Does Events Calendar for GeoDirectory have any unpatched vulnerabilities?

No. All known vulnerabilities in Events Calendar for GeoDirectory have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Events Calendar for GeoDirectory compatible with WordPress 6.9.4?

According to WordPress.org data, Events Calendar for GeoDirectory 2.3.26 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Events Calendar for GeoDirectory compatible with PHP 7.2+?

Events Calendar for GeoDirectory requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Events Calendar for GeoDirectory updated?

Events Calendar for GeoDirectory was last updated on Mar 11, 2026. Frequent updates are generally a positive security signal.

What is Events Calendar for GeoDirectory's security score?

Events Calendar for GeoDirectory has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Events Calendar for GeoDirectory Security & Risk Analysis

wordpress.org/plugins/events-for-geodirectory

Events Calendar add-on for GeoDirectory allows to extend your GeoDirectory powered website with a versatile event manager.

3K active installs v2.3.26 PHP 7.2+ WP 5.0+ Updated Mar 11, 2026

calendareventeventsorganizerschedule

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 23, 2025

Plugin page Download

Safety Verdict

Is Events Calendar for GeoDirectory Safe to Use in 2026?

Generally Safe

Score 98/100

Events Calendar for GeoDirectory has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 23, 2025Updated 23d ago

Risk Assessment

The "events-for-geodirectory" plugin, version 2.3.26, exhibits a mixed security posture. While it demonstrates good practices such as a relatively low attack surface with no reported AJAX handlers, REST API routes, or shortcodes without authentication or permission checks, and a reasonable percentage of SQL queries using prepared statements, there are significant areas of concern. The presence of dangerous functions like `unserialize` and a notable number of unsanitized path flows in the taint analysis are particularly worrying. The history of a past high-severity vulnerability related to deserialization further amplifies these concerns, suggesting a recurring weakness in handling untrusted data. The absence of any currently unpatched CVEs is a positive sign, but the historical pattern and the static analysis findings indicate that users should remain vigilant regarding potential deserialization vulnerabilities.

Key Concerns

Dangerous function: unserialize present
Taint analysis: unsanitized paths found
Taint analysis: High severity flow
Output escaping: 35% not properly escaped
Vulnerability history: High severity CVE

Vulnerabilities

Events Calendar for GeoDirectory Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-26967high · 8.8Deserialization of Untrusted Data

Events Calendar for GeoDirectory <= 2.3.14 - Authenticated (Contributor+) PHP Object Injection

Feb 23, 2025 Patched in 2.3.15 (9d)

Code Analysis

Analyzed Mar 16, 2026

Events Calendar for GeoDirectory Code Analysis

Dangerous Functions

Raw SQL Queries

35 prepared

Unescaped Output

180

338 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = unserialize( $event_data, array( 'allowed_classes' => false ) );includes\class-geodir-event-schedules.php:43

unserializereturn @unserialize( trim( $data ), array( 'allowed_classes' => $allowed_classes ) );includes\core-functions.php:767

unserializereturn @unserialize( trim( $data ) );includes\core-functions.php:769

SQL Query Safety

56% prepared62 total queries

Output Escaping

65% escaped518 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

8 flows6 with unsanitized paths

display_calendar (includes\class-geodir-event-calendar.php:29)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Events Calendar for GeoDirectory Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 136

actiongeodirectory_loadedevents-for-geodirectory.php:100

actionadmin_enqueue_scriptsincludes\admin\class-geodir-event-admin-assets.php:26

actionadmin_enqueue_scriptsincludes\admin\class-geodir-event-admin-assets.php:27

filtergeodir_extra_custom_fieldsincludes\admin\class-geodir-event-admin-dummy-data.php:60

filtergeodir_extra_custom_fieldsincludes\admin\class-geodir-event-admin-dummy-data.php:70

filtergeodir_export_postsincludes\admin\class-geodir-event-admin-import-export.php:25

filtergeodir_import_validate_postincludes\admin\class-geodir-event-admin-import-export.php:26

