WP-Safety

Lolita Events Security & Risk Analysis

wordpress.org/plugins/lolita-events

WordPress Event Calendar Plugin.

0 active installs v0.1 PHP + WP + Updated Aug 7, 2019
ajaxcalendareventslolitalolitaframework
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Lolita Events Safe to Use in 2026?

Generally Safe

Score 85/100

Lolita Events has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The 'lolita-events' v0.1 plugin exhibits a strong initial security posture based on the static analysis. The absence of any identified attack surface, dangerous functions, raw SQL queries, or critical taint flows is highly positive. The presence of nonce and capability checks, along with the use of prepared statements for SQL, indicates good development practices aimed at preventing common vulnerabilities.

However, a significant concern arises from the output escaping. With 64% of outputs properly escaped, a substantial 36% remain unescaped. This presents a risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is outputted without proper sanitization, allowing attackers to inject malicious scripts into web pages viewed by other users.

The plugin's vulnerability history is currently clear, with no recorded CVEs. This, combined with the clean static analysis, suggests a lack of actively exploited or publicly known security flaws. Nevertheless, the unescaped output remains a potential weakness that could be exploited in the future. The plugin's strengths lie in its minimal attack surface and secure SQL handling, but the output escaping needs immediate attention to solidify its security.

Key Concerns

  • Insufficient output escaping
Vulnerabilities
None known

Lolita Events Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Lolita Events Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Lolita Events Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
10
18 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

64% escaped28 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
save_settings (app\services\Settings.php:30)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Lolita Events Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 5
actionadd_meta_boxesLolitaFramework\Configuration\Modules\MetaBoxes.php:20
actionadmin_menuLolitaFramework\Configuration\Modules\Pages.php:18
actioninitLolitaFramework\Configuration\Modules\PostTypes.php:19
actioninitLolitaFramework\Configuration\Modules\Taxonomies.php:19
actionwidgets_initLolitaFramework\Configuration\Modules\Widgets.php:16
Maintenance & Trust

Lolita Events Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24
Last updatedAug 7, 2019
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Lolita Events Alternatives

WP FullCalendar

WP FullCalendar

wp-fullcalendar

D
44

Uses the FullCalendar library to create a stunning calendar view of events, posts and other custom post types

9K 2 unpatched
Events Search For The Events Calendar

Events Search For The Events Calendar

events-search-addon-for-the-events-calendar

A
100

Adds an AJAX-based events search bar on any page via shortcode to quickly find any upcoming event created with The Events Calendar plugin.

3K No CVEs
Eventful for Elementor – Events Showcase For The Events Calendar

Eventful for Elementor – Events Showcase For The Events Calendar

eventful-for-elementor

A
100

Seamlessly showcase events from The Events Calendar in Elementor with customizable widgets and dynamic layouts.

200 No CVEs
Community Events

Community Events

community-events

B
77

The purpose of this plugin is to allow users to create a schedule of upcoming events and display events for the next 7 days in an AJAX-driven box or d …

20 12 CVEs
The Events Calendar

The Events Calendar

the-events-calendar

B
82

The Events Calendar: #1 calendar plugin for WordPress. Create/manage events (virtual too!) on your site with the free plugin.

700K 25 CVEs
Developer Profile

Lolita Events Developer Profile

therealguriev

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Lolita Events

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/lolita-events/events.php/wp-content/plugins/lolita-events/LolitaFramework/LF.php/wp-content/plugins/lolita-events/LolitaFramework/Configuration/Modules/RegisterScripts.php/wp-content/plugins/lolita-events/LolitaFramework/Configuration/Modules/RegisterStyles.php/wp-content/plugins/lolita-events/LolitaFramework/Configuration/Modules/Shortcodes.php/wp-content/plugins/lolita-events/app/decorators/EventDecorator.php/wp-content/plugins/lolita-events/app/services/Events.php
Script Paths
events.phpLolitaFramework/LF.phpLolitaFramework/Configuration/Modules/RegisterScripts.phpLolitaFramework/Configuration/Modules/RegisterStyles.phpLolitaFramework/Configuration/Modules/Shortcodes.phpapp/decorators/EventDecorator.php+1 more
Version Parameters
lolita-events/events.php?ver=lolita-events/LolitaFramework/LF.php?ver=lolita-events/LolitaFramework/Configuration/Modules/RegisterScripts.php?ver=lolita-events/LolitaFramework/Configuration/Modules/RegisterStyles.php?ver=lolita-events/LolitaFramework/Configuration/Modules/Shortcodes.php?ver=lolita-events/app/decorators/EventDecorator.php?ver=lolita-events/app/services/Events.php?ver=

HTML / DOM Fingerprints

JS Globals
LolitaFrameworkLF
REST Endpoints
/wp-json/events/v1/get
FAQ

Frequently Asked Questions about Lolita Events