WP-Safety

Events Maker by dFactory Security & Risk Analysis

wordpress.org/plugins/events-maker

Fully featured event management system including recurring events, locations management, full calendar, iCal feed/files, google maps and more.

1K active installs v1.6.14 PHP + WP 4.0+ Updated Jan 30, 2017
calendareventeventsregistrationrsvp
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEOct 10, 2025
Plugin page Download
Safety Verdict

Is Events Maker by dFactory Safe to Use in 2026?

Use With Caution

Score 63/100

Events Maker by dFactory has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Oct 10, 2025Updated 9yr ago
Risk Assessment

The Events Maker plugin v1.6.14 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by implementing nonces and capability checks for its entry points, and all identified AJAX handlers and REST API routes appear to have authentication checks. There are no direct file operations or external HTTP requests, and no critical or high severity taint flows were identified. However, concerns arise from the moderate rate of improperly escaped output, with 40% of outputs lacking proper sanitization. This could potentially lead to Cross-Site Scripting vulnerabilities if user-supplied data is not handled carefully. The plugin also has a history of known vulnerabilities, with one medium severity Cross-Site Scripting (XSS) CVE from 2025 that remains unpatched, indicating a potential ongoing risk.

While the static analysis reveals some good security implementations, the presence of an unpatched medium severity XSS vulnerability and a significant proportion of unescaped output are notable weaknesses. The plugin's attack surface appears to be relatively well-protected at the entry point level, but the potential for XSS due to insufficient output escaping remains a concern. Users should be aware of the past vulnerability history and the current unpatched CVE, as this suggests a pattern that requires attention. The plugin's overall security is decent due to its auth checks, but the XSS risk and unpatched CVE detract from its robustness.

Key Concerns

  • Unpatched medium severity CVE exists
  • Significant percentage of unescaped output
Vulnerabilities
1

Events Maker by dFactory Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-62941medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Events Maker by dFactory <= 1.6.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 10, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Events Maker by dFactory Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
8 prepared
Unescaped Output
194
292 escaped
Nonce Checks
7
Capability Checks
21
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

67% prepared12 total queries

Output Escaping

60% escaped486 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
duplicate_event (includes\class-listing.php:213)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Events Maker by dFactory Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 3

authwp_ajax_events_maker_feature_eventincludes\class-listing.php:16
noprivwp_ajax_get-events-widget-calendar-monthincludes\class-widgets.php:287
authwp_ajax_get-events-widget-calendar-monthincludes\class-widgets.php:288

