Events Manager – Move Bookings Security & Risk Analysis
wordpress.org/plugins/stonehenge-em-move-bookingsMoves an upcoming Booking to different upcoming Event in Events Manager with a simple select dropdown.
Is Events Manager – Move Bookings Safe to Use in 2026?
Generally Safe
Score 85/100Events Manager – Move Bookings has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "stonehenge-em-move-bookings" plugin v2.0.2 exhibits a generally strong security posture based on the provided static analysis. The absence of any identifiable attack surface entry points like AJAX handlers, REST API routes, shortcodes, or cron events is a significant positive indicator. Furthermore, the lack of dangerous function usage, file operations, and external HTTP requests suggests a limited scope of potentially risky operations. The code signals also show a good effort towards output escaping, with a high percentage properly handled.
However, a primary concern emerges from the SQL query analysis: 100% of the single detected SQL query is not using prepared statements. This represents a direct risk of SQL injection vulnerabilities, even if the attack surface appears limited. The lack of capability checks is also a potential weakness, as it implies that any functionality, however limited, might not be properly restricted by user roles. The vulnerability history being clean is a good sign, but it doesn't negate the risks identified in the static analysis.
In conclusion, while the plugin demonstrates commendable practices in limiting its attack surface and avoiding common risky functions, the unescaped SQL query is a critical flaw that requires immediate attention. The absence of capability checks further warrants review. Addressing these specific issues would significantly improve the plugin's overall security.
Key Concerns
- SQL query without prepared statements
- No capability checks
Events Manager – Move Bookings Security Vulnerabilities
Events Manager – Move Bookings Code Analysis
SQL Query Safety
Output Escaping
Events Manager – Move Bookings Attack Surface
WordPress Hooks 4
Maintenance & Trust
Events Manager – Move Bookings Maintenance & Trust
Maintenance Signals
Community Trust
Events Manager – Move Bookings Alternatives
myCred for Events Manager Pro
mycred-for-events-manager-pro
📢🚨 Important Notice: myCred for Events Manager Pro is now part of the myCred Toolkit and will no longer receive updates here.
Events Manager – MultiSite Email
events-manager-add-on-multisite-mail-settings
This add-on has been integrated into Events Manager Email Users as of 21-03-2019. Please install that plugin instead.
All-in-One WP Migration and Backup
all-in-one-wp-migration
Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.
![Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]](https://ps.w.org/disable-comments/assets/icon-128x128.png){kind=icon}
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]
disable-comments
Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.
Enable Media Replace
enable-media-replace
Easily replace any attached image/file by simply uploading a new file in the Media Library edit view - a real time saver!
Events Manager – Move Bookings Developer Profile
9 plugins · 1K total installs
How We Detect Events Manager – Move Bookings
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
stuffboxinsideid="em_move_booking"name="em_move_booking_nonce"name="em_move_booking_id"name="em_move_booking_from"name="em_move_booking_to"