WP-Safety

Jet Event System for BuddyPress Security & Risk Analysis

wordpress.org/plugins/jet-event-system-for-buddypress

The modern System of events for your social network. Ability to attract members of the network to the ongoing activities, etc.

10 active installs v1.7.0.1 PHP + WP + Updated Aug 10, 2011
buddypressmembersmetawidgetwordpress-mu
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Jet Event System for BuddyPress Safe to Use in 2026?

Generally Safe

Score 85/100

Jet Event System for BuddyPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago
Risk Assessment

The "jet-event-system-for-buddypress" v1.7.0.1 plugin presents a mixed security posture. While it demonstrates a commendable effort in utilizing prepared statements for SQL queries (95%) and incorporates a reasonable number of nonce and capability checks, significant concerns arise from its attack surface and output escaping practices.

The presence of two AJAX handlers without authentication checks is a critical vulnerability, potentially allowing unauthorized users to trigger sensitive actions. Furthermore, the taint analysis reveals two high-severity flows with unsanitized paths, indicating a risk of data manipulation or unauthorized access if these flows are triggered by user input.

The plugin's vulnerability history is clean, with no recorded CVEs. This is a positive indicator, suggesting that past security audits or development practices have been effective in preventing publicly known vulnerabilities. However, the static analysis findings, particularly the unprotected AJAX endpoints and high-severity taint flows, suggest that the absence of historical CVEs might be due to a lack of thorough security testing or that the discovered vulnerabilities have not yet been publicly disclosed or exploited.

In conclusion, the plugin shows strengths in database query sanitization and internal checks. However, the unprotected AJAX endpoints and high-severity taint flows are serious weaknesses that require immediate attention. The clean vulnerability history is reassuring but should be viewed in light of the static analysis findings, which point to potential exploitable flaws.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows found
  • Low percentage of properly escaped output
  • Bundled outdated jQuery library
Vulnerabilities
None known

Jet Event System for BuddyPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Jet Event System for BuddyPress Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

Jet Event System for BuddyPress Code Analysis

Dangerous Functions
8
Raw SQL Queries
10
194 prepared
Unescaped Output
370
48 escaped
Nonce Checks
21
Capability Checks
11
File Operations
12
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$bp->jes_events->completed_create_steps = unserialize( stripslashes( $_COOKIE['bp_completed_create_smain/jet-events-action.php:44
create_functionadd_action( 'events_admin_tabs', create_function( '$current, $event_slug', 'if ( "' . attribute_escamain/jet-events-classes.php:1356
create_functionadd_action( 'bp_template_content_header', create_function( '', 'echo "<ul class=\"content-header-navmain/jet-events-classes.php:1366
create_functionadd_action( 'bp_template_content_header', create_function( '', 'echo "' . attribute_escape( $this->nmain/jet-events-classes.php:1381
create_functionadd_action( 'bp_template_title', create_function( '', 'echo "' . attribute_escape( $this->name ) . 'main/jet-events-classes.php:1382
create_functionadd_action( 'bp_init', create_function( '', '$extension = new ' . $jes_event_extension_class . '; admain/jet-events-classes.php:1405
create_functionadd_action('widgets_init', create_function('', 'return register_widget("JES_BP_Events_Widget");') );main/jet-events-widgets.php:408
create_functionadd_action('widgets_init', create_function('', 'return register_widget("JES_BP_ShortEvents_Widget");main/jet-events-widgets.php:409

Bundled Libraries

jQuery1.5.2

SQL Query Safety

95% prepared204 total queries

Output Escaping

11% escaped418 total outputs
Data Flows · Security
5 unsanitized

Data Flow Analysis

11 flows5 with unsanitized paths
bp_event_hidden_fields (main/jet-events-templatetags.php:1689)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Jet Event System for BuddyPress Attack Surface

Entry Points5
Unprotected2

AJAX Handlers 4

authwp_ajax_events_filtermain/jet-event-start.php:152
authwp_ajax_events_invite_usermain/jet-events-ajax.php:44
authwp_ajax_check_eventnamemain/jet-events-module_eu.php:61
authwp_ajax_widget_events_listmain/jet-events-widgets.php:410