actioninitincludes\admin\class-geodir-event-admin-install.php:37

actioninitincludes\admin\class-geodir-event-admin-install.php:38

actionadmin_initincludes\admin\class-geodir-event-admin-install.php:39

filterplugin_row_metaincludes\admin\class-geodir-event-admin-install.php:40

filterwpmu_drop_tablesincludes\admin\class-geodir-event-admin-install.php:41

actioninitincludes\admin\class-geodir-event-admin.php:27

actionadmin_initincludes\admin\class-geodir-event-admin.php:28

actiongeodir_clear_version_numbersincludes\admin\class-geodir-event-admin.php:29

filtergeodir_get_settings_pagesincludes\admin\class-geodir-event-admin.php:30

filtergeodir_seo_optionsincludes\admin\class-geodir-event-admin.php:31

filtergeodir_cat_schemasincludes\admin\class-geodir-event-admin.php:32

filtergeodir_add_custom_sort_optionsincludes\admin\class-geodir-event-admin.php:33

filtergeodir_uninstall_optionsincludes\admin\class-geodir-event-admin.php:34

actiongeodir_pricing_package_settingsincludes\admin\class-geodir-event-admin.php:35

actiongeodir_pricing_process_data_for_saveincludes\admin\class-geodir-event-admin.php:36

filtergeodir_debug_toolsincludes\admin\class-geodir-event-admin.php:37

filtergeodir_dummy_data_typesincludes\admin\class-geodir-event-admin.php:40

actiongeodir_dummy_data_include_fileincludes\admin\class-geodir-event-admin.php:41

filtergeodir_db_cpt_default_columnsincludes\admin\class-geodir-event-admin.php:44

filtergeodir_cf_show_conditional_fields_settingincludes\admin\class-geodir-event-admin.php:47

filtergeodir_conditional_fields_optionsincludes\admin\class-geodir-event-admin.php:48

filtergeodir_settings_tabs_arrayincludes\admin\settings\class-geodir-event-settings-events.php:29

filtergeodir_rest_post_custom_fields_schemaincludes\class-geodir-event-api.php:46

filtergeodir_rest_get_post_dataincludes\class-geodir-event-api.php:47

filtergeodir_default_custom_fieldsincludes\class-geodir-event-fields.php:30

filtergeodir_custom_fields_predefinedincludes\class-geodir-event-fields.php:31

filtergeodir_cfa_is_active_eventincludes\class-geodir-event-fields.php:34

filtergeodir_cfa_for_admin_use_eventincludes\class-geodir-event-fields.php:35

filtergeodir_cfa_is_required_eventincludes\class-geodir-event-fields.php:36

filtergeodir_cfa_can_delete_fieldincludes\class-geodir-event-fields.php:37

filtergeodir_before_custom_form_field_recurringincludes\class-geodir-event-fields.php:40

filtergeodir_before_custom_form_field_event_datesincludes\class-geodir-event-fields.php:41

filtergeodir_custom_field_value_eventincludes\class-geodir-event-fields.php:44

filtergeodir_save_post_dataincludes\class-geodir-event-fields.php:47

filtergeodir_get_posts_default_sort_byincludes\class-geodir-event-fields.php:50

filtergeodir_get_cf_valueincludes\class-geodir-event-fields.php:53

filtergeodir_custom_field_output_eventincludes\class-geodir-event-fields.php:56

filtergeodir_custom_field_output_event_var_event_datesincludes\class-geodir-event-fields.php:57

filtergeodir_custom_field_output_event_loc_listingincludes\class-geodir-event-fields.php:58

filtergeodir_search_fields_setting_allow_var_event_datesincludes\class-geodir-event-fields.php:61

filtergeodir_advance_search_field_in_main_search_barincludes\class-geodir-event-fields.php:62

filtergeodir_search_cpt_search_setting_fieldincludes\class-geodir-event-fields.php:63

filtergeodir_search_output_to_main_eventincludes\class-geodir-event-fields.php:64

filtergeodir_search_filter_field_output_eventincludes\class-geodir-event-fields.php:65

actiongeodir_before_search_formincludes\class-geodir-event-fields.php:66

actiongeodir_post_meta_standard_fieldsincludes\class-geodir-event-fields.php:69

filtergeodir_badge_conditionsincludes\class-geodir-event-fields.php:78

filtergeodir_post_badge_check_match_foundincludes\class-geodir-event-fields.php:79

filtergeodir_dynamic_content_check_match_foundincludes\class-geodir-event-fields.php:80

filtergeodir_elementor_tag_text_fieldsincludes\class-geodir-event-fields.php:83

filtergeodir_elementor_tag_text_render_valueincludes\class-geodir-event-fields.php:84

