Does Simple WP Events have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple WP Events have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple WP Events compatible with WordPress 6.8.0?

According to WordPress.org data, Simple WP Events 1.9.0 has been tested up to WordPress 6.8.0. Check the plugin's changelog for the latest compatibility information.

Is Simple WP Events compatible with PHP 7.0+?

Simple WP Events requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple WP Events updated?

Simple WP Events was last updated on Apr 24, 2025. Frequent updates are generally a positive security signal.

What is Simple WP Events's security score?

Simple WP Events has a WP-Safety security score of 93/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple WP Events Security Review — Score 93/100 (safe)

Safety Verdict

Is Simple WP Events Safe to Use in 2026?

Generally Safe

Score 93/100

Simple WP Events has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 10, 2025Updated 11mo ago

Risk Assessment

The 'simple-wp-events' plugin v1.9.0 presents a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices, with 100% of its SQL queries utilizing prepared statements and 97% of output being properly escaped. The extensive use of nonce checks (40) and capability checks (9) further indicates a deliberate effort to secure its functionalities. However, a significant concern arises from its attack surface. With 38 total entry points, 16 of which are unprotected AJAX handlers, there is a substantial avenue for unauthenticated attacks. The taint analysis reveals two high-severity flows, suggesting potential vulnerabilities where untrusted input might not be adequately sanitized, leading to critical security issues if exploited. The plugin's vulnerability history, including one critical CVE, an exposure of sensitive information, and cross-site scripting vulnerabilities, reinforces the importance of addressing these identified weaknesses. While the plugin has a good track record with prepared statements and output escaping, the high number of unprotected AJAX endpoints and the presence of high-severity taint flows, coupled with past critical vulnerabilities, warrant careful attention and prompt remediation.

Key Concerns

16 unprotected AJAX handlers
2 high severity taint flows
1 critical CVE in history
Exposure of Sensitive Information vuln type
External Control of File Name or Path vuln type
Cross-site Scripting vuln type

Vulnerabilities

3

Simple WP Events Security Vulnerabilities

CVEs by Year

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

1

Medium

2

3 total CVEs

CVE-2025-32594medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Simple WP Events <= 1.8.17 - Unauthenticated Sensitive Information Exposure

Apr 10, 2025 Patched in 1.9.0 (44d)

CVE-2025-2004critical · 9.1External Control of File Name or Path

Simple WP Events <= 1.8.17 - Unauthenticated Arbitrary File Deletion

Apr 7, 2025 Patched in 1.9.0 (46d)

CVE-2025-32193medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple WP Events <= 1.8.17 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 4, 2025 Patched in 1.9.0 (50d)

Code Analysis

Analyzed Mar 16, 2026

Simple WP Events Code Analysis

Dangerous Functions

0

Raw SQL Queries

0

33 prepared

Unescaped Output

23

833 escaped

Nonce Checks

40

Capability Checks

9

File Operations

3

External Requests

1

Bundled Libraries

1

Bundled Libraries

Select2

SQL Query Safety

100% prepared33 total queries

Output Escaping

97% escaped856 total outputs

Data Flows

11 unsanitized

Data Flow Analysis

22 flows11 with unsanitized paths

wpe_process_bulk_action (admin\includes\class-wp-events-list-registrations.php:1057)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

16 unprotected

Simple WP Events Attack Surface

Entry Points38

Unprotected16

AJAX Handlers 20

authwp_ajax_wp_get_ajax_eventsadmin\includes\wp-events-export-events.php:175

authwp_ajax_wpe_event_entries_exportadmin\includes\wp-events-export-events.php:230

authwp_ajax_wpe_export_subscriptionadmin\includes\wp-events-export-events.php:418

