WP-Safety

Timetable and Event Schedule by MotoPress Security & Risk Analysis

wordpress.org/plugins/mp-timetable

Smart event organizer and time-management tool with a clean minimalist design for featuring your timetables and upcoming events.

30K active installs v2.4.16 PHP + WP 4.6+ Updated Nov 10, 2025
calendareventevents-calendarscheduletimetable
86
A · Safe
CVEs total8
Unpatched0
Last CVENov 12, 2025
Plugin page Download
Safety Verdict

Is Timetable and Event Schedule by MotoPress Safe to Use in 2026?

Generally Safe

Score 86/100

Timetable and Event Schedule by MotoPress has a strong security track record. Known vulnerabilities have been patched promptly.

8 known CVEsLast CVE: Nov 12, 2025Updated 4mo ago
Risk Assessment

The "mp-timetable" v2.4.16 plugin exhibits a mixed security posture. While it demonstrates good practices in several areas, such as the high percentage of prepared SQL statements and properly escaped output, critical vulnerabilities remain a concern. The presence of "unserialize" calls is a significant red flag, as it can lead to "Deserialization of Untrusted Data" vulnerabilities if not handled with extreme care and robust validation. The attack surface includes two unprotected AJAX handlers, which, combined with the "unserialize" function, could be exploited for remote code execution or data manipulation. The plugin's vulnerability history is particularly concerning, with 8 known CVEs, including a past critical "Deserialization of Untrusted Data" vulnerability and others related to authorization bypass and SQL injection. The fact that all past critical and high vulnerabilities are now patched is a positive sign, but the sheer number and types of past vulnerabilities suggest a pattern of security weaknesses that require ongoing vigilance. The lack of critical taint flows in the static analysis is encouraging, but the potential for exploitation through the identified unprotected entry points and dangerous functions cannot be ignored.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous function: unserialize
  • Total known CVEs (8)
  • Past critical CVEs (1)
  • Past high CVEs (1)
Vulnerabilities
8

Timetable and Event Schedule by MotoPress Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
4 CVEs in 2021
2021
2 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
6

8 total CVEs

CVE-2025-12954medium · 5.3Authorization Bypass Through User-Controlled Key

Timetable and Event Schedule by MotoPress <= 2.4.15 - Insecure Direct Object Reference to Authenticated (Contributor+) Event Disclosure

Nov 12, 2025 Patched in 2.4.16 (30d)
CVE-2024-39630medium · 6.6Deserialization of Untrusted Data

Timetable and Event Schedule <= 2.4.13 - Authenticated (Admin+) PHP Object Injection

Jul 22, 2024 Patched in 2.4.14 (17d)
CVE-2024-3342critical · 9.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Timetable and Event Schedule by MotoPress <= 2.4.11 - Authenticated (Contributor+) SQL Injection

Apr 26, 2024 Patched in 2.4.12 (1d)
CVE-2021-24583medium · 4.3Improper Access Control

Timetable and Event Schedule by MotoPress <= 2.4.1 - Unauthorised Event TimeSlot Deletion

Aug 23, 2021 Patched in 2.4.2 (883d)
CVE-2021-24584medium · 6.4Improper Access Control

Timetable and Event Schedule by MotoPress <= 2.4.1 - Unauthorised Event TimeSlot Update

Aug 23, 2021 Patched in 2.4.2 (883d)
CVE-2021-24724medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Timetable and Event Schedule by MotoPress <= 2.3.18 - Author+ Stored Cross-Site Scripting

Aug 23, 2021 Patched in 2.3.19 (883d)
CVE-2021-24585medium · 6.5Exposure of Sensitive Information to an Unauthorized Actor

Timetable and Event Schedule by MotoPress <= 2.3.19 - Arbitrary User's Hashed Password/Email/Username Disclosure

Aug 23, 2021 Patched in 2.4.0 (883d)
CVE-2020-36840high · 7.3Missing Authorization

Timetable and Event Schedule by MotoPress <= 2.3.8 - Missing Authorization

Apr 21, 2020 Patched in 2.3.9 (1639d)
Code Analysis
Analyzed Mar 16, 2026

Timetable and Event Schedule by MotoPress Code Analysis

Dangerous Functions
2
Raw SQL Queries
5
28 prepared
Unescaped Output
100
593 escaped
Nonce Checks
12
Capability Checks
15
File Operations
7
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$value = unserialize( trim( $meta['value'] ), array( 'allowed_classes' => false ) );classes\models\class-import.php:838
unserialize$value = unserialize( trim( $meta['value'] ), array( 'allowed_classes' => false ) );classes\models\class-import.php:892

