

digitalissimo

3 plugins · 30 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Eventissimo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/eventissimo/css/style.css/wp-content/plugins/eventissimo/css/frontend.css/wp-content/plugins/eventissimo/js/frontend.js
Script Paths
/wp-content/plugins/eventissimo/js/frontend.js
Version Parameters
eventissimo/css/style.css?ver=eventissimo/css/frontend.css?ver=eventissimo/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
eventissimo_galleryeventissimo-widget-titleeventissimo_single_event_titleeventissimo_single_event_descriptioneventissimo_single_event_date
Shortcode Output
[eventissimo_gallery[eventissimo_list_events[eventissimo_calendar
FAQ

Frequently Asked Questions about Eventissimo