authwp_ajax_wpe_delete_fileadmin\includes\wp-events-export-events.php:469

authwp_ajax_wpe_update_entryincludes\class-wp-events.php:204

authwp_ajax_wpe_resend_notificationincludes\class-wp-events.php:208

authwp_ajax_wpe_event_reminderincludes\class-wp-events.php:209

authwp_ajax_wpe_trash_restoreincludes\class-wp-events.php:210

authwp_ajax_wpe_update_entry_statusincludes\class-wp-events.php:211

authwp_ajax_wpe_update_locationincludes\class-wp-events.php:212

authwp_ajax_wpe_create_locationincludes\class-wp-events.php:213

authwp_ajax_wpe_update_confirmationincludes\class-wp-events.php:214

noprivwp_ajax_wpe_subscribe_formincludes\class-wp-events.php:252

authwp_ajax_wpe_subscribe_formincludes\class-wp-events.php:253

noprivwp_ajax_wpe_registration_formincludes\class-wp-events.php:254

authwp_ajax_wpe_registration_formincludes\class-wp-events.php:255

noprivwp_ajax_wpe_verify_captchaincludes\class-wp-events.php:256

authwp_ajax_wpe_verify_captchaincludes\class-wp-events.php:257

authwp_ajax_loadmoreincludes\class-wp-events.php:258

noprivwp_ajax_loadmoreincludes\class-wp-events.php:259

Shortcodes 18

[wpe_event_name] admin\class-wp-events-shortcodes.php:18

[wpe_user_first_name] admin\class-wp-events-shortcodes.php:19

[wpe_user_email] admin\class-wp-events-shortcodes.php:20

[wpe_user_last_name] admin\class-wp-events-shortcodes.php:21

[wpe_user_phone] admin\class-wp-events-shortcodes.php:22

[wpe_event_details] admin\class-wp-events-shortcodes.php:23

[wpe_registration_details] admin\class-wp-events-shortcodes.php:24

[wpe_event_date_time] admin\class-wp-events-shortcodes.php:25

[wpe_event_link] admin\class-wp-events-shortcodes.php:26

[wpe_event_seats] admin\class-wp-events-shortcodes.php:27

[wpe_site_url] admin\class-wp-events-shortcodes.php:28

[wpe_firm_name] admin\class-wp-events-shortcodes.php:29

[wpe_notification_email] admin\class-wp-events-shortcodes.php:30

[wpe_firm_phone] admin\class-wp-events-shortcodes.php:31

[wpe_firm_email] admin\class-wp-events-shortcodes.php:32

[wpe_owner_name] admin\class-wp-events-shortcodes.php:33

[wpevents] public\class-wp-events-public.php:55

[wpevents_list] public\class-wp-events-public.php:56

WordPress Hooks 62

actionwpseo_saved_postdataadmin\class-wp-events-admin.php:695

actionwpseo_saved_postdataadmin\class-wp-events-admin.php:699

actionwp_events_entries_tabadmin\includes\wp-events-list-entries.php:83

actionwp_events_entries_tableadmin\includes\wp-events-list-entries.php:119

actionwp_events_entries_tabadmin\includes\wp-events-list-entries.php:163

actionwpe_entry_formadmin\includes\wp-events-view-edit-entry.php:252

actionwpe_entry_sidebaradmin\includes\wp-events-view-edit-entry.php:304

actionwpe_entry_controlsadmin\includes\wp-events-view-edit-entry.php:402

actionplugins_loadedincludes\class-wp-events.php:156

actionadmin_enqueue_scriptsincludes\class-wp-events.php:172

actionadmin_enqueue_scriptsincludes\class-wp-events.php:173

actioninitincludes\class-wp-events.php:174

actioninitincludes\class-wp-events.php:175

actionadmin_menuincludes\class-wp-events.php:176

actionadd_meta_boxesincludes\class-wp-events.php:177

actionsave_postincludes\class-wp-events.php:178

actionrestrict_manage_postsincludes\class-wp-events.php:179

filterparse_queryincludes\class-wp-events.php:180

filterpost_row_actionsincludes\class-wp-events.php:181

actionadmin_action_wpe_duplicate_post_as_draftincludes\class-wp-events.php:182

actionadmin_noticesincludes\class-wp-events.php:183

actionwp_events_settings_tabincludes\class-wp-events.php:184

actionwp_events_settings_contentincludes\class-wp-events.php:185

actionadmin_initincludes\class-wp-events.php:186

filtermanage_wp_events_posts_columnsincludes\class-wp-events.php:187

filtermanage_wp_events_posts_custom_columnincludes\class-wp-events.php:188

filtermanage_edit-wp_events_sortable_columnsincludes\class-wp-events.php:189

filterviews_edit-wp_eventsincludes\class-wp-events.php:190

actionpre_get_postsincludes\class-wp-events.php:191

filterset-screen-optionincludes\class-wp-events.php:192

actionquick_edit_custom_boxincludes\class-wp-events.php:193

actionsave_postincludes\class-wp-events.php:194

actionadmin_print_footer_scripts-edit.phpincludes\class-wp-events.php:195

filterpost_row_actionsincludes\class-wp-events.php:196

actioninitincludes\class-wp-events.php:197

actionadmin_noticesincludes\class-wp-events.php:199

actionadmin_noticesincludes\class-wp-events.php:200

actionwp_enqueue_scriptsincludes\class-wp-events.php:227

actionwp_enqueue_scriptsincludes\class-wp-events.php:228

actiontemplate_includeincludes\class-wp-events.php:229

actiontemplate_includeincludes\class-wp-events.php:230

actionsingle_templateincludes\class-wp-events.php:231

actionbody_classincludes\class-wp-events.php:232

actionpre_get_postsincludes\class-wp-events.php:233

filtertheme_page_templatesincludes\class-wp-events.php:234

filterpage_templateincludes\class-wp-events.php:235

actionwp_headincludes\class-wp-events.php:236

actionwp_headincludes\class-wp-events.php:237

actionwp_headincludes\class-wp-events.php:238

actionwp_events_event_bodyincludes\class-wp-events.php:239

actioninitincludes\class-wp-events.php:271

actionadd_meta_boxesincludes\class-wp-events.php:272

actionsave_postincludes\class-wp-events.php:273

actionwp_events_registration_formpublic\includes\wp-events-registeration-form.php:264

actionwp_event_before_registration_formpublic\includes\wp-events-registeration-form.php:282

actionwp_event_after_registration_formpublic\includes\wp-events-registeration-form.php:300

actionwp_events_subscribe_formpublic\includes\wp-events-subscribe-form.php:131

actionwp_event_before_subscribe_formpublic\includes\wp-events-subscribe-form.php:149

actionwp_event_after_subscribe_formpublic\includes\wp-events-subscribe-form.php:167

filtergenesis_archive_crumbpublic\templates\genesis\archive-wp_events.php:4

filterwpseo_breadcrumb_outputpublic\templates\genesis\archive-wp_events.php:25

actiongenesis_looppublic\templates\genesis\archive-wp_events.php:54

Maintenance & Trust

Simple WP Events Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.0

Last updatedApr 24, 2025

PHP min version7.0

Downloads2K

Community Trust

Rating80/100

Number of ratings1

Active installs100

Alternatives

Simple WP Events Alternatives

The Events Calendar

the-events-calendar

B

82

The Events Calendar: #1 calendar plugin for WordPress. Create/manage events (virtual too!) on your site with the free plugin.

700K 25 CVEs

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

F

20

Optimize your appointment scheduling with our plugin. Sync calendars, automate reminders, and keep your bookings organized.

100K 2 unpatched

Events Manager – Calendar, Bookings, Tickets, and more!

events-manager

B

82

Events calendar with bookings, scheduling, appointments, event registration, tickets, recurring events, and venue management.

70K 34 CVEs

Booking Calendar

booking

B

82

Original "Booking Calendar" plugin. Easily manage full-day bookings, time-slot appointments, or events in our all-in-one, outstanding booking system.

50K 28 CVEs

Simple Calendar – Google Calendar Plugin

google-calendar-events

A

95

Add Google Calendar events to your WordPress site in minutes. Beautiful calendar displays. Mobile responsive.

50K 7 CVEs

Developer Profile

Simple WP Events Developer Profile

WPMinds

2 plugins · 120 total installs

86

trust score

Avg Security Score

97/100

Avg Patch Time

47 days

View full developer profile

Detection Fingerprints

How We Detect Simple WP Events

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-wp-events/admin/css/wp-events-admin.css/wp-content/plugins/simple-wp-events/assets/css/wp-events.css/wp-content/plugins/simple-wp-events/admin/css/jquery-ui.min.css/wp-content/plugins/simple-wp-events/admin/css/select2.min.css/wp-content/plugins/simple-wp-events/assets/js/jquery.inputmask.min.js/wp-content/plugins/simple-wp-events/admin/js/wp-events-date-validation.js/wp-content/plugins/simple-wp-events/admin/js/wp-events-admin.js/wp-content/plugins/simple-wp-events/assets/js/jquery.serializejson.js+1 more

Script Paths

/wp-content/plugins/simple-wp-events/admin/js/wp-events-admin.js/wp-content/plugins/simple-wp-events/admin/js/wp-events-date-validation.js/wp-content/plugins/simple-wp-events/admin/js/select2.min.js/wp-content/plugins/simple-wp-events/assets/js/jquery.inputmask.min.js/wp-content/plugins/simple-wp-events/assets/js/jquery.serializejson.js

Version Parameters

wp-events-admin?ver=wp-events?ver=jquery-ui.min?ver=select2.min?ver=jquery.inputmask.min.js?ver=wp-events-date-validation?ver=wp-events-admin?ver=jquery.serializejson.js?ver=select2.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-events-adminwp-events

Data Attributes

wpe_ajaxobject

JS Globals

wpe_ajaxobject

FAQ

Simple WP Events Security & Risk Analysis

Is Simple WP Events Safe to Use in 2026?

Generally Safe

Key Concerns

Simple WP Events Security Vulnerabilities

CVEs by Year

Severity Breakdown

Simple WP Events Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Simple WP Events Attack Surface

AJAX Handlers 20

Shortcodes 18

Simple WP Events Maintenance & Trust

Maintenance Signals

Community Trust

Simple WP Events Alternatives

The Events Calendar

LatePoint – Calendar Booking Plugin for Appointments and Events

Events Manager – Calendar, Bookings, Tickets, and more!

Booking Calendar

Simple Calendar – Google Calendar Plugin

Simple WP Events Developer Profile

How We Detect Simple WP Events

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Simple WP Events