WP-Safety

Minimalistic Event Manager Security & Risk Analysis

wordpress.org/plugins/minimalistic-event-manager

A simple and flexible solution for managing event dates.

70 active installs v1.1.1 PHP + WP 3.0+ Updated Aug 21, 2017
dateseventstime
64
C · Use Caution
CVEs total1
Unpatched1
Last CVEApr 2, 2025
Plugin page Download
Safety Verdict

Is Minimalistic Event Manager Safe to Use in 2026?

Use With Caution

Score 64/100

Minimalistic Event Manager has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 2, 2025Updated 8yr ago
Risk Assessment

The minimalistic-event-manager plugin exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and includes nonce and capability checks, significant concerns arise from its limited attack surface with a high concentration of unprotected entry points. The static analysis revealed one AJAX handler without proper authentication, which is a critical vulnerability if it handles sensitive data or actions.

The absence of any taint analysis results is a neutral finding in this context, suggesting either no flows were analyzed or none were found to be exploitable. However, the static analysis highlights a concerning percentage (86%) of improperly escaped output. This can lead to Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website.

The vulnerability history is a major red flag, with one unpatched medium-severity CVE, specifically related to Missing Authorization. This pattern, combined with the unprotected AJAX handler found in the static analysis, strongly indicates a recurring weakness in authorization controls within the plugin. The plugin has strengths in its SQL handling and use of checks, but these are significantly undermined by the presence of unpatched vulnerabilities and insecure entry points, demanding immediate attention.

Key Concerns

  • Unpatched CVEs
  • Unprotected AJAX handler
  • High percentage of unescaped output
Vulnerabilities
1

Minimalistic Event Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-31739medium · 4.3Missing Authorization

Minimalistic Event Manager <= 1.1.1 - Missing Authorization

Apr 2, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Minimalistic Event Manager Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
38
6 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

14% escaped44 total outputs
Attack Surface
1 unprotected

Minimalistic Event Manager Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_mem_datamem.php:486
WordPress Hooks 9
actionadmin_initmem.php:482
actionadmin_initmem.php:483
actionadmin_enqueue_scriptsmem.php:484
actionsave_postmem.php:485
actionplugins_loadedmem.php:487
actionsave_postwidgets\event-list.php:44
actiondeleted_postwidgets\event-list.php:45
actionswitch_themewidgets\event-list.php:46
actionwidgets_initwidgets\event-list.php:368
Maintenance & Trust

Minimalistic Event Manager Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedAug 21, 2017
PHP min version
Downloads6K

Community Trust

Rating90/100
Number of ratings4
Active installs70
Alternatives

Minimalistic Event Manager Alternatives

Calendar

Calendar

calendar

A
90

A simple but effective Calendar plugin for WordPress that allows you to manage your events and appointments and display them to the world.

4K 5 CVEs
FT Calendar

FT Calendar

ft-calendar

A
85

A calendar plugin supporting multiple calendars, recurring events, and several different widgets / shortcodes. More info at http://calendar-plugin.com

100 No CVEs
Calendar Plus

Calendar Plus

calendar-plus

C
63

A simple Calendar plugin for WordPress that allows 2 seperate calendars. This can be used as a drop-in replacement for the original Calendar plugin.

60 1 unpatched
Hassle-Free Date List

Hassle-Free Date List

hassle-free-date-list

A
85

This plugin adds a block, a shortcode, and a contactform 7 form tag that displays a list of dates. Dates that are due will automatically be hidden or &hellip;

10 No CVEs
Timetable and Event Schedule by MotoPress

Timetable and Event Schedule by MotoPress

mp-timetable

A
86

Smart event organizer and time-management tool with a clean minimalist design for featuring your timetables and upcoming events.

30K 8 CVEs
Developer Profile

Minimalistic Event Manager Developer Profile

Manuel Schmalstieg

1 plugin · 70 total installs

69
trust score
Avg Security Score
64/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Minimalistic Event Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/minimalistic-event-manager/js/mem.js/wp-content/plugins/minimalistic-event-manager/css/mem.css/wp-content/plugins/minimalistic-event-manager/js/jquery.datetimepicker.js/wp-content/plugins/minimalistic-event-manager/css/jquery.datetimepicker.css/wp-content/plugins/minimalistic-event-manager/css/datetimepicker.css
Script Paths
/wp-content/plugins/minimalistic-event-manager/js/mem.js/wp-content/plugins/minimalistic-event-manager/js/jquery.datetimepicker.js
Version Parameters
minimalistic-event-manager/js/mem.js?ver=minimalistic-event-manager/css/mem.css?ver=minimalistic-event-manager/js/jquery.datetimepicker.js?ver=minimalistic-event-manager/css/jquery.datetimepicker.css?ver=minimalistic-event-manager/css/datetimepicker.css?ver=

HTML / DOM Fingerprints

CSS Classes
mem-edit-timestampmem-repeat-timestampmem-date-select
Data Attributes
name="start_mm"name="start_jj"name="start_aa"name="start_hh"name="start_mn"name="repeat_mm_+10 more
JS Globals
mem_touch_time
FAQ

Frequently Asked Questions about Minimalistic Event Manager