WP-Safety

Purplepass plugin for The Event Calendar Security & Risk Analysis

wordpress.org/plugins/purplepass-ticketing

The Purplepass Ticketing plugin for Modern Tribe's Event Calendar allows you to add a robust ticketing system directly within your Wordpress webs …

10 active installs v1.0.4 PHP 5.6+ WP 4.9+ Updated Jul 17, 2020
assigned-seatingeventsregistrationreserved-seatingticketing
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Purplepass plugin for The Event Calendar Safe to Use in 2026?

Generally Safe

Score 85/100

Purplepass plugin for The Event Calendar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The purplepass-ticketing v1.0.4 plugin presents a mixed security posture. While it boasts no known CVEs and no dangerous functions, a significant concern arises from its attack surface. A substantial 11 out of 21 AJAX handlers lack authentication checks, representing a direct entry point for potential attackers. Additionally, the taint analysis reveals 6 flows with unsanitized paths, which, although not classified as critical or high severity in this analysis, warrant attention as they can indicate potential vulnerabilities if not properly handled. The SQL query preparedness is moderate at 70%, and output escaping is also only 64% proper, suggesting areas where further hardening could be beneficial. The absence of historical vulnerabilities is positive, but it's crucial to recognize that this could be due to a lack of rigorous testing or discovery rather than inherent security. Overall, the plugin has some good practices, but the unprotected AJAX endpoints and unsanitized paths are notable weaknesses that require immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • Taint flows with unsanitized paths
  • Moderate SQL prepared statement usage
  • Moderate output escaping
Vulnerabilities
None known

Purplepass plugin for The Event Calendar Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Purplepass plugin for The Event Calendar Code Analysis

Dangerous Functions
0
Raw SQL Queries
23
10 prepared
Unescaped Output
126
225 escaped
Nonce Checks
11
Capability Checks
5
File Operations
0
External Requests
5
Bundled Libraries
0

SQL Query Safety

30% prepared33 total queries

Output Escaping

64% escaped351 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

9 flows6 with unsanitized paths
pp_add_event_stats (metabox.php:40)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
11 unprotected

Purplepass plugin for The Event Calendar Attack Surface

Entry Points23
Unprotected11

AJAX Handlers 21

authwp_ajax_pptec_jx_delete_eventfunctions.php:42
authwp_ajax_save_widget_settingsfunctions.php:270
authwp_ajax_get_events_from_ppfunctions.php:369
authwp_ajax_validate_facebook_urlfunctions.php:636
authwp_ajax_pptec_get_email_templatesfunctions.php:673
authwp_ajax_pptec_get_print_at_home_templatesfunctions.php:710
authwp_ajax_get_access_token_ajaxfunctions.php:785
authwp_ajax_venue_map_processingfunctions.php:891
authwp_ajax_venue_map_processing_getfunctions.php:920
authwp_ajax_get_stats_ajaxfunctions.php:1087
authwp_ajax_get_log_ajaxfunctions.php:1194
authwp_ajax_get_stats_ajax_loadmorefunctions.php:1294
authwp_ajax_single_event_statsfunctions.php:1893
authwp_ajax_pptec_unlink_accountfunctions.php:1912
authwp_ajax_pptec_get_events_fetching_progressfunctions.php:1995
authwp_ajax_pptec_reset_events_fetching_progressfunctions.php:2004
authwp_ajax_pptec_jx_get_wp_venue_datafunctions.php:2244
authwp_ajax_pptec_jx_get_timezone_by_zipfunctions.php:2252
authwp_ajax_pptec_wp_event_form_validate_and_saveinc\Purplepass_ECP.php:20
authwp_ajax_pptec_wp_venue_form_validate_and_saveinc\Purplepass_ECP.php:21
authwp_ajax_pptec_cancel_eventpurple-events.php:1381

