Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets Security & Risk Analysis

wordpress.org/plugins/eventkoi-lite

A modern, unbloated WordPress events calendar plugin. Sell tickets, create an events calendar or list, manage RSVPs and attendees.

100 active installs v1.3.9.4 PHP 8.0+ WP 6.7+ Updated Apr 13, 2026
event-calendarevent-managementevent-registrationevent-ticketsrsvp
99
A · Safe
CVEs total1
Unpatched0
Last CVEJun 17, 2026
Safety Verdict

Is Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets Safe to Use in 2026?

Generally Safe

Score 99/100

Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jun 17, 2026Updated 3mo ago
Risk Assessment

The eventkoi-lite plugin v1.3.0.1 demonstrates a strong security posture based on the provided static analysis. The plugin exhibits excellent adherence to secure coding practices, with a high percentage of SQL queries utilizing prepared statements and output being properly escaped. The absence of dangerous functions, external HTTP requests, and critical or high-severity taint flows further reinforces this positive assessment. Furthermore, the plugin has no recorded vulnerabilities, indicating a proactive approach to security over its history.

Key Concerns

  • File operations detected
  • Nonce checks present but limited
  • Limited number of capability checks
Vulnerabilities
1 published

Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-10029medium · 5.3Missing Authorization

Event Koi Lite <= 1.3.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure via REST API Endpoints

Jun 17, 2026 Patched in 1.3.14.0 (1d)
Version History

Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets Release Timeline

v1.3.9.4Current1 CVE
v1.3.9.31 CVE
v1.3.9.21 CVE
v1.3.9.11 CVE
v1.3.9.01 CVE
v1.3.0.31 CVE
v1.3.0.21 CVE
v1.3.0.11 CVE
v1.3.0.01 CVE
v1.2.1.01 CVE
v1.2.0.21 CVE
v1.2.0.11 CVE
v1.2.0.01 CVE
v1.1.0.11 CVE
v1.1.01 CVE
v1.0.141 CVE
v1.0.131 CVE
v1.0.121 CVE
v1.0.111 CVE
v1.0.101 CVE
Code Analysis
Analyzed Mar 17, 2026

Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
17 prepared
Unescaped Output
11
571 escaped
Nonce Checks
2
Capability Checks
32
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

