
Event Booking Manager for WooCommerce Security & Risk Analysis
wordpress.org/plugins/mage-eventpressFlexible WooCommerce plugin for event booking, attendee management, and responsive ticketing with a modern event calendar.
Is Event Booking Manager for WooCommerce Safe to Use in 2026?
Mostly Safe
Score 82/100Event Booking Manager for WooCommerce is generally safe to use. 23 past CVEs were resolved.
The mage-eventpress plugin exhibits a mixed security posture. While it demonstrates some good practices, such as a high percentage of prepared SQL statements and proper output escaping, significant concerns are present. The substantial attack surface, with 9 out of 50 entry points lacking authentication checks, is a primary risk. Furthermore, the presence of the `unserialize` function is a red flag, especially given its history of vulnerabilities related to deserialization of untrusted data. The taint analysis, while showing no critical or high severity flows currently, did reveal 9 flows with unsanitized paths, indicating potential for injection vulnerabilities if not handled carefully. The plugin's vulnerability history is a major concern, with a large number of past CVEs including critical and high-severity issues like Deserialization of Untrusted Data, Missing Authorization, and SQL Injection. The fact that the last vulnerability was patched in 2026 and there are currently no unpatched CVEs is positive, but the recurring nature of these severe vulnerability types suggests a history of insecure coding practices that could resurface or be exploited in future versions.
Overall, the plugin's large number of unprotected entry points and the presence of dangerous functions like `unserialize`, coupled with its extensive history of critical and high-severity vulnerabilities, point to a moderate to high risk. While recent efforts in securing SQL queries and output escaping are commendable, the underlying architectural weaknesses and past exploit patterns necessitate a cautious approach. The numerous past vulnerabilities in critical areas like authorization and data deserialization suggest a recurring need for vigilance and thorough security auditing of this plugin.
Key Concerns
- Unprotected AJAX handlers
- Presence of dangerous function (unserialize)
- Past critical severity CVEs
- Past high severity CVEs
- Unsanitized paths in taint flows
Event Booking Manager for WooCommerce Security Vulnerabilities
CVEs by Year
Severity Breakdown
23 total CVEs
Event Booking Manager for WooCommerce <= 5.3.3 - Missing Authorization
Event Booking Manager for WooCommerce <= 5.1.4 - Reflected Cross-Site Scripting
WpEvently <= 5.1.1 - Unauthenticated PHP Object Injection
WpEvently < 5.1.9 - Unauthenticated Information Exposure
WpEvently <= 5.0.8 - Authenticated (Contributor+) PHP Object Injection
WpEvently <= 5.1.1 - Cross-Site Request Forgery
WpEvently <= 5.0.4 - Missing Authorization
WpEvently <= 5.0.4 - Missing Authorization
WpEvently <= 4.4.8 - Authenticated (Contributor+) PHP Object Injection
WpEvently <= 4.4.6 - Missing Authorization
WpEvently <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
WpEvently <= 4.3.6 - Authenticated (Contributor+) PHP Object Injection
WpEvently <= 4.2.9 - Authenticated (Contributor+) Local File Inclusion
WpEvently <= 4.2.9 - Missing Authorization
Event Manager for WooCommerce <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Event Manager for WooCommerce <= 4.2.1 - Authenticated (Contributor+) Local File Inclusion
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently <= 4.1.1 - Authenticated (Contributor+) PHP Object Injection in mep_event_meta_save
Event Manager for WooCommerce <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'mep_get_option' function
Event Manager for WooCommerce <= 3.7.7 - Cross-Site Request Forgery leading to Uninstall Form Submission
Event Manager and Tickets Selling Plugin for WooCommerce <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Event Manager and Tickets Selling for WooCommerce < 3.5.8 - SQL Injection
Event Manager and Tickets Selling Plugin for WooCommerce < 3.5.3 - Arbitrary Settings Change
Event Manager and Tickets Selling Plugin for WooCommerce < 3.5.3 - Missing Authorization
Event Booking Manager for WooCommerce Release Timeline
Event Booking Manager for WooCommerce Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
Data Flow Analysis
Event Booking Manager for WooCommerce Attack Surface
AJAX Handlers 45
Shortcodes 5
WordPress Hooks 244
Maintenance & Trust
Event Booking Manager for WooCommerce Maintenance & Trust
Maintenance Signals
Community Trust
Event Booking Manager for WooCommerce Alternatives
Servv AI Event Booking
servvai-event-booking
Servv AI Event Booking helps you create events with AI, Zoom integration, ticketing, and reminders all in one place. You can add events to any post on …
Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)
wp-event-solution
Events calendar plugin for WordPress to manage events, bookings, registrations, scheduling, virtual events, and tickets sales.
EventPrime – Events Calendar, Bookings and Tickets
eventprime-event-calendar-management
Modern Events Calendar plugin ❤️ for creating free or paid events. Supports Event Types, Bookings, Tickets, Venues, Performers, and a lot more.
Quick Event Manager
quick-event-manager
Simple event manager. No messing about, just add events and a shortcode and the plugin does the rest for you.
Event Monster – Manager & Ticket Booking
event-monster
Event manager with calendar display, ticket booking, registration forms, and attendee tracking for all occasions.
Event Booking Manager for WooCommerce Developer Profile
11 plugins · 12K total installs
How We Detect Event Booking Manager for WooCommerce
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/mage-eventpress/assets/blocks/event-list-block.js/wp-content/plugins/mage-eventpress/assets/blocks/editor.css/wp-content/plugins/mage-eventpress/assets/blocks/style.css/wp-content/plugins/mage-eventpress/assets/helper/mp_style/mpwem_global.css/wp-content/plugins/mage-eventpress/assets/helper/mp_style/mpwem_global.js/wp-content/plugins/mage-eventpress/assets/admin/mpwem_admin.css//cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.15.4/css/all.min.cssmage-eventpress/assets/blocks/event-list-block.js?ver=mage-eventpress/assets/blocks/editor.css?ver=mage-eventpress/assets/blocks/style.css?ver=mage-eventpress/assets/helper/mp_style/mpwem_global.css?ver=mage-eventpress/assets/helper/mp_style/mpwem_global.js?ver=mage-eventpress/assets/admin/mpwem_admin.css?ver=HTML / DOM Fingerprints
mep_plugin_pro_meta_linkmpwem_loader_body