Does CiviCRM Event List have any unpatched vulnerabilities?

No. All known vulnerabilities in CiviCRM Event List have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CiviCRM Event List compatible with WordPress 4.9.29?

According to WordPress.org data, CiviCRM Event List 0.2.3 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is CiviCRM Event List compatible with PHP 7.0.22+?

CiviCRM Event List requires PHP 7.0.22 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CiviCRM Event List updated?

CiviCRM Event List was last updated on Feb 12, 2018. Frequent updates are generally a positive security signal.

What is CiviCRM Event List's security score?

CiviCRM Event List has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CiviCRM Event List Security & Risk Analysis

wordpress.org/plugins/orcas-civicrm-event-list

Show all your Events managed with CiviCRM in your frontend.

40 active installs v0.2.3 PHP 7.0.22+ WP 4.9.2+ Updated Feb 12, 2018

civicrmeventeventlistfrontendlist

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is CiviCRM Event List Safe to Use in 2026?

Generally Safe

Score 85/100

CiviCRM Event List has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The 'orcas-civicrm-event-list' plugin v0.2.3 exhibits a generally positive security posture based on the provided static analysis and vulnerability history. It correctly avoids the use of dangerous functions, SQL queries are consistently prepared, and there are no known vulnerabilities or CVEs associated with it. The limited attack surface, consisting of a single shortcode with no explicit authentication or capability checks, is a notable strength. However, a significant concern arises from the complete lack of output escaping across all identified output points. This presents a high risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data displayed on the frontend could be maliciously crafted to execute arbitrary JavaScript in the user's browser. While there are no reported vulnerabilities, this unaddressed output escaping issue is a critical oversight that could be easily exploited. The absence of taint analysis data also means that potential vulnerabilities originating from user input manipulation might have been missed.

Key Concerns

0% output escaping
No capability checks on shortcode
No taint analysis performed

Vulnerabilities

None known

CiviCRM Event List Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

CiviCRM Event List Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped12 total outputs

Attack Surface

CiviCRM Event List Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[civicrm-event-list] civicrm-event-list.php:82

WordPress Hooks 3

actionplugins_loadedcivicrm-event-list.php:81

actionwp_enqueue_scriptscivicrm-event-list.php:83

actionadmin_noticescivicrm-event-list.php:86

Maintenance & Trust

CiviCRM Event List Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedFeb 12, 2018

PHP min version7.0.22

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

CiviCRM Event List Alternatives

VS Event List

very-simple-event-list

100

With this lightweight plugin you can create an event list.

9K No CVEs

Fraud Prevention For WooCommerce and EDD

woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers

It will Prevent fake orders and Blacklist fraud customers of your store.

5K 3 CVEs

Events Block For The Events Calendar

events-block-for-the-events-calendar

100

The Events Block for The Events Calendar lets you showcase your events from The Events Calendar right within the Gutenberg pages.

2K No CVEs

Blacklist Manager – WooCommerce Anti-Fraud & Checkout Verification & Spam Prevention

wc-blacklist-manager

100

Anti-fraud, checkout verification and spam prevention plugin for WooCommerce and WordPress forms.

2K No CVEs

Simple Event Planner

simple-event-planner

A powerful & flexible plugin to create event listing and event calendar on your website in a simple & elegant way.

1K 2 CVEs

Developer Profile

CiviCRM Event List Developer Profile

orcasdev

2 plugins · 50 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CiviCRM Event List

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/orcas-civicrm-event-list/assets/css/event-list.css/wp-content/plugins/orcas-civicrm-event-list/assets/css/fontawesome-all.min.css

Version Parameters

orcas-civicrm-event-list/assets/css/event-list.css?ver=orcas-civicrm-event-list/assets/css/fontawesome-all.min.css?ver=

HTML / DOM Fingerprints

Shortcode Output

[civicrm-event-list]

FAQ