actionplugins_loadedincludes\class-geodir-event-manager.php:68

actionadmin_noticesincludes\class-geodir-event-manager.php:71

actioninitincludes\class-geodir-event-manager.php:191

actionwp_enqueue_scriptsincludes\class-geodir-event-manager.php:194

actionwp_enqueue_scriptsincludes\class-geodir-event-manager.php:195

filtergeodir_category_term_linkincludes\class-geodir-event-manager.php:196

actionwp_enqueue_scriptsincludes\class-geodir-event-manager.php:200

actionadmin_enqueue_scriptsincludes\class-geodir-event-manager.php:201

actiongeodir_event_schedule_handle_past_eventsincludes\class-geodir-event-manager.php:204

actiongeodir_extra_loop_actionsincludes\class-geodir-event-manager.php:205

filtergeodir_seo_variablesincludes\class-geodir-event-manager.php:206

filtergeodir_wpseo_replacements_varsincludes\class-geodir-event-manager.php:207

filtergeodir_replace_seo_varsincludes\class-geodir-event-manager.php:208

filtergeodir_filter_title_variables_varsincludes\class-geodir-event-manager.php:209

filtergeodir_search_filter_searched_paramsincludes\class-geodir-event-manager.php:210

filtergeodir_get_widgetsincludes\class-geodir-event-manager.php:211

filtergeodir_details_schemaincludes\class-geodir-event-manager.php:212

filtergeodir_bestof_widget_view_all_linkincludes\class-geodir-event-manager.php:213

filterthe_titleincludes\class-geodir-event-manager.php:214

filterthe_permalinkincludes\class-geodir-event-manager.php:215

actionwp_super_duper_widget_initincludes\class-geodir-event-manager.php:216

filterwp_super_duper_argumentsincludes\class-geodir-event-manager.php:217

actionrss_itemincludes\class-geodir-event-manager.php:218

actionrss2_itemincludes\class-geodir-event-manager.php:219

actioninitincludes\class-geodir-event-post-type.php:27

actioninitincludes\class-geodir-event-post-type.php:28

filterrest_api_allowed_post_typesincludes\class-geodir-event-post-type.php:29

filtergeodir_get_settings_cptincludes\class-geodir-event-post-type.php:32

filtergeodir_save_post_typeincludes\class-geodir-event-post-type.php:35

actiongeodir_post_type_savedincludes\class-geodir-event-post-type.php:38

actiongeodir_event_pt_events_supports_enabledincludes\class-geodir-event-post-type.php:41

actiongeodir_event_pt_events_supports_disabledincludes\class-geodir-event-post-type.php:44

filtergeodir_post_type_supportsincludes\class-geodir-event-post-type.php:46

actioninitincludes\class-geodir-event-post-type.php:212

actioninitincludes\class-geodir-event-post-type.php:215

filtergeodir_posts_fieldsincludes\class-geodir-event-query.php:28

filtergeodir_posts_joinincludes\class-geodir-event-query.php:29

filtergeodir_posts_whereincludes\class-geodir-event-query.php:30

filtergeodir_posts_order_by_sortincludes\class-geodir-event-query.php:31

filtergeodir_posts_groupbyincludes\class-geodir-event-query.php:32

actionpre_get_postsincludes\class-geodir-event-query.php:35

actionpre_get_postsincludes\class-geodir-event-query.php:37

filtergeodir_filter_widget_listings_count_fieldsincludes\class-geodir-event-query.php:39

filtergeodir_filter_widget_listings_fieldsincludes\class-geodir-event-query.php:40

filtergeodir_filter_widget_listings_joinincludes\class-geodir-event-query.php:41

filtergeodir_filter_widget_listings_whereincludes\class-geodir-event-query.php:42

filtergeodir_filter_widget_listings_groupbyincludes\class-geodir-event-query.php:43

filtergeodir_filter_widget_listings_orderbyincludes\class-geodir-event-query.php:44

filtergeodir_custom_key_orderbyincludes\class-geodir-event-query.php:45

filtergeodir_advanced_search_autocomplete_script_posts_requestincludes\class-geodir-event-query.php:46

filtergeodir_rest_markers_query_joinincludes\class-geodir-event-query.php:49

filtergeodir_rest_markers_query_whereincludes\class-geodir-event-query.php:50

filtergeodir_rest_markers_query_group_byincludes\class-geodir-event-query.php:51

actionthe_postincludes\class-geodir-event-query.php:54

filterget_termsincludes\class-geodir-event-query.php:57

filterseopress_sitemaps_index_post_types_queryincludes\class-geodir-event-query.php:60