Shortcodes 1

[jpostevent] main/jet-events-module_sc.php:13
WordPress Hooks 106
actionplugins_loadedjet-event-system.php:67
actiontemplate_redirectmain/jet-event-start.php:76
actionadmin_initmain/jet-event-start.php:83
actioninitmain/jet-event-start.php:110
actionwp_print_stylesmain/jet-event-start.php:120
actionbp_setup_globalsmain/jet-event-start.php:149
actionbp_setup_root_componentsmain/jet-event-start.php:159
actionwpmain/jet-event-start.php:172
actionwp_headmain/jet-event-start.php:186
actionevents_event_deletedmain/jet-event-start.php:766
actionevents_settings_updatedmain/jet-event-start.php:767
actionevents_details_updatedmain/jet-event-start.php:768
actionevents_event_avatar_updatedmain/jet-event-start.php:769
actionevents_create_event_step_completemain/jet-event-start.php:770
actionevents_join_eventmain/jet-event-start.php:775
actionevents_leave_eventmain/jet-event-start.php:776
actionevents_ban_membermain/jet-event-start.php:777
actionevents_unban_membermain/jet-event-start.php:778
actionevents_join_eventmain/jet-event-start.php:781
actionevents_leave_eventmain/jet-event-start.php:782
actionevents_jes_accept_invitemain/jet-event-start.php:783
actionevents_reject_invitemain/jet-event-start.php:784
actionevents_invite_usermain/jet-event-start.php:785
actionevents_uninvite_usermain/jet-event-start.php:786
actionevents_details_updatedmain/jet-event-start.php:787
actionevents_settings_updatedmain/jet-event-start.php:788
actionevents_unban_membermain/jet-event-start.php:789
actionevents_ban_membermain/jet-event-start.php:790
actionevents_demote_membermain/jet-event-start.php:791
actionevents_premote_membermain/jet-event-start.php:792
actionevents_membership_rejectedmain/jet-event-start.php:793
actionevents_membership_acceptedmain/jet-event-start.php:794
actionevents_membership_requestedmain/jet-event-start.php:795
actionevents_create_event_step_completemain/jet-event-start.php:796
actionevents_created_eventmain/jet-event-start.php:797
actionevents_event_avatar_updatedmain/jet-event-start.php:798
actionwpmain/jet-events-action.php:163
actionwpmain/jet-events-action.php:180
actionwpmain/jet-events-action.php:214
actionwpmain/jet-events-action.php:239
actionwpmain/jet-events-action.php:275
actionwpmain/jet-events-action.php:294
actionbp_register_activity_actionsmain/jet-events-activity.php:20
actionevents_joined_eventmain/jet-events-activity.php:57
actionevents_leave_eventmain/jet-events-activity.php:58
actionevents_created_eventmain/jet-events-activity.php:59
actiontemplate_redirectmain/jet-events-ajax.php:53
actionevents_custom_create_stepsmain/jet-events-classes.php:1348
actionevents_admin_tabsmain/jet-events-classes.php:1356
actionwpmain/jet-events-classes.php:1360
actionevents_custom_edit_stepsmain/jet-events-classes.php:1361
actionbp_template_content_headermain/jet-events-classes.php:1366
actionbp_template_contentmain/jet-events-classes.php:1367
actionbp_template_content_headermain/jet-events-classes.php:1381
actionbp_template_titlemain/jet-events-classes.php:1382
actionbp_template_contentmain/jet-events-classes.php:1393
actionbp_initmain/jet-events-classes.php:1405
filterjes_bp_get_event_descriptionmain/jet-events-filters.php:4
filterjes_bp_get_event_description_excerptmain/jet-events-filters.php:5
filterjes_bp_get_event_namemain/jet-events-filters.php:6
filterjes_bp_get_event_descriptionmain/jet-events-filters.php:8
filterjes_bp_get_event_eventtermsmain/jet-events-filters.php:9
filterjes_bp_get_event_description_excerptmain/jet-events-filters.php:10
filterjes_bp_get_event_descriptionmain/jet-events-filters.php:12
filterjes_bp_get_event_description_excerptmain/jet-events-filters.php:13
filterjes_bp_get_event_namemain/jet-events-filters.php:14
filterjes_bp_get_event_descriptionmain/jet-events-filters.php:16
filterjes_bp_get_event_description_excerptmain/jet-events-filters.php:17
filterjes_bp_get_event_descriptionmain/jet-events-filters.php:19
filterjes_bp_get_event_description_excerptmain/jet-events-filters.php:20
filterjes_bp_get_event_namemain/jet-events-filters.php:22
filterjes_bp_get_event_permalinkmain/jet-events-filters.php:23
filterjes_bp_get_event_descriptionmain/jet-events-filters.php:24
filterjes_bp_get_event_description_excerptmain/jet-events-filters.php:25
filterevents_event_name_before_savemain/jet-events-filters.php:26
filterevents_event_description_before_savemain/jet-events-filters.php:27
filterjes_bp_get_event_descriptionmain/jet-events-filters.php:29
filterjes_bp_get_event_description_excerptmain/jet-events-filters.php:30
filterjes_bp_get_event_namemain/jet-events-filters.php:31
filterbp_get_event_member_namemain/jet-events-filters.php:32
filterbp_get_event_member_linkmain/jet-events-filters.php:33
filterevents_event_name_before_savemain/jet-events-filters.php:37
filterevents_event_description_before_savemain/jet-events-filters.php:38
filterbp_jes_get_jes_total_event_countmain/jet-events-filters.php:40
filterbp_get_event_total_for_membermain/jet-events-filters.php:41
filterjes_bp_get_event_total_membersmain/jet-events-filters.php:42
actionget_headermain/jet-events-functions.php:19
actionbp_nav_itemsmain/jet-events-menu.php:11
actionbp_setup_navmain/jet-events-menu.php:135
actionbp_adminbar_menusmain/jet-events-menu.php:159
actionwp_print_scriptsmain/jet-events-module_eu.php:21
actionwp_print_stylesmain/jet-events-module_eu.php:38
actionevents_promoted_membermain/jet-events-notifications.php:185
actionjes_bp_events_posted_updatemain/jet-events-notifications.php:296
actionjes_events_notification_cron_hookmain/jet-events-operations.php:403
actionwpmain/jet-events-screen.php:182
actionwpmain/jet-events-screen.php:230
actionwpmain/jet-events-screen.php:266
actionwpmain/jet-events-screen.php:301
actionwpmain/jet-events-screen.php:324
actionwpmain/jet-events-screen.php:416
actionwpmain/jet-events-screen.php:474
actionwpmain/jet-events-screen.php:508
actionbp_notification_settingsmain/jet-events-screen.php:561
actionwidgets_initmain/jet-events-widgets.php:408
actionwidgets_initmain/jet-events-widgets.php:409