Shortcodes 5

[em-events] includes\class-shortcodes.php:22
[em-full-calendar] includes\class-shortcodes.php:23
[em-google-map] includes\class-shortcodes.php:24
[em-locations-list] includes\class-shortcodes.php:25
[em-organizers-list] includes\class-shortcodes.php:26
WordPress Hooks 135
actionplugins_loadedevents-maker.php:161
actionplugins_loadedevents-maker.php:224
actionwp_enqueue_scriptsevents-maker.php:225
actionafter_setup_themeevents-maker.php:226
actionwpevents-maker.php:227
actionwpevents-maker.php:228
filterplugin_row_metaevents-maker.php:232
actionadmin_noticesevents-maker.php:591
actionnetwork_admin_noticesevents-maker.php:594
actionadmin_enqueue_scriptsincludes\class-admin.php:12
actionadmin_noticesincludes\class-admin.php:13
actiondeleted_postincludes\class-admin.php:14
actiontransition_post_statusincludes\class-admin.php:15
actioninitincludes\class-ical.php:13
filterparse_requestincludes\class-ical.php:16
actionmanage_posts_custom_columnincludes\class-listing.php:12
actionrestrict_manage_postsincludes\class-listing.php:13
actionadmin_action_duplicate_eventincludes\class-listing.php:14
actionadmin_print_footer_scriptsincludes\class-listing.php:15
filtermanage_edit-event_sortable_columnsincludes\class-listing.php:19
filterrequestincludes\class-listing.php:20
filtermanage_event_posts_columnsincludes\class-listing.php:21
filterpost_row_actionsincludes\class-listing.php:22
actionplugins_loadedincludes\class-localisation.php:12
actionadd_meta_boxesincludes\class-metaboxes.php:15
actionadmin_enqueue_scriptsincludes\class-metaboxes.php:16
actionafter_setup_themeincludes\class-metaboxes.php:17
actionsave_postincludes\class-metaboxes.php:18
actionpost_submitbox_misc_actionsincludes\class-metaboxes.php:19
actioninitincludes\class-post-types.php:12
actioninitincludes\class-post-types.php:13
actionadmin_footerincludes\class-post-types.php:14
filterpost_updated_messagesincludes\class-post-types.php:17
filterpage_css_classincludes\class-post-types.php:18
filternav_menu_css_classincludes\class-post-types.php:19
actioninitincludes\class-query.php:12
actionpre_get_postsincludes\class-query.php:13
actionpre_get_postsincludes\class-query.php:14
actionpre_get_postsincludes\class-query.php:15
filterquery_varsincludes\class-query.php:18
filterparse_queryincludes\class-query.php:19
filterposts_fieldsincludes\class-query.php:20
filterposts_groupbyincludes\class-query.php:21
filterposts_joinincludes\class-query.php:22
filterposts_whereincludes\class-query.php:23
filterposts_orderbyincludes\class-query.php:24
filterrequestincludes\class-query.php:25
filterrequestincludes\class-query.php:26
actionadmin_menuincludes\class-settings.php:20
actionadmin_initincludes\class-settings.php:21
actionadmin_noticesincludes\class-settings.php:22
actionafter_setup_themeincludes\class-settings.php:23
actionadmin_initincludes\class-settings.php:24
actionsave_postincludes\class-settings.php:25
actioninitincludes\class-shortcodes.php:12
filterthe_contentincludes\class-shortcodes.php:15
actionafter_setup_themeincludes\class-taxonomies.php:14
actionadmin_initincludes\class-taxonomies.php:15
actionevent-category_add_form_fieldsincludes\class-taxonomies.php:16
actionevent-location_add_form_fieldsincludes\class-taxonomies.php:17
actionevent-organizer_add_form_fieldsincludes\class-taxonomies.php:18
actionevent-category_edit_form_fieldsincludes\class-taxonomies.php:19
actionevent-location_edit_form_fieldsincludes\class-taxonomies.php:20
actionevent-organizer_edit_form_fieldsincludes\class-taxonomies.php:21
actionedited_event-categoryincludes\class-taxonomies.php:22
actionedited_event-locationincludes\class-taxonomies.php:23
actionedited_event-organizerincludes\class-taxonomies.php:24
actioncreate_event-categoryincludes\class-taxonomies.php:25
actioncreate_event-locationincludes\class-taxonomies.php:26
actioncreate_event-organizerincludes\class-taxonomies.php:27