SQL Query Safety

85% prepared33 total queries

Output Escaping

86% escaped693 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<class-offer> (classes\class-offer.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Timetable and Event Schedule by MotoPress Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_route_urlclasses\class-hooks.php:188
authwp_ajax_install_plugin_ajaxclasses\class-hooks.php:189

Shortcodes 1

[mp-timetable] classes\class-shortcode.php:42
WordPress Hooks 69
actionloop_startclasses\class-core.php:153
filterthe_contentclasses\class-core.php:170
actionelementor/initclasses\class-hooks.php:35
actioninitclasses\class-hooks.php:38
actionwp_enqueue_scriptsclasses\class-hooks.php:39
actionwp_headclasses\class-hooks.php:40
actionadmin_initclasses\class-hooks.php:42
actionadmin_initclasses\class-hooks.php:43
actionadmin_menuclasses\class-hooks.php:44
actionmanage_posts_custom_columnclasses\class-hooks.php:45
actionmanage_posts_custom_columnclasses\class-hooks.php:46
actioncurrent_screenclasses\class-hooks.php:47
actionpre_get_postsclasses\class-hooks.php:48
actionwp_enqueue_scriptsclasses\class-hooks.php:51
actionadmin_enqueue_scriptsclasses\class-hooks.php:54
actionwidgets_initclasses\class-hooks.php:55
filtermanage_edit-mp-event_columnsclasses\class-hooks.php:58
filtermanage_edit-mp-column_columnsclasses\class-hooks.php:59
filterpost_row_actionsclasses\class-hooks.php:62
actionpost_action_mptt_duplicate_eventclasses\class-hooks.php:63
filterpost_classclasses\class-hooks.php:66
filterpre_get_postsclasses\class-hooks.php:69
filterplugin_row_metaclasses\class-hooks.php:70
actionmptt_sidebarclasses\class-hooks.php:98
filtermptt_widget_settingsclasses\class-hooks.php:99
actionmptt-single-mp-column-before-wrapperclasses\class-hooks.php:100
actionmptt-single-mp-column-after-wrapperclasses\class-hooks.php:101
actionmptt-single-mp-event-before-wrapperclasses\class-hooks.php:102
actionmptt-single-mp-event-after-wrapperclasses\class-hooks.php:103
actionmptt_event_item_contentclasses\class-hooks.php:106
actionmptt_event_item_contentclasses\class-hooks.php:107
actionmptt_event_item_contentclasses\class-hooks.php:108
actionmptt_event_item_contentclasses\class-hooks.php:109
actionmptt_event_item_contentclasses\class-hooks.php:110
actionmptt_event_item_contentclasses\class-hooks.php:111
actionmptt_single_column_template_contentclasses\class-hooks.php:114
actionmptt_single_column_template_contentclasses\class-hooks.php:115
actionmptt_single_column_template_contentclasses\class-hooks.php:116
actionmptt_shortcode_template_before_contentclasses\class-hooks.php:119
actionmptt_shortcode_template_contentclasses\class-hooks.php:120
actionmptt_shortcode_template_contentclasses\class-hooks.php:121
actionmptt_shortcode_template_contentclasses\class-hooks.php:122
actionmptt_shortcode_template_after_contentclasses\class-hooks.php:123
actionmptt_widget_template_before_contentclasses\class-hooks.php:126
actionmptt_widget_template_contentclasses\class-hooks.php:127
actionmptt_widget_template_after_contentclasses\class-hooks.php:128
actionelementor/frontend/after_enqueue_scriptsclasses\class-hooks.php:135
filtertemplate_includeclasses\class-hooks.php:156
filtersingle_templateclasses\class-hooks.php:159
actionmp_libraryclasses\class-hooks.php:162
filterbody_classclasses\class-hooks.php:166
filterthe_tagsclasses\class-hooks.php:167
filterthe_categoryclasses\class-hooks.php:168
filtermce_external_pluginsclasses\class-hooks.php:180
filtermce_buttonsclasses\class-hooks.php:181
actionbefore_delete_postclasses\class-hooks.php:185
actionadd_meta_boxesclasses\class-hooks.php:186
actionsave_postclasses\class-hooks.php:187
actionelementor/widgets/registerclasses\class-widgets-manager.php:18
filtermptt_export_skip_postmetaclasses\models\class-export.php:144
filterimport_post_meta_keyclasses\models\class-import.php:233
filterhttp_request_timeoutclasses\models\class-import.php:234
actionsave_postclasses\widgets\class-mp-timetable-widget.php:25
actiondeleted_postclasses\widgets\class-mp-timetable-widget.php:26
actionswitch_themeclasses\widgets\class-mp-timetable-widget.php:27
actionplugins_loadedmp-timetable.php:46
actionwp_insert_sitemp-timetable.php:49
actionwpmu_new_blogmp-timetable.php:51
filterwpmu_drop_tablesmp-timetable.php:54
Maintenance & Trust