Scheduled Events 1

jes_events_notification_cron_hook
Maintenance & Trust

Jet Event System for BuddyPress Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedAug 10, 2011
PHP min version
Downloads33K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Jet Event System for BuddyPress Alternatives

Jet Random Members Widget

Jet Random Members Widget

jet-member-could

A
85

en: Create a cloud of users on your social network! Do you have many users? Do you want more communication? Install this widget!

10 No CVEs
Wbcom Designs – Birthday Widget for BuddyPress

Wbcom Designs – Birthday Widget for BuddyPress

birthday-widget-for-buddypress

A
100

Display upcoming birthdays of BuddyPress members with a beautiful, responsive widget that integrates seamlessly with any WordPress theme.

400 No CVEs
BuddyPress Extend Widgets

BuddyPress Extend Widgets

bp-extend-widgets

A
85

Provide all widgets with BuddyPress specific fields (conditional display logic)

10 No CVEs
Enhanced BuddyPress Widgets

Enhanced BuddyPress Widgets

enhanced-buddypress-widgets

A
85

Provides enhanced version of BuddyPress's core Groups and Members widgets

10 No CVEs
Jet Site Unit Could Widgets

Jet Site Unit Could Widgets

jet-unit-site-could

A
85

Provides random members and/or groups avatar list + blog list with more options /Widget/

10 No CVEs
Developer Profile

Jet Event System for BuddyPress Developer Profile

milordk

5 plugins · 50 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Jet Event System for BuddyPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/jet-event-system-for-buddypress/js/fullcalendar.min.js/jet-event-system-for-buddypress/js/jquery-1.5.2.min.js/jet-event-system-for-buddypress/js/jquery.ui.core.js/jet-event-system-for-buddypress/js/jquery.ui.widget.js/jet-event-system-for-buddypress/js/jquery.datapicker.js/jet-event-system-for-buddypress/js/jes.datepicker.js/jet-event-system-for-buddypress/js/jquery-iu-locale/jquery.ui.datepicker-en_GB.js/jet-event-system-for-buddypress/css/fullcalendar.css+3 more
Script Paths
wp-content/plugins/jet-event-system-for-buddypress/js/fullcalendar.min.jswp-content/plugins/jet-event-system-for-buddypress/js/jquery-1.5.2.min.jswp-content/plugins/jet-event-system-for-buddypress/js/jquery.ui.core.jswp-content/plugins/jet-event-system-for-buddypress/js/jquery.ui.widget.jswp-content/plugins/jet-event-system-for-buddypress/js/jquery.datapicker.jswp-content/plugins/jet-event-system-for-buddypress/js/jes.datepicker.js+4 more

HTML / DOM Fingerprints

CSS Classes
jes-content
HTML Comments
bp ajax chat fix
Data Attributes
data-jes-type
JS Globals
jes_events_urljes_events_ajaxurljes_events_security_noncejes_events_create_event_nonce
Shortcode Output
[jes_events_calendar][jes_events_list][jes_events_past]
FAQ

Frequently Asked Questions about Jet Event System for BuddyPress