Shortcodes 2

[pp_all_events] purple-events.php:1260
[pp_event] purple-events.php:1313
WordPress Hooks 65
actionwpmu_optionsclassic-editor.php:25
actionupdate_wpmu_optionsclassic-editor.php:26
filterplugin_action_linksclassic-editor.php:31
filternetwork_admin_plugin_action_linksclassic-editor.php:32
actionadmin_initclassic-editor.php:34
actionpersonal_options_updateclassic-editor.php:38
actionprofile_personal_optionsclassic-editor.php:39
filteruse_block_editor_for_postclassic-editor.php:52
filtergutenberg_can_edit_postclassic-editor.php:56
filterget_edit_post_linkclassic-editor.php:63
filterredirect_post_locationclassic-editor.php:64
actionedit_form_topclassic-editor.php:65
actionadmin_head-edit.phpclassic-editor.php:66
actionedit_form_topclassic-editor.php:68
filterblock_editor_settingsclassic-editor.php:69
filterdisplay_post_statesclassic-editor.php:72
filterpage_row_actionsclassic-editor.php:74
filterpost_row_actionsclassic-editor.php:75
actionadd_meta_boxesclassic-editor.php:78
actionenqueue_block_editor_assetsclassic-editor.php:79
filteruse_block_editor_for_post_typeclassic-editor.php:84
filtergutenberg_can_edit_post_typeclassic-editor.php:88
actionadmin_initclassic-editor.php:99
actionedit_form_after_titleclassic-editor.php:875
actionplugins_loadedclassic-editor.php:919
filterpre_get_ready_cron_jobsfunctions.php:403
filterthe_contentfunctions.php:582
actionadmin_initfunctions.php:602
actionadmin_initfunctions.php:2024
filterpost_classfunctions.php:2044
filterthe_titlefunctions.php:2078
actiondelete_postfunctions.php:2089
actiondelete_postfunctions.php:2102
actiondelete_postfunctions.php:2107
actiondelete_postfunctions.php:2108
actiontribe_events_date_displayfunctions.php:2162
filtertribe_us_statesfunctions.php:2267
filtercron_schedulesinc\Cron.php:5
actionpptec_job_daily_actionsinc\Purplepass_ECP.php:17
actionadd_meta_boxesmetabox.php:34
actionadmin_footermetabox.php:299
actionadmin_footermetabox.php:302
actionadmin_noticespurple-events.php:227
actioninitpurple-events.php:267
actionpptec_cron_fetch_event_processingpurple-events.php:270
actionpptec_check_bg_failed_processpurple-events.php:296
actionactivated_pluginpurple-events.php:561
actionadmin_enqueue_scriptspurple-events.php:697
actionwp_enqueue_scriptspurple-events.php:706
actionwp_enqueue_scriptspurple-events.php:720
actionadmin_noticespurple-events.php:732
actionadmin_initpurple-events.php:745
actionadmin_menupurple-events.php:759
actioninitpurple-events.php:1216
actioninitpurple-events.php:1329
actionadmin_footer-edit.phppurple-events.php:1338
actionadmin_footer-post.phppurple-events.php:1350
actionadmin_footer-post-new.phppurple-events.php:1351
actiondraft_to_canceledpurple-events.php:1431
actionpublish_to_canceledpurple-events.php:1436
actiontrash_tribe_venuepurple-events.php:1441
actiontransition_post_statuspurple-events.php:1448
filtercron_requestpurple-events.php:1910
filterpre_unschedule_eventpurple-events.php:1977
actionsave_postpurple-events.php:1985

Scheduled Events 3

pptec_cron_fetch_event_processing
pptec_job_daily_actions
pptec_check_bg_failed_process
Maintenance & Trust

Purplepass plugin for The Event Calendar Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedJul 17, 2020
PHP min version5.6
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Purplepass plugin for The Event Calendar Alternatives

Ticket Tailor — Event Ticketing & Registration

Ticket Tailor — Event Ticketing & Registration

ticket-tailor

A
100

Sell event tickets online via your WordPress website. Ticket Tailor is an easy event ticketing & event registration system.

4K 1 CVE
Sugar Events Calendar – Ninja Forms Add-on

Sugar Events Calendar – Ninja Forms Add-on

sugar-events-calendar-ninja-forms-add-on

A
85

Add registrations forms for your Sugar Events Calendar events using Ninja Forms.

10 No CVEs
WP Events Manager

WP Events Manager

wp-events-manager

A
97

The all in one Events Manager for WordPress: create and manage events, sell event tickets online easily. No Coding Required.

30K 2 CVEs
Registrations for the Events Calendar – Event Registration Plugin

Registrations for the Events Calendar – Event Registration Plugin

registrations-for-the-events-calendar

A
89

Collect and manage event registrations with a customizable form and email template. The best event registration plugin for The Events Calendar.

8K 7 CVEs
Tickera – Sell Tickets & Manage Events

Tickera – Sell Tickets & Manage Events

tickera-event-ticketing-system

A
89

Sell tickets, manage events, and handle event registration on your site — PDF tickets, QR/Barcode check-in, and seamless ticket sales for WordPress.

3K 13 CVEs
Developer Profile

Purplepass plugin for The Event Calendar Developer Profile

purplepass

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Purplepass plugin for The Event Calendar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/purplepass-ticketing/assets/css/pp-event-admin-style.css/wp-content/plugins/purplepass-ticketing/assets/css/pp-event-style.css/wp-content/plugins/purplepass-ticketing/assets/js/pp-event-admin.js/wp-content/plugins/purplepass-ticketing/assets/js/pp-event-script.js
Script Paths
/wp-content/plugins/purplepass-ticketing/assets/js/pp-event-admin.js/wp-content/plugins/purplepass-ticketing/assets/js/pp-event-script.js
Version Parameters
purplepass-ticketing/assets/css/pp-event-admin-style.css?ver=purplepass-ticketing/assets/css/pp-event-style.css?ver=purplepass-ticketing/assets/js/pp-event-admin.js?ver=purplepass-ticketing/assets/js/pp-event-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
pp-event-admin-noticepptec_link_plugin_noticegreen-truered-false
Data Attributes
pptec_widget_settings
JS Globals
pptec_oauth_settingspptec_get_access_tokencheck_if_token_existspptec_link_plugin_noticepptec_remove_unlinked_account_datapptec_oauth_get_pp_user_id+3 more
FAQ

Frequently Asked Questions about Purplepass plugin for The Event Calendar