Timetable and Event Schedule by MotoPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 10, 2025
PHP min version
Downloads886K

Community Trust

Rating86/100
Number of ratings68
Active installs30K
Alternatives

Timetable and Event Schedule by MotoPress Alternatives

Events Calendar by AddEvent – Embeddable Event Calendar Plugin

Events Calendar by AddEvent – Embeddable Event Calendar Plugin

addevent

A
100

Easily embed your events calendar on your WordPress site with AddEvent's embeddable calendar plugin.

100 No CVEs
PosterMyWall Events Calendar

PosterMyWall Events Calendar

postermywall-events-calendar

A
100

Display upcoming events on WordPress with the AI-powered PosterMyWall Events Calendar plugin. Enjoy beautiful, interactive calendars that auto-update.

0 No CVEs
The Events Calendar

The Events Calendar

the-events-calendar

B
82

The Events Calendar: #1 calendar plugin for WordPress. Create/manage events (virtual too!) on your site with the free plugin.

700K 25 CVEs
Event Organiser

Event Organiser

event-organiser

B
70

Create and maintain events, including complex reoccurring patterns, venue management (with Google Maps or OpenStreetMap), calendars and customisable e &hellip;

20K 1 unpatched
The Events Calendar Shortcode & Block

The Events Calendar Shortcode & Block

the-events-calendar-shortcode

A
98

Add shortcode, block, Elementor and Bricks functionality to The Events Calendar Plugin, so you can easily list and promote your events anywhere.

20K 2 CVEs
Developer Profile

Timetable and Event Schedule by MotoPress Developer Profile

jetmonsters

33 plugins · 326K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
193 days
View full developer profile
Detection Fingerprints

How We Detect Timetable and Event Schedule by MotoPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mp-timetable/css/bootstrap-datetimepicker.min.css/wp-content/plugins/mp-timetable/css/isotope.css/wp-content/plugins/mp-timetable/css/main.css/wp-content/plugins/mp-timetable/css/mp-timetable-backend.css/wp-content/plugins/mp-timetable/css/mp-timetable-frontend.css/wp-content/plugins/mp-timetable/css/style.css/wp-content/plugins/mp-timetable/js/admin/jquery.calendars.picker.js/wp-content/plugins/mp-timetable/js/admin/moment.min.js+17 more
Script Paths
/wp-content/plugins/mp-timetable/js/front/front.js/wp-content/plugins/mp-timetable/js/front/plugin.js/wp-content/plugins/mp-timetable/js/admin/script.js
Version Parameters
mp-timetable/style.css?ver=mp-timetable/mp-timetable-frontend.css?ver=mp-timetable/mp-timetable-backend.css?ver=mp-timetable/isotope.css?ver=mp-timetable/bootstrap-datetimepicker.min.css?ver=mp-timetable/main.css?ver=mp-timetable/front/jquery.dataTables.min.js?ver=mp-timetable/front/dataTables.bootstrap.min.js?ver=mp-timetable/front/isotope.min.js?ver=mp-timetable/front/moment.min.js?ver=mp-timetable/front/main.js?ver=mp-timetable/front/script.min.js?ver=mp-timetable/front/timetable.js?ver=mp-timetable/front/public.js?ver=mp-timetable/js/admin/jquery.calendars.picker.js?ver=mp-timetable/js/admin/moment.min.js?ver=mp-timetable/js/admin/script.js?ver=mp-timetable/js/libs/jquery.min.js?ver=mp-timetable/js/libs/moment.min.js?ver=mp-timetable/js/libs/bootstrap-datetimepicker.min.js?ver=mp-timetable/js/libs/select2.min.js?ver=mp-timetable/js/libs/jquery.cookie.js?ver=mp-timetable/js/libs/jquery.mousewheel.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
mp_timetablemp_timetable_containermp_timetable_rowmp_timetable_eventmp_timetable_timemp_timetable_contentmp_timetable_day_headermp_timetable_header+4 more
HTML Comments
<!-- mp_timetable_wrapper --><!-- BEGIN .mp_timetable --><!-- END .mp_timetable -->
Data Attributes
data-colordata-backgrounddata-mp-timetable-iddata-event-id
JS Globals
mp_timetable_optionsMpttFront
REST Endpoints
/wp-json/mp-timetable/v1/events/wp-json/mp-timetable/v1/categories
Shortcode Output
[mp_timetable
FAQ

Frequently Asked Questions about Timetable and Event Schedule by MotoPress