Does Registrations for the Events Calendar – Event Registration Plugin have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Registrations for the Events Calendar – Event Registration Plugin compatible with WordPress 6.9.4?

According to WordPress.org data, Registrations for the Events Calendar – Event Registration Plugin 2.13.10 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Registrations for the Events Calendar – Event Registration Plugin: 7 Patched CVEs

Safety Verdict

Is Registrations for the Events Calendar – Event Registration Plugin Safe to Use in 2026?

Generally Safe

Score 89/100

Registrations for the Events Calendar – Event Registration Plugin has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

7 known CVEsLast CVE: Mar 3, 2025Updated 2mo ago

Risk Assessment

The 'registrations-for-the-events-calendar' plugin v2.13.10 exhibits a mixed security posture. While it demonstrates a relatively high percentage of SQL prepared statements and output escaping, significant concerns are raised by the static analysis results. The presence of 9 unprotected AJAX handlers out of a total of 22 entry points represents a considerable attack surface that could be exploited by unauthenticated users. Furthermore, the taint analysis revealed 8 high-severity flows with unsanitized paths, indicating potential vulnerabilities where user input might not be properly validated or neutralized before being used in sensitive operations.

The vulnerability history of this plugin is a major red flag, with 7 known CVEs, including 2 critical and 1 high severity. The common vulnerability types (Missing Authorization, SQL Injection, XSS) directly correlate with the findings in the static analysis, particularly the unprotected AJAX endpoints and the potential for unsanitized data flows. The fact that there are currently no unpatched CVEs is a positive sign, but the recurring nature of these vulnerability types suggests a systemic issue in secure coding practices. Ultimately, while the plugin shows some good practices, the high number of unprotected entry points, critical taint flows, and a history of severe vulnerabilities necessitate caution.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized taint flows
History of critical CVEs
History of high severity CVEs
History of medium severity CVEs
Total unprotected entry points

Vulnerabilities

7 published

Registrations for the Events Calendar – Event Registration Plugin Security Vulnerabilities

CVEs by Year

3 CVEs in 2021

2021

3 CVEs in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

2

High

1

Medium

4

7 total CVEs

CVE-2024-10703medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Registrations for the Events Calendar <= 2.13.2 - Authenticated (Admin+) Stored Cross-Site Scripting

Mar 3, 2025 Patched in 2.13.4 (50d)

CVE-2024-7982high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Registrations for the Events Calendar – Event Registration Plugin <= 2.12.3 - Unauthenticated Stored Cross-Site Scripting

Oct 18, 2024 Patched in 2.12.4 (56d)

CVE-2024-43143medium · 4.3Missing Authorization

Registrations for the Events Calendar <= 2.12.1 - Missing Authorization

Aug 7, 2024 Patched in 2.12.2 (8d)

CVE-2024-39638critical · 9.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Registrations for the Events Calendar – Event Registration Plugin <= 2.12.2 - Authenticated (Contributor+) SQL Injection

Jul 30, 2024 Patched in 2.12.3 (30d)

CVE-2021-25083medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Registrations for the Events Calendar <= 2.7.9 - Reflected Cross-Site Scripting

Dec 27, 2021 Patched in 2.7.10 (757d)

CVE-2021-24943critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Registrations for the Events Calendar <= 2.7.5 - Unauthenticated SQL Injection

Nov 8, 2021 Patched in 2.7.6 (806d)

CVE-2021-24876medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Registrations for The Events Calendar <= 2.7.4 - Reflected Cross-Site Scripting

Oct 27, 2021 Patched in 2.7.5 (818d)

Version History

Registrations for the Events Calendar – Event Registration Plugin Release Timeline