filtermanage_edit-event-category_columnsincludes\class-taxonomies.php:30
filtermanage_edit-event-location_columnsincludes\class-taxonomies.php:31
filtermanage_edit-event-organizer_columnsincludes\class-taxonomies.php:32
filtermanage_event-category_custom_columnincludes\class-taxonomies.php:33
filtermanage_event-location_custom_columnincludes\class-taxonomies.php:34
filtermanage_event-organizer_custom_columnincludes\class-taxonomies.php:35
filterpre_term_descriptionincludes\class-taxonomies.php:474
filterterm_descriptionincludes\class-taxonomies.php:475
filterget_termsincludes\class-taxonomies.php:477
actionadmin_head-edit-tags.phpincludes\class-taxonomies.php:483
actionadmin_head-term.phpincludes\class-taxonomies.php:484
filtertemplate_includeincludes\class-templates.php:12
filterpost_classincludes\class-templates.php:13
actioninitincludes\class-update.php:12
actionadmin_menuincludes\class-welcome.php:12
actionadmin_headincludes\class-welcome.php:13
actionadmin_initincludes\class-welcome.php:14
actionwidgets_initincludes\class-widgets.php:16
actionwp_footerincludes\class-widgets.php:338
actioninitincludes\class-wpml.php:16
actionplugins_loadedincludes\class-wpml.php:17
actionwpml_translated_post_type_replace_rewrite_rulesincludes\class-wpml.php:18
filterwpml_translated_post_type_rewrite_slugsincludes\class-wpml.php:21
filterwpml_translated_taxonomy_rewrite_slugsincludes\class-wpml.php:22
actionem_before_main_contentincludes\template-hooks.php:17
actionem_after_main_contentincludes\template-hooks.php:18
actionem_before_main_contentincludes\template-hooks.php:23
actionem_before_events_loopincludes\template-hooks.php:28
actionem_before_events_loopincludes\template-hooks.php:33
actionem_after_events_loopincludes\template-hooks.php:38
actionem_get_sidebarincludes\template-hooks.php:43
actionem_archive_descriptionincludes\template-hooks.php:48
actionem_archive_descriptionincludes\template-hooks.php:49
actionem_archive_descriptionincludes\template-hooks.php:50
actionem_archive_descriptionincludes\template-hooks.php:51
actionem_archive_descriptionincludes\template-hooks.php:52
actionem_archive_descriptionincludes\template-hooks.php:53
actionem_archive_descriptionincludes\template-hooks.php:54
actionem_before_loop_eventincludes\template-hooks.php:59
actionem_loop_event_contentincludes\template-hooks.php:60
actionem_before_loop_event_titleincludes\template-hooks.php:62
actionem_after_loop_event_titleincludes\template-hooks.php:63
actionem_after_loop_event_titleincludes\template-hooks.php:64
actionem_after_loop_event_titleincludes\template-hooks.php:65
actionem_loop_event_meta_startincludes\template-hooks.php:66
actionem_after_loop_eventincludes\template-hooks.php:67
actionem_before_single_eventincludes\template-hooks.php:72
actionem_before_single_eventincludes\template-hooks.php:73
actionem_single_event_contentincludes\template-hooks.php:74
actionem_before_single_event_titleincludes\template-hooks.php:76
actionem_after_single_event_titleincludes\template-hooks.php:77
actionem_after_single_event_titleincludes\template-hooks.php:78
actionem_after_single_event_titleincludes\template-hooks.php:79
actionem_after_single_event_titleincludes\template-hooks.php:80
actionem_after_single_event_titleincludes\template-hooks.php:81
actionem_single_event_meta_startincludes\template-hooks.php:82
actionem_after_single_eventincludes\template-hooks.php:83
actionem_after_single_eventincludes\template-hooks.php:84
actionem_before_widget_event_titleincludes\template-hooks.php:89
actionem_before_event_locations_loopincludes\template-hooks.php:94
actionem_before_loop_event_location_titleincludes\template-hooks.php:99
actionem_after_loop_event_location_titleincludes\template-hooks.php:100
actionem_before_loop_event_organizer_titleincludes\template-hooks.php:105
actionem_after_loop_event_organizer_titleincludes\template-hooks.php:106
actionem_after_content_wrapper_endincludes\template-hooks.php:111
Maintenance & Trust