94% prepared18 total queries

Output Escaping

98% escaped582 total outputs
Attack Surface

Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 1

authwp_ajax_eventkoi_dismiss_noticeincludes\admin\class-notices.php:33

REST API Routes 1

POST/wp-json/eventkoi/v1/shortcode/resolveincludes\api\class-shortcode.php:24

Shortcodes 4

[eventkoi_calendar] includes\core\class-shortcodes.php:25
[eventkoi] includes\core\class-shortcodes.php:26
[eventkoi_rsvp] includes\core\class-shortcodes.php:27
[eventkoi_checkin] includes\core\class-shortcodes.php:28
WordPress Hooks 103
actionin_admin_headerincludes\admin\class-menus.php:30
filteradmin_body_classincludes\admin\class-menus.php:31
actionadmin_menuincludes\admin\class-menus.php:33
filtercustom_menu_orderincludes\admin\class-menus.php:34
actionadmin_menuincludes\admin\class-menus.php:36
actionadmin_menu_editor-menu_replacedincludes\admin\class-menus.php:37
actionadmin_headincludes\admin\class-menus.php:39
filteradmin_footer_textincludes\admin\class-menus.php:105
actionadmin_noticesincludes\admin\class-notices.php:32
actionadmin_initincludes\admin\class-redirects.php:25
actionadmin_enqueue_scriptsincludes\admin\class-scripts.php:32
actionenqueue_block_editor_assetsincludes\admin\class-scripts.php:33
actioninitincludes\api\class-rest.php:40
actionrest_api_initincludes\api\class-rest.php:41
filterrest_pre_serve_requestincludes\api\class-rsvps.php:353
actionplugins_loadedincludes\class-init.php:135
actioninitincludes\core\class-beaver-modules.php:14
actioninitincludes\core\class-bindings.php:25
filterblock_bindings_source_valueincludes\core\class-bindings.php:26
actioninitincludes\core\class-blocks.php:40
actionenqueue_block_editor_assetsincludes\core\class-blocks.php:41
filterrender_block_eventkoi/event-dataincludes\core\class-blocks.php:42
filterpre_render_blockincludes\core\class-blocks.php:43
filterquery_loop_block_query_varsincludes\core\class-blocks.php:44
filterregister_block_type_argsincludes\core\class-blocks.php:45
filterrender_blockincludes\core\class-blocks.php:46
filterrender_blockincludes\core\class-blocks.php:47
filterrender_blockincludes\core\class-blocks.php:48
filterblock_categories_allincludes\core\class-blocks.php:50
filterwp_kses_allowed_htmlincludes\core\class-blocks.php:51
filterrender_block_eventkoi/calendarincludes\core\class-blocks.php:52
filterrender_block_eventkoi/listincludes\core\class-blocks.php:53
filterrender_blockincludes\core\class-blocks.php:54
actionelementor/widgets/registerincludes\core\class-elementor-widgets.php:18
actionelementor/elements/categories_registeredincludes\core\class-elementor-widgets.php:19
actionelementor/editor/before_enqueue_scriptsincludes\core\class-elementor-widgets.php:20
filtereventkoi_get_event_recurrence_rulesincludes\core\class-event.php:295
filterget_the_excerptincludes\core\class-hooks.php:27
filtereventkoi_rsvp_email_templateincludes\core\class-hooks.php:28
filtereventkoi_rsvp_email_subjectincludes\core\class-hooks.php:29
actionwp_mail_failedincludes\core\class-hooks.php:30
filterwp_mail_fromincludes\core\class-hooks.php:31
filterwp_mail_from_nameincludes\core\class-hooks.php:32
actioneventkoi_after_order_createdincludes\core\class-hooks.php:35
actioneventkoi_after_order_updatedincludes\core\class-hooks.php:36
filtereventkoi_prepare_raw_db_dataincludes\core\class-hooks.php:39
actionsave_post_eventincludes\core\class-hooks.php:41
actionbefore_delete_postincludes\core\class-hooks.php:42
actioneventkoi_after_events_deletedincludes\core\class-hooks.php:44
actioneventkoi_after_events_removedincludes\core\class-hooks.php:45
actioneventkoi_after_events_restoredincludes\core\class-hooks.php:46
actioneventkoi_after_events_duplicatedincludes\core\class-hooks.php:47
actionsave_post_eventkoi_eventincludes\core\class-hooks.php:50
actiondeleted_postincludes\core\class-hooks.php:51
actiontrash_postincludes\core\class-hooks.php:52
actiontransition_post_statusincludes\core\class-hooks.php:53
actiontemplate_redirectincludes\core\class-ical.php:25
actioninitincludes\core\class-install.php:38
actioninitincludes\core\class-install.php:39
actioninitincludes\core\class-install.php:40
actioninitincludes\core\class-post-types.php:25
actioninitincludes\core\class-post-types.php:26
actioneventkoi_after_register_post_typeincludes\core\class-post-types.php:27
actioneventkoi_flush_rewrite_rulesincludes\core\class-post-types.php:28
filterget_edit_post_linkincludes\core\class-post-types.php:30
filterget_edit_term_linkincludes\core\class-post-types.php:31
actioninitincludes\core\class-pretty-instance-urls.php:25
actioneventkoi_register_rewritesincludes\core\class-pretty-instance-urls.php:26
filterquery_varsincludes\core\class-pretty-instance-urls.php:27
actionparse_requestincludes\core\class-pretty-instance-urls.php:28
actiontemplate_redirectincludes\core\class-pretty-instance-urls.php:29
filterwp_mail_fromincludes\core\class-rsvps.php:959
filterwp_mail_from_nameincludes\core\class-rsvps.php:966
actionwp_headincludes\core\class-schema.php:25
actionwp_enqueue_scriptsincludes\core\class-scripts.php:24
actioninitincludes\core\class-template.php:31
actionsingle_templateincludes\core\class-template.php:33
actiontaxonomy_templateincludes\core\class-template.php:34
filterpre_get_document_titleincludes\core\class-template.php:36
actionwp_headincludes\core\class-template.php:38
actionwp_headincludes\core\class-template.php:39
actionwp_headincludes\core\class-template.php:40
actiontemplate_redirectincludes\core\class-template.php:42
filtertemplate_includeincludes\core\class-template.php:44
filtertemplate_includeincludes\core\class-template.php:45
filtertemplate_includeincludes\core\class-template.php:46
filtertemplate_includeincludes\core\class-template.php:47
filtersingle_templateincludes\core\class-template.php:48
filtersingular_templateincludes\core\class-template.php:49
filtertemplate_includeincludes\core\class-template.php:50
filtertemplate_includeincludes\core\class-template.php:51
filterfl_builder_render_module_contentincludes\core\class-template.php:52
filterfl_theme_builder_template_includeincludes\core\class-template.php:53
filterdeprecated_file_trigger_errorincludes\core\class-template.php:54
filterrender_blockincludes\core\class-template.php:56
filtereventkoi_get_contentincludes\core\class-template.php:57
actionstellarwp_db_pre_queryvendor-prefixed\stellarwp\db\src\DB\Database\Provider.php:17
actionactivate_blogvendor-prefixed\stellarwp\schema\src\Schema\Full_Activation_Provider.php:102
actionactivate_blogvendor-prefixed\stellarwp\schema\src\Schema\Full_Activation_Provider.php:103
actionswitch_blogvendor-prefixed\stellarwp\schema\src\Schema\Full_Activation_Provider.php:104
actionswitch_blogvendor-prefixed\stellarwp\schema\src\Schema\Full_Activation_Provider.php:105
filterwpmu_drop_tablesvendor-prefixed\stellarwp\schema\src\Schema\Full_Activation_Provider.php:106
actionplugins_loadedvendor-prefixed\stellarwp\schema\src\Schema\Schema.php:117
Maintenance & Trust

Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 13, 2026
PHP min version8.0
Downloads2K

Community Trust

Rating100/100
Number of ratings5
Active installs100
Developer Profile

Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets Developer Profile

EventKoi

1 plugin · 100 total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/eventkoi-lite/assets/css/eventkoi-lite.css/wp-content/plugins/eventkoi-lite/assets/js/eventkoi-lite.js
Script Paths
/wp-content/plugins/eventkoi-lite/assets/js/eventkoi-lite.js
Version Parameters
eventkoi-lite/assets/css/eventkoi-lite.css?ver=eventkoi-lite/assets/js/eventkoi-lite.js?ver=

HTML / DOM Fingerprints

CSS Classes
wp-eventkoieventkoi-admin
Data Attributes
id="eventkoi-admin"
REST Endpoints
eventkoi/v1
FAQ

Frequently Asked Questions about Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets