Does HT Event – WordPress Event Manager Plugin for Elementor have any unpatched vulnerabilities?

No. All known vulnerabilities in HT Event – WordPress Event Manager Plugin for Elementor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is HT Event – WordPress Event Manager Plugin for Elementor compatible with WordPress 6.9.4?

According to WordPress.org data, HT Event – WordPress Event Manager Plugin for Elementor 1.4.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

HT Event – WordPress Event Manager Plugin for Elementor Security & Risk Analysis

wordpress.org/plugins/ht-event

Htevent is a WordPress event management plugin which helps you to show your event.

30 active installs v1.4.8 PHP + WP 5.0+ Updated Dec 4, 2025

conferanceelementorelementor-addonevent-managementwp-event

A · Safe

CVEs total3

Unpatched0

Last CVEJan 30, 2025

Plugin page Download

Safety Verdict

Is HT Event – WordPress Event Manager Plugin for Elementor Safe to Use in 2026?

Generally Safe

Score 98/100

HT Event – WordPress Event Manager Plugin for Elementor has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jan 30, 2025Updated 4mo ago

Risk Assessment

The "ht-event" v1.4.8 plugin demonstrates a mixed security posture. On the positive side, the static analysis shows a strong adherence to secure coding practices. All identified AJAX handlers and REST API routes (though none exist) appear to have appropriate authentication and permission checks. The complete absence of raw SQL queries, with 100% usage of prepared statements, is commendable. Furthermore, nonce and capability checks are present on all entry points, and a significant majority of output is properly escaped, indicating an effort to mitigate common web vulnerabilities like Cross-Site Scripting. There are no identified critical or high severity issues from taint analysis, and no unsanitized paths or dangerous functions were detected.

However, the plugin's vulnerability history is a significant concern. With three known medium severity CVEs, and the most recent one being from January 2025, it suggests a pattern of introducing vulnerabilities that require patching. The types of past vulnerabilities, including Exposure of Private Personal Information, Cross-Site Scripting, and Cross-Site Request Forgery, are all serious security risks. While there are currently no unpatched CVEs for this version, the historical pattern raises a flag about the plugin's ongoing security robustness and the potential for future undiscovered vulnerabilities. The presence of file operations and external HTTP requests, while not inherently insecure, represent potential attack vectors that warrant careful monitoring and auditing if any issues were to arise.

In conclusion, while "ht-event" v1.4.8 benefits from solid secure coding practices like prepared statements and appropriate checks on its limited attack surface, its history of medium severity vulnerabilities cannot be ignored. Users should be aware of this historical context and ensure the plugin is kept up-to-date with any future patches released to address newly discovered security flaws. The relatively low number of entry points is a positive, but the past CVEs necessitate vigilance.

Key Concerns

Known medium severity CVEs (3 total)
Recent vulnerability history (2025-01-30)
Potential for insecure file operations
External HTTP requests present
Output escaping not 100%

Vulnerabilities

HT Event – WordPress Event Manager Plugin for Elementor Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2024-13216medium · 4.3Exposure of Private Personal Information to an Unauthorized Actor

HT Event – WordPress Event Manager Plugin for Elementor <= 1.4.7 - Authenticated (Contributor+) Sensitive Information Exposure via HT Event: Sponsor

Jan 30, 2025 Patched in 1.4.8 (12d)

CVE-2025-24624medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

HT Event <= 1.4.6 - Reflected Cross-Site Scripting

Dec 30, 2024 Patched in 1.4.7 (114d)

CVE-2023-0496medium · 4.3Cross-Site Request Forgery (CSRF)

HT Event <= 1.4.5 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation

Feb 28, 2023 Patched in 1.4.6 (329d)

Code Analysis

Analyzed Mar 16, 2026

HT Event – WordPress Event Manager Plugin for Elementor Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

261

769 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

75% escaped1030 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

htevent_post_like (includes\post-like.php:21)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

HT Event – WordPress Event Manager Plugin for Elementor Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 4

authwp_ajax_cmb2_oembed_handleradmin\cmb2\includes\CMB2_Ajax.php:51

noprivwp_ajax_cmb2_oembed_handleradmin\cmb2\includes\CMB2_Ajax.php:52

noprivwp_ajax_jm-post-likeincludes\post-like.php:19

authwp_ajax_jm-post-likeincludes\post-like.php:20

WordPress Hooks 85

filterwp_prepare_attachment_for_jsadmin\cmb2\includes\CMB2.php:1558

actionadmin_enqueue_scriptsadmin\cmb2\includes\CMB2.php:1576

actioncmb2_save_options-page_fieldsadmin\cmb2\includes\CMB2_Ajax.php:54

filterget_post_metadataadmin\cmb2\includes\CMB2_Ajax.php:147

filterupdate_post_metadataadmin\cmb2\includes\CMB2_Ajax.php:150

filtercmb2_show_onadmin\cmb2\includes\CMB2_hookup.php:79

actionedit_form_topadmin\cmb2\includes\CMB2_hookup.php:115

actionedit_form_before_permalinkadmin\cmb2\includes\CMB2_hookup.php:119

actionedit_form_after_titleadmin\cmb2\includes\CMB2_hookup.php:123

actionedit_form_after_editoradmin\cmb2\includes\CMB2_hookup.php:127

actionadd_meta_boxesadmin\cmb2\includes\CMB2_hookup.php:131

actionadd_meta_boxesadmin\cmb2\includes\CMB2_hookup.php:134

actionadd_attachmentadmin\cmb2\includes\CMB2_hookup.php:135

actionedit_attachmentadmin\cmb2\includes\CMB2_hookup.php:136

actionsave_postadmin\cmb2\includes\CMB2_hookup.php:137

actionpre_get_postsadmin\cmb2\includes\CMB2_hookup.php:144

actionadd_meta_boxes_commentadmin\cmb2\includes\CMB2_hookup.php:152

actionedit_commentadmin\cmb2\includes\CMB2_hookup.php:153

filtermanage_edit-comments_columnsadmin\cmb2\includes\CMB2_hookup.php:156

actionmanage_comments_custom_columnadmin\cmb2\includes\CMB2_hookup.php:157

filtermanage_edit-comments_sortable_columnsadmin\cmb2\includes\CMB2_hookup.php:158

actionpre_get_postsadmin\cmb2\includes\CMB2_hookup.php:159

actionshow_user_profileadmin\cmb2\includes\CMB2_hookup.php:168

actionedit_user_profileadmin\cmb2\includes\CMB2_hookup.php:169

actionuser_new_formadmin\cmb2\includes\CMB2_hookup.php:170

actionpersonal_options_updateadmin\cmb2\includes\CMB2_hookup.php:172

actionedit_user_profile_updateadmin\cmb2\includes\CMB2_hookup.php:173

actionuser_registeradmin\cmb2\includes\CMB2_hookup.php:174

filtermanage_users_columnsadmin\cmb2\includes\CMB2_hookup.php:177

filtermanage_users_custom_columnadmin\cmb2\includes\CMB2_hookup.php:178

filtermanage_users_sortable_columnsadmin\cmb2\includes\CMB2_hookup.php:179

actionpre_get_postsadmin\cmb2\includes\CMB2_hookup.php:180

actionpre_get_postsadmin\cmb2\includes\CMB2_hookup.php:226

actioncreated_termadmin\cmb2\includes\CMB2_hookup.php:230

actionedited_termsadmin\cmb2\includes\CMB2_hookup.php:231

actiondelete_termadmin\cmb2\includes\CMB2_hookup.php:232

actioncmb2_do_oembedadmin\cmb2\includes\helper-functions.php:131

filteris_protected_metaadmin\cmb2\includes\rest-api\CMB2_REST.php:144

actioninitadmin\cmb2\init.php:73

actionhtevent_category_add_form_fieldsadmin\custom_taxonomy_field.php:11

actioncreated_htevent_categoryadmin\custom_taxonomy_field.php:12

actionhtevent_category_edit_form_fieldsadmin\custom_taxonomy_field.php:13

actionedited_htevent_categoryadmin\custom_taxonomy_field.php:14

actionadmin_enqueue_scriptsadmin\custom_taxonomy_field.php:15

actionadmin_footeradmin\custom_taxonomy_field.php:16

actioncmb2_meta_boxesadmin\htevent_custom-metabox.php:3

actioninitadmin\htevent_custom-post-type.php:173

actionadmin_menuadmin\Recommended_Plugins.php:78

actionadmin_enqueue_scriptsadmin\Recommended_Plugins.php:79

filterpage_attributes_dropdown_pages_argsadmin\retister-pagetemplate.php:39

filtertheme_speaker_templatesadmin\retister-pagetemplate.php:47

filtertheme_htevent_templatesadmin\retister-pagetemplate.php:51

filterwp_insert_post_dataadmin\retister-pagetemplate.php:58

filtertemplate_includeadmin\retister-pagetemplate.php:66

actionplugins_loadedadmin\retister-pagetemplate.php:166

actioninithtevent.php:45

filterarchive_templatehtevent.php:58

filtersingle_templatehtevent.php:78

actionall_admin_noticeshtevent.php:157

actionadmin_noticeshtevent.php:187

filtersingle_templatehtevent.php:234

actioninithtevent.php:249

actiontemplate_redirecthtevent.php:257

actionadmin_menuhtevent.php:273

actionadmin_inithtevent.php:291

filterregister_post_type_argshtevent.php:334

actionelementor/initincludes\helper-function.php:21

actioninitincludes\post-like.php:15

actionshow_user_profileincludes\post-like.php:149

actionedit_user_profileincludes\post-like.php:150

actionwidgets_initincludes\wp-widgets\company-info-widget.php:101

actionwidgets_initincludes\wp-widgets\recent-post.php:151

actionwidgets_initincludes\wp-widgets\twitter-sidebar.php:2

actionwidgets_initincludes\wp-widgets\twitter.php:2

actionwidgets_initincludes\wp-widgets\widget-instagram.php:170

actionelementor/widgets/registerinit.php:12

actionelementor/widgets/widgets_registeredinit.php:14

actionadmin_menuinit.php:16

actionelementor/frontend/after_register_stylesinit.php:17

actionelementor/frontend/after_enqueue_stylesinit.php:18

actionwp_enqueue_scriptsinit.php:19

actionwp_enqueue_scriptsinit.php:20

actionelementor/frontend/after_register_scriptsinit.php:21

actionelementor/frontend/after_enqueue_scriptsinit.php:22

actioninitinit.php:23

Maintenance & Trust

HT Event – WordPress Event Manager Plugin for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 4, 2025

PHP min version

Downloads11K

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

HT Event – WordPress Event Manager Plugin for Elementor Alternatives

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 21 CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Ultimate Addons for Elementor

header-footer-elementor

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa …

2.0M 12 CVEs

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 35 CVEs

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.

600K 1 unpatched

Developer Profile

HT Event – WordPress Event Manager Plugin for Elementor Developer Profile

DevItems

13 plugins · 179K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

93 days

View full developer profile

Detection Fingerprints

How We Detect HT Event – WordPress Event Manager Plugin for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ht-event/assets/css/animate.css/wp-content/plugins/ht-event/assets/css/bootstrap.css/wp-content/plugins/ht-event/assets/css/font-awesome.css/wp-content/plugins/ht-event/assets/css/owl.carousel.css/wp-content/plugins/ht-event/assets/css/owl.theme.css/wp-content/plugins/ht-event/assets/css/responsive.css/wp-content/plugins/ht-event/assets/css/style.css/wp-content/plugins/ht-event/assets/js/bootstrap.js+6 more

Script Paths

/wp-content/plugins/ht-event/assets/js/main.js/wp-content/plugins/ht-event/assets/js/custom.js

Version Parameters

ht-event/assets/css/style.css?ver=ht-event/assets/css/animate.css?ver=ht-event/assets/css/bootstrap.css?ver=ht-event/assets/css/font-awesome.css?ver=ht-event/assets/css/owl.carousel.css?ver=ht-event/assets/css/owl.theme.css?ver=ht-event/assets/css/responsive.css?ver=ht-event/assets/js/custom.js?ver=ht-event/assets/js/bootstrap.js?ver=ht-event/assets/js/owl.carousel.js?ver=ht-event/assets/js/waypoints.js?ver=ht-event/assets/js/scrollreveal.js?ver=ht-event/assets/js/isotope.js?ver=ht-event/assets/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

ht-eventhtevent_custom-post-typehtevent_custom-metaboxhtevent_add-new-posthtevent_add-new-categoryhtevent_custom-taxonomy-field

HTML Comments

+7 more

Data Attributes

data-htevent-iddata-htevent-slugdata-htevent-category

JS Globals

htevent_ajax_urlhtevent_admin_urlhtevent_plugin_urlhtevent_version

REST Endpoints

/wp-json/htevent/v1/events/wp-json/htevent/v1/speakers

Shortcode Output

[htevent_calendar][htevent_list][htevent_single][htevent_countdown]

FAQ