Events Maker by dFactory Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedJan 30, 2017
PHP min version
Downloads82K

Community Trust

Rating94/100
Number of ratings33
Active installs1K
Alternatives

Events Maker by dFactory Alternatives

Registrations for the Events Calendar – Event Registration Plugin

Registrations for the Events Calendar – Event Registration Plugin

registrations-for-the-events-calendar

A
89

Collect and manage event registrations with a customizable form and email template. The best event registration plugin for The Events Calendar.

8K 7 CVEs
RSVP and Event Management

RSVP and Event Management

rsvp

A
97

Simple Event Registration & RSVP Management for WordPress

3K 5 CVEs
Event Espresso – Event Registration & Ticketing Sales

Event Espresso – Event Registration & Ticketing Sales

event-espresso-decaf

A
95

The best events plugin with event registration, free and paid ticket sales, event registration forms, PayPal payments, automatic emails, and more!

700 5 CVEs
EventPress

EventPress

eventpress

A
85

Create Events on WordPress and BuddyPress!

200 No CVEs
Event Genius – Event Management, Registration, RSVP, and Tickets

Event Genius – Event Management, Registration, RSVP, and Tickets

event-genius

A
100

WordPress event management plugin built to be reliable and complete. Supports event registration, recurring events, tickets, and calendars.

100 No CVEs
Developer Profile

Events Maker by dFactory Developer Profile

dFactory

12 plugins · 357K total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
247 days
View full developer profile
Detection Fingerprints

How We Detect Events Maker by dFactory

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/events-maker/assets/css/admin-style.css/wp-content/plugins/events-maker/assets/css/admin-tabs.css/wp-content/plugins/events-maker/assets/css/colorpicker.css/wp-content/plugins/events-maker/assets/css/custom-style.css/wp-content/plugins/events-maker/assets/css/date-picker.css/wp-content/plugins/events-maker/assets/css/front-style.css/wp-content/plugins/events-maker/assets/css/icons.css/wp-content/plugins/events-maker/assets/css/js-ui.css+20 more
Script Paths
/wp-content/plugins/events-maker/assets/js/admin.js/wp-content/plugins/events-maker/assets/js/admin-tabs.js/wp-content/plugins/events-maker/assets/js/colorpicker.js/wp-content/plugins/events-maker/assets/js/custom-fields.js/wp-content/plugins/events-maker/assets/js/date-picker.js/wp-content/plugins/events-maker/assets/js/events-maker.js+11 more
Version Parameters
events-maker/assets/css/admin-style.css?ver=events-maker/assets/css/admin-tabs.css?ver=events-maker/assets/css/colorpicker.css?ver=events-maker/assets/css/custom-style.css?ver=events-maker/assets/css/date-picker.css?ver=events-maker/assets/css/front-style.css?ver=events-maker/assets/css/icons.css?ver=events-maker/assets/css/js-ui.css?ver=events-maker/assets/css/jquery.datetimepicker.min.css?ver=events-maker/assets/css/select2.min.css?ver=events-maker/assets/css/shortcodes.css?ver=events-maker/assets/js/admin.js?ver=events-maker/assets/js/admin-tabs.js?ver=events-maker/assets/js/colorpicker.js?ver=events-maker/assets/js/custom-fields.js?ver=events-maker/assets/js/date-picker.js?ver=events-maker/assets/js/events-maker.js?ver=events-maker/assets/js/events-maker-editor.js?ver=events-maker/assets/js/events-maker-widget.js?ver=events-maker/assets/js/jquery.datetimepicker.full.min.js?ver=events-maker/assets/js/map-icons.js?ver=events-maker/assets/js/maps.js?ver=events-maker/assets/js/select2.min.js?ver=events-maker/assets/js/shortcodes.js?ver=events-maker/assets/js/shortcodes-editor.js?ver=events-maker/assets/js/tabs.js?ver=events-maker/includes/js/admin-widget.js?ver=events-maker/includes/js/editor-plugin.js?ver=

HTML / DOM Fingerprints

CSS Classes
em-section-eventsem-section-calendarem-section-locationsem-section-organizersem-event-singleem-event-listem-event-teaserem-event-title+62 more
HTML Comments
<!-- Events Maker --><!-- Events Maker end --><!-- Events Maker Shortcodes --><!-- Events Maker Shortcodes end -->+18 more
Data Attributes
data-em-iddata-em-titledata-em-datedata-em-timedata-em-locationdata-em-organizer+129 more
JS Globals
EventsMakerAdminevents_maker_params
FAQ

Frequently Asked Questions about Events Maker by dFactory