Does Sympose have any unpatched vulnerabilities?

No. All known vulnerabilities in Sympose have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Sympose compatible with WordPress 6.6.5?

According to WordPress.org data, Sympose 1.5 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Sympose compatible with PHP 5.6+?

Sympose requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Sympose updated?

Sympose was last updated on Aug 6, 2024. Frequent updates are generally a positive security signal.

What is Sympose's security score?

Sympose has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sympose Security & Risk Analysis

wordpress.org/plugins/sympose

Sympose makes it easy for anyone to create a conference website. Install WordPress, install Sympose and kick start your conference.

60 active installs v1.5 PHP 5.6+ WP 6.0+ Updated Aug 6, 2024

conferenceschedulesessionsspeakerssponsors

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Sympose Safe to Use in 2026?

Generally Safe

Score 92/100

Sympose has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "sympose" v1.5 plugin demonstrates a generally good security posture with several positive indicators. The complete absence of known CVEs and a lack of critical or high-severity vulnerabilities in its history are strong points. The code analysis reveals a low attack surface with only one unprotected entry point, which is the REST API route lacking permission callbacks. SQL queries are all prepared, and there are no file operations or bundled libraries to consider. However, the 80% output escaping rate, while decent, means that up to 20% of outputs could be vulnerable to cross-site scripting (XSS) if user-supplied data is involved. The single unprotected REST API route is the most significant immediate concern, as it could potentially be exploited by unauthenticated users depending on its functionality. While the plugin has strong foundational security, the identified unprotected REST API route warrants attention and mitigation.

Key Concerns

REST API route without permission callback
80% output escaping rate

Vulnerabilities

None known

Sympose Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Sympose Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

251 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

80% escaped312 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

validate_sympose_license (classes\class-sympose-admin.php:2984)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Sympose Attack Surface

Entry Points5

Unprotected1

REST API Routes 4

GET/wp-json/sympose/v1/generate_sample_data/classes\class-sympose-admin.php:338

POST/wp-json/sympose/v1/quick_start_eventclasses\class-sympose-admin.php:349

POST/wp-json/sympose/v1/migrateclasses\class-sympose-admin.php:360

GET/wp-json/sympose/v1/update_agenda_sessions/classes\class-sympose-public.php:91

Shortcodes 1

[sympose] classes\class-sympose-public.php:76

WordPress Hooks 46

actionadmin_enqueue_scriptsclasses\class-sympose-admin.php:85

actionadmin_enqueue_scriptsclasses\class-sympose-admin.php:86

actioninitclasses\class-sympose-admin.php:88

actioncmb2_initclasses\class-sympose-admin.php:89

actioninitclasses\class-sympose-admin.php:91

actionmanage_session_posts_columnsclasses\class-sympose-admin.php:94

actionmanage_session_posts_custom_columnclasses\class-sympose-admin.php:95

actionpre_get_postsclasses\class-sympose-admin.php:97

actionmanage_person_posts_columnsclasses\class-sympose-admin.php:100

actionmanage_person_posts_custom_columnclasses\class-sympose-admin.php:101

actionmanage_organisation_posts_columnsclasses\class-sympose-admin.php:104

actionmanage_organisation_posts_custom_columnclasses\class-sympose-admin.php:105

actionrestrict_manage_postsclasses\class-sympose-admin.php:108

actionadmin_headclasses\class-sympose-admin.php:111

actioncmb2_initclasses\class-sympose-admin.php:114

actionsave_postclasses\class-sympose-admin.php:117

actionrest_api_initclasses\class-sympose-admin.php:120

actionwidgets_initclasses\class-sympose-admin.php:123

filtercron_schedulesclasses\class-sympose-admin.php:126

actionevent_row_actionsclasses\class-sympose-admin.php:129

actionadmin_menuclasses\class-sympose-admin.php:132

filterplugin_action_links_sympose/sympose.phpclasses\class-sympose-admin.php:135

filtercmb2_save_field__sympose_event_dateclasses\class-sympose-admin.php:138

filteradmin_footerclasses\class-sympose-admin.php:141

actionadmin_noticesclasses\class-sympose-admin.php:144

filterparent_fileclasses\class-sympose-admin.php:147

filtersubmenu_fileclasses\class-sympose-admin.php:150

filteradmin_noticesclasses\class-sympose-admin.php:153

filtermonths_dropdown_resultsclasses\class-sympose-admin.php:701

actionsave_postclasses\class-sympose-admin.php:1717

actioninitclasses\class-sympose-blocks.php:28

filterblock_categories_allclasses\class-sympose-blocks.php:29

actioncmb2_render_ordered-listclasses\class-sympose-cmb2.php:28

filtersympose_customize_submenu_pagesclasses\class-sympose-compatibility.php:28

filtercmb2_meta_box_urlclasses\class-sympose-debug.php:33

actionadmin_noticesclasses\class-sympose-migrations.php:28

actionwp_enqueue_scriptsclasses\class-sympose-public.php:72

actionwp_enqueue_scriptsclasses\class-sympose-public.php:73

actionrest_api_initclasses\class-sympose-public.php:79

filterthe_contentclasses\class-sympose-public.php:82

filtersidebars_widgetsclasses\class-sympose-public.php:84

actionsympose_register_general_custom_fieldsclasses\class-sympose-social-media.php:39

filtersympose_organisation_after_contentclasses\class-sympose-social-media.php:40

actionsympose_widget_profile_extendclasses\class-sympose-social-media.php:41

actionplugins_loadedclasses\class-sympose.php:78

actionwidgets_initclasses\class-sympose.php:127

Maintenance & Trust

Sympose Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedAug 6, 2024

PHP min version5.6

Downloads9K

Community Trust

Rating80/100

Number of ratings4

Active installs60

Alternatives

Sympose Alternatives

ConFab

confab

100

Create professional conference schedules with responsive table and grid layouts. Security-hardened, accessible, and built for modern WordPress.

0 No CVEs

Conference Scheduler

conference-scheduler

Easily manage and display complex workshop schedules for conferences, and share workshop details in a clean, searchable, responsive interface.

300 2 CVEs

CFP.DEV shortcodes

cfp-dev-shortcodes

100

The CFP.DEV shortcodes plugin provides several short codes to list speakers, talks and much more from your CFP.DEV server. Version 3.

10 No CVEs

Shdlr Integrate

shdlr-integrate

100

Integrates schedule from shdlr.com into your wordpress site

10 No CVEs

fyvent

100

Fyvent helps with developing wordpress websites for events. This plugin defines some custom types and user roles that are useful to manage event infor …

0 No CVEs

Developer Profile

Sympose Developer Profile

Marinus Klasen

5 plugins · 100 total installs

trust score

Avg Security Score

86/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Sympose

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sympose/assets/css/admin.css/wp-content/plugins/sympose/assets/js/admin.js/wp-content/plugins/sympose/assets/css/public.css/wp-content/plugins/sympose/assets/js/public.js

Script Paths

/wp-content/plugins/sympose/vendor/cmb2/cmb2/js/cmb2.js/wp-content/plugins/sympose/vendor/cmb2/cmb