Does Events: Calendar, Boxes, and List have any unpatched vulnerabilities?

No. All known vulnerabilities in Events: Calendar, Boxes, and List have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Events: Calendar, Boxes, and List compatible with WordPress 6.9.4?

According to WordPress.org data, Events: Calendar, Boxes, and List 1.1.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Events: Calendar, Boxes, and List compatible with PHP 7.4+?

Events: Calendar, Boxes, and List requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Events: Calendar, Boxes, and List updated?

Events: Calendar, Boxes, and List was last updated on Feb 13, 2026. Frequent updates are generally a positive security signal.

What is Events: Calendar, Boxes, and List's security score?

Events: Calendar, Boxes, and List has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Events: Calendar, Boxes, and List Security & Risk Analysis

wordpress.org/plugins/fsdpe-events

A simple and powerful events manager plugin with multiple views: calendar, boxes, and list.

0 active installs v1.1.3 PHP 7.4+ WP 6.7.2+ Updated Feb 13, 2026

calendareventeventsorganizerschedule

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Events: Calendar, Boxes, and List Safe to Use in 2026?

Generally Safe

Score 100/100

Events: Calendar, Boxes, and List has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "fsdpe-events" v1.1.3 plugin exhibits a generally good security posture with notable strengths. All SQL queries utilize prepared statements, and all output is properly escaped, significantly mitigating risks of SQL injection and cross-site scripting (XSS). The plugin also has no known vulnerabilities in its history and performs no external HTTP requests or file operations, further enhancing its security. However, there are several areas of concern regarding the attack surface. Three out of six total entry points, specifically three REST API routes, lack permission callbacks, meaning they are accessible without any authentication or authorization checks. Additionally, the use of the `unserialize` function, a known dangerous function, presents a potential risk if the data being unserialized is not sufficiently validated and sanitized, which is not explicitly addressed in the provided static analysis. While the plugin includes nonce checks and capability checks, their limited application to only two entry points leaves other potential vectors exposed.

Key Concerns

REST API routes without permission callbacks
Use of dangerous function: unserialize
AJAX handlers without authentication checks

Vulnerabilities

None known

Events: Calendar, Boxes, and List Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Events: Calendar, Boxes, and List Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

65 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$duotone = isset($allOptions['fsdpe_events_duotonepicker']) ? unserialize($allOptions['fsdpe_events_includes\settings-page.php:169

Output Escaping

100% escaped65 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

fsdpe_events_save_settings (includes\settings-page.php:202)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Events: Calendar, Boxes, and List Attack Surface

Entry Points6

Unprotected3

AJAX Handlers 1

authwp_ajax_fsdpe_events_save_settingsincludes\settings-page.php:231

REST API Routes 3

GET/wp-json/custom/v1/eventsincludes\api\custom-posts.php:7

GET/wp-json/fsdpe/v1/event-meta/(?P<id>\d+)includes\api\custom-posts.php:113

POST/wp-json/fsdpe/v1/update-event-meta/(?P<id>\d+)includes\api\custom-posts.php:175

Shortcodes 2

[fsdpe_events_calendar] includes\shortcodes.php:59

[fsdpe_add_to_calendar] includes\shortcodes.php:83

WordPress Hooks 16

actioninitfsdpe-events.php:39

actionadmin_noticesfsdpe-events.php:48

actioninitfsdpe-events.php:118

actionrest_api_initincludes\api\custom-posts.php:6

actionrest_api_initincludes\api\custom-posts.php:120

actionrest_api_initincludes\api\custom-posts.php:190

actioninitincludes\cpt.php:74

actioninitincludes\register-blocks.php:28

actionadmin_menuincludes\settings-page.php:26

actionadmin_enqueue_scriptsincludes\settings-page.php:87

actionwp_enqueue_scriptsincludes\settings-page.php:133

actionwp_enqueue_scriptsincludes\settings-page.php:199

actionadmin_enqueue_scriptsincludes\settings-page.php:200

actionrest_api_initincludes\single-meta-box.php:47

actionadd_meta_boxesincludes\single-meta-box.php:60

actionsave_postincludes\single-meta-box.php:121

Maintenance & Trust

Events: Calendar, Boxes, and List Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 13, 2026

PHP min version7.4

Downloads738

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Events: Calendar, Boxes, and List Alternatives

The Events Calendar

the-events-calendar

The Events Calendar: #1 calendar plugin for WordPress. Create/manage events (virtual too!) on your site with the free plugin.

700K 25 CVEs

Events Calendar for GeoDirectory

events-for-geodirectory

Events Calendar add-on for GeoDirectory allows to extend your GeoDirectory powered website with a versatile event manager.

3K 1 CVE

Events Calendar Plus

events-calendar-plus

100

Display a beautiful events calendar with customizable views, coloring, filtering, date formats, images, and optimized for mobile on your own website.

50 No CVEs

Pretty Grid – WordPress Images Gallery, Slider, and Carousel Plugin

pretty-grid

100

Pretty Grid is a flexible plugin that make you display social media content in WordPress.

20 No CVEs

Crowdcue

crowdcue

Crowdcue is the unofficial OccasionGenius WordPress plugin allows you to easily output a beautiful and simple events page without any coding using the …

0 No CVEs

Developer Profile

Events: Calendar, Boxes, and List Developer Profile

56 Degrees

4 plugins · 2K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Events: Calendar, Boxes, and List

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fsdpe-events/build/index.js/wp-content/plugins/fsdpe-events/build/index.css

Script Paths

/wp-content/plugins/fsdpe-events/build/index.js

Version Parameters

fsdpe-events/build/index.js?ver=fsdpe-events/build/index.css?ver=

HTML / DOM Fingerprints

CSS Classes

fsdpe-events-settings

JS Globals

fsdpeEventsSettings

REST Endpoints

/wp-json/fsdpe-events/v1/custom-posts

FAQ