filterseopress_sitemaps_single_queryincludes\class-geodir-event-query.php:61

filterposts_clauses_requestincludes\class-geodir-event-query.php:62

filterposts_fieldsincludes\class-geodir-event-query.php:67

filterposts_joinincludes\class-geodir-event-query.php:68

filterposts_whereincludes\class-geodir-event-query.php:69

filterposts_groupbyincludes\class-geodir-event-query.php:70

filterposts_orderbyincludes\class-geodir-event-query.php:71

filtergeodir_rest_posts_clauses_fieldsincludes\class-geodir-event-query.php:91

filtergeodir_rest_posts_clauses_joinincludes\class-geodir-event-query.php:92

filtergeodir_rest_posts_clauses_whereincludes\class-geodir-event-query.php:93

filtergeodir_rest_posts_clauses_groupbyincludes\class-geodir-event-query.php:94

filtergeodir_rest_posts_clauses_orderbyincludes\class-geodir-event-query.php:95

actiondelete_postincludes\class-geodir-event-schedules.php:30

filtergeodir_location_count_reviews_by_term_sqlincludes\class-geodir-event-schedules.php:31

filterseopress_sitemaps_single_urlincludes\class-geodir-event-schedules.php:32

filtergeodir_elementor_tag_url_render_valueincludes\class-geodir-event-schedules.php:33

filterwp_super_duper_argumentsincludes\class-geodir-event-widgets.php:20

filtergeodir_widget_listings_query_argsincludes\class-geodir-event-widgets.php:21

actiontgmpa_registerincludes\tgm-register-plugin.php:36

actionwp_footerincludes\widgets\class-geodir-event-widget-calendar.php:166

actionplugins_loadedupgrade.php:22

actioninitupgrade.php:26

Scheduled Events 2

geodir_event_schedule_handle_past_events

geodir_flush_rewrite_rules

Maintenance & Trust

Events Calendar for GeoDirectory Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 11, 2026

PHP min version7.2

Downloads105K

Community Trust

Rating100/100

Number of ratings2

Active installs3K

Alternatives

Events Calendar for GeoDirectory Alternatives

The Events Calendar

the-events-calendar

The Events Calendar: #1 calendar plugin for WordPress. Create/manage events (virtual too!) on your site with the free plugin.

700K 25 CVEs

Events Calendar Plus

events-calendar-plus

100

Display a beautiful events calendar with customizable views, coloring, filtering, date formats, images, and optimized for mobile on your own website.

50 No CVEs

Pretty Grid – WordPress Images Gallery, Slider, and Carousel Plugin

pretty-grid

100

Pretty Grid is a flexible plugin that make you display social media content in WordPress.

20 No CVEs

Crowdcue

crowdcue

Crowdcue is the unofficial OccasionGenius WordPress plugin allows you to easily output a beautiful and simple events page without any coding using the …

0 No CVEs

Events: Calendar, Boxes, and List

fsdpe-events

100

A simple and powerful events manager plugin with multiple views: calendar, boxes, and list.

0 No CVEs

Developer Profile

Events Calendar for GeoDirectory Developer Profile

Stiofan

12 plugins · 90K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

191 days

View full developer profile

Detection Fingerprints

How We Detect Events Calendar for GeoDirectory

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/events-for-geodirectory/assets/css/admin.css/wp-content/plugins/events-for-geodirectory/assets/yui/calendar.css/wp-content/plugins/events-for-geodirectory/assets/js/widget.js/wp-content/plugins/events-for-geodirectory/assets/js/widget.min.js/wp-content/plugins/events-for-geodirectory/assets/js/admin.js/wp-content/plugins/events-for-geodirectory/assets/js/admin.min.js/wp-content/plugins/events-for-geodirectory/assets/js/common.js/wp-content/plugins/events-for-geodirectory/assets/js/common.min.js+1 more

Script Paths

/wp-content/plugins/events-for-geodirectory/assets/yui/calendar.min.js/wp-content/plugins/events-for-geodirectory/assets/js/common.min.js/wp-content/plugins/events-for-geodirectory/assets/js/admin.min.js/wp-content/plugins/events-for-geodirectory/assets/js/widget.min.js

Version Parameters

events-for-geodirectory/assets/css/admin.css?ver=events-for-geodirectory/assets/yui/calendar.css?ver=events-for-geodirectory/assets/js/widget.js?ver=events-for-geodirectory/assets/js/admin.js?ver=events-for-geodirectory/assets/js/common.js?ver=events-for-geodirectory/assets/yui/calendar.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

geodir_event_manager

JS Globals

geodir_event_paramscal_transgeodir_event_admin_params

FAQ