v2.13.10Current

v2.13.9

v2.13.8

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.31 CVE

v2.13.21 CVE

v2.13.11 CVE

v2.131 CVE

v2.12.41 CVE

v2.12.32 CVEs

CVE-2024-10703 CVE-2024-7982

v2.12.23 CVEs

CVE-2024-39638 CVE-2024-10703 CVE-2024-7982

v2.12.14 CVEs

CVE-2024-39638 CVE-2024-43143 CVE-2024-10703 +1 more

v2.124 CVEs

CVE-2024-39638 CVE-2024-43143 CVE-2024-10703 +1 more

v2.11.14 CVEs

CVE-2024-39638 CVE-2024-43143 CVE-2024-10703 +1 more

v2.114 CVEs

CVE-2024-39638 CVE-2024-43143 CVE-2024-10703 +1 more

v2.10.14 CVEs

CVE-2024-39638 CVE-2024-43143 CVE-2024-10703 +1 more

v2.104 CVEs

CVE-2024-39638 CVE-2024-43143 CVE-2024-10703 +1 more

Code Analysis

Analyzed Mar 16, 2026

Registrations for the Events Calendar – Event Registration Plugin Code Analysis

Dangerous Functions

0

Raw SQL Queries

27

44 prepared

Unescaped Output

196

761 escaped

Nonce Checks

13

Capability Checks

30

File Operations

4

External Requests

1

Bundled Libraries

0

SQL Query Safety

62% prepared71 total queries

Output Escaping

80% escaped957 total outputs

Data Flows · Security

10 unsanitized

Data Flow Analysis

12 flows10 with unsanitized paths

rtec_process_form_submission (inc\form\form-functions.php:223)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

9 unprotected

Registrations for the Events Calendar – Event Registration Plugin Attack Surface

Entry Points24

Unprotected9

AJAX Handlers 22

authwp_ajax_rtec_dismiss_bannerinc\admin\admin-functions.php:101

authwp_ajax_rtec_dismiss_dashboard_noticeinc\admin\admin-functions.php:119

authwp_ajax_rtec_records_editinc\admin\admin-functions.php:772

authwp_ajax_rtec_get_search_resultsinc\admin\admin-functions.php:1115

authwp_ajax_rtec_dismiss_newinc\admin\admin-functions.php:1129

authwp_ajax_rtec_lite_dismissinc\admin\admin-functions.php:1371

authwp_ajax_rtec_help_notice_dismissinc\admin\admin-functions.php:1384

authwp_ajax_rtec_addon_installinc\admin\class-rtec-admin.php:25

authwp_ajax_rtec_addon_activateinc\admin\class-rtec-admin.php:26

authwp_ajax_tec_events_custom_tables_v1_migration_undoinc\class-rtec-migration.php:59

noprivwp_ajax_rtec_process_form_submissioninc\form\form-functions.php:264

authwp_ajax_rtec_process_form_submissioninc\form\form-functions.php:265

noprivwp_ajax_rtec_registrant_check_for_duplicate_emailinc\form\form-functions.php:342

authwp_ajax_rtec_registrant_check_for_duplicate_emailinc\form\form-functions.php:343

noprivwp_ajax_rtec_refresh_event_infoinc\form\form-functions.php:383

authwp_ajax_rtec_refresh_event_infoinc\form\form-functions.php:384

authwp_ajax_rtec_send_unregister_linkinc\form\form-functions.php:668

noprivwp_ajax_rtec_send_unregister_linkinc\form\form-functions.php:669

authwp_ajax_rtec_dismiss_new_user_noticeinc\form\form-functions.php:934

authwp_ajax_rtec_confirm_unregistrationinc\services\class-rtec-footer-listener-service.php:9

noprivwp_ajax_rtec_confirm_unregistrationinc\services\class-rtec-footer-listener-service.php:10

authwp_ajax_rtec_unregister_by_event_id_for_logged_in_userinc\services\class-rtec-footer-listener-service.php:11

Shortcodes 2

[rtec-registration-form] inc\helper-functions.php:1279

[rtec-attendee-list] inc\helper-functions.php:1373

WordPress Hooks 62

actionadmin_initinc\admin\admin-functions.php:82

actionadmin_initinc\admin\admin-functions.php:191

actionsave_postinc\admin\admin-functions.php:632

actionadmin_initinc\admin\admin-functions.php:863

actionadmin_enqueue_scriptsinc\admin\admin-functions.php:1225

filterplugin_row_metainc\admin\admin-functions.php:1257

actionplugins_loadedinc\admin\admin-functions.php:1358

actionadmin_print_scriptsinc\admin\admin-functions.php:1442

actionrtec_registrations_tab_after_the_titleinc\admin\class-rtec-admin-registrations.php:327

actionrtec_registrations_tab_eventsinc\admin\class-rtec-admin-registrations.php:329

actionrtec_registrations_tab_list_table_bodyinc\admin\class-rtec-admin-registrations.php:330

actionrtec_registrations_tab_eventsinc\admin\class-rtec-admin-registrations.php:332

actionrtec_registrations_tab_event_metainc\admin\class-rtec-admin-registrations.php:333

actionrtec_registrations_tab_hidden_event_optionsinc\admin\class-rtec-admin-registrations.php:334

actionrtec_registrations_tab_paginationinc\admin\class-rtec-admin-registrations.php:337

actionrtec_registrations_tab_events_loadedinc\admin\class-rtec-admin-registrations.php:338

actionrtec_registrations_tab_event_metainc\admin\class-rtec-admin-registrations.php:345

actionrtec_registrations_tab_events_loadedinc\admin\class-rtec-admin-registrations.php:346

actionadmin_menuinc\admin\class-rtec-admin.php:21

actionadmin_menuinc\admin\class-rtec-admin.php:22

actionadmin_initinc\admin\class-rtec-admin.php:23

filteradmin_footer_textinc\admin\class-rtec-admin.php:28

actionrtec_after_admin_wrapinc\admin\services\class-rtec-modal-service.php:9

actionrtec_admin_modal_contentinc\admin\services\class-rtec-modal-service.php:10

actionadmin_enqueue_scriptsinc\admin\services\class-rtec-modal-service.php:11

actionadmin_enqueue_scriptsinc\admin\services\class-rtec-notice-service.php:7

actionrtec_admin_noticesinc\admin\services\class-rtec-notice-service.php:8

actionadmin_noticesinc\admin\services\class-rtec-notice-service.php:12

actionadmin_initinc\admin\services\class-rtec-notice-service.php:14

actioninitinc\blocks\class-rtec-blocks.php:39

actionenqueue_block_editor_assetsinc\blocks\class-rtec-blocks.php:40

filterrtec_event_metainc\blocks\class-rtec-blocks.php:41

actionadmin_initinc\class-rtec-migration.php:56

actionwp_footerinc\class-rtec-migration.php:57

actionrtec_admin_before_template_maininc\class-rtec-migration.php:58

actiontribe_events_single_event_meta_primary_section_endinc\form\form-functions.php:214

actioninitinc\form\form-functions.php:408

actioninitinc\form\form-functions.php:423

actioninitinc\form\form-functions.php:467

actionwp_footerinc\form\form-functions.php:485

actionrtec_the_attendee_listinc\form\form-functions.php:686

actiontribe_events_after_the_metainc\form\form-functions.php:727

actiontribe_template_before_include:events/v2/list/event/descriptioninc\form\form-functions.php:728

actionwp_footerinc\form\form-functions.php:915

actionwp_footerinc\form\form-functions.php:956

actionwp_headinc\form\form-functions.php:976

actionwp_enqueue_scriptsinc\form\form-functions.php:1003

actionrtec_before_unregistrationinc\helper-functions.php:846

actionrtec_before_unregistrationinc\helper-functions.php:939

actionrtec_footer_listenersinc\services\class-rtec-footer-listener-service.php:8

filterrtec_action_modal_content_itemsinc\services\class-rtec-footer-listener-service.php:77

filterrtec_action_modal_content_itemsinc\services\class-rtec-footer-listener-service.php:82

filterrtec_action_modal_content_itemsinc\services\class-rtec-footer-listener-service.php:85

actionrtec_footerinc\services\class-rtec-frontend-modal-service.php:5

filterrtec_email_templatinginc\services\class-rtec-placeholder-service.php:13

filterrtec_event_metainc\services\class-rtec-wpml-service.php:13

actionplugins_loadedregistrations-for-the-events-calendar.php:58

actioninitregistrations-for-the-events-calendar.php:328

actioninitregistrations-for-the-events-calendar.php:336

actionwpmu_new_blogregistrations-for-the-events-calendar.php:347

filterwpmu_drop_tablesregistrations-for-the-events-calendar.php:356

actionadmin_initregistrations-for-the-events-calendar.php:372

Maintenance & Trust

Registrations for the Events Calendar – Event Registration Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 16, 2026

PHP min version7.4

Downloads404K

Community Trust

Rating100/100

Number of ratings101

Active installs7K

Alternatives

Registrations for the Events Calendar – Event Registration Plugin Alternatives

Event Genius – Event Management, Registration, RSVP, and Tickets

event-genius

A

100

Event management plugin for WordPress with built-in registrations, recurring events, tickets, and calendars. Reliable and complete.

400 No CVEs

Stripe Gateway for Events Manager Pro

stripe-gateway-for-events-manager-pro

A

85

A Stripe Gateway for Events Manager Pro plugin.

70 No CVEs

Events Calendar GForms Registration

ecgf-registration

A

85

Use Gravity Forms to handle registration for The Events Calendar events.

30 No CVEs

Event RSVP and Simple Event Management Plugin

wp-easy-events

A

98

Event management, RSVP and event tickets system with event calendar, event venues with maps and event organizers.

30 2 CVEs

Events Handler – The Events Plugin

events-handler

A

85

Events Handler enables to manage events and future happenings and show them on your wordpress site.

10 No CVEs

Developer Profile

Registrations for the Events Calendar – Event Registration Plugin Developer Profile

roundupwp

1 plugin · 7K total installs

71

trust score

Avg Security Score

89/100

Avg Patch Time

361 days

View full developer profile

Detection Fingerprints

How We Detect Registrations for the Events Calendar – Event Registration Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/registrations-for-the-events-calendar/inc/blocks/css/frontend.css/wp-content/plugins/registrations-for-the-events-calendar/inc/blocks/css/frontend.min.css/wp-content/plugins/registrations-for-the-events-calendar/assets/css/frontend.css/wp-content/plugins/registrations-for-the-events-calendar/assets/css/frontend.min.css/wp-content/plugins/registrations-for-the-events-calendar/assets/js/frontend.js/wp-content/plugins/registrations-for-the-events-calendar/assets/js/frontend.min.js/wp-content/plugins/registrations-for-the-events-calendar/assets/js/register-script.js/wp-content/plugins/registrations-for-the-events-calendar/assets/js/register-script.min.js+4 more

Script Paths

/wp-content/plugins/registrations-for-the-events-calendar/inc/blocks/css/frontend.css/wp-content/plugins/registrations-for-the-events-calendar/inc/blocks/css/frontend.min.css/wp-content/plugins/registrations-for-the-events-calendar/assets/css/frontend.css/wp-content/plugins/registrations-for-the-events-calendar/assets/css/frontend.min.css/wp-content/plugins/registrations-for-the-events-calendar/assets/js/frontend.js/wp-content/plugins/registrations-for-the-events-calendar/assets/js/frontend.min.js+6 more

Version Parameters

/wp-content/plugins/registrations-for-the-events-calendar/assets/css/frontend.css?ver=/wp-content/plugins/registrations-for-the-events-calendar/assets/js/frontend.js?ver=/wp-content/plugins/registrations-for-the-events-calendar/assets/js/register-script.js?ver=/wp-content/plugins/registrations-for-the-events-calendar/assets/js/registration-form.js?ver=/wp-content/plugins/registrations-for-the-events-calendar/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

rtec-registration-formrtec-registration-sectionrtec-frontend-submissionrtec-frontend-event-registration

HTML Comments

Data Attributes

data-rtec-post-id

JS Globals

RTEC_FRONTENDRTEC_SETTINGS

REST Endpoints

/wp-json/rtec/v1/registrations

Shortcode Output

[rtec-registration-form][rtec_registration_form]

FAQ

Registrations for the Events Calendar – Event Registration Plugin Security & Risk Analysis

Is Registrations for the Events Calendar – Event Registration Plugin Safe to Use in 2026?

Generally Safe

Key Concerns

Registrations for the Events Calendar – Event Registration Plugin Security Vulnerabilities

CVEs by Year

Severity Breakdown

Registrations for the Events Calendar – Event Registration Plugin Release Timeline

Registrations for the Events Calendar – Event Registration Plugin Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

Registrations for the Events Calendar – Event Registration Plugin Attack Surface

AJAX Handlers 22

Shortcodes 2

Registrations for the Events Calendar – Event Registration Plugin Maintenance & Trust

Maintenance Signals

Community Trust

Registrations for the Events Calendar – Event Registration Plugin Alternatives

Event Genius – Event Management, Registration, RSVP, and Tickets

Stripe Gateway for Events Manager Pro

Events Calendar GForms Registration

Event RSVP and Simple Event Management Plugin

Events Handler – The Events Plugin

Registrations for the Events Calendar – Event Registration Plugin Developer Profile

How We Detect Registrations for the Events Calendar – Event Registration Plugin

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Registrations for the Events Calendar – Event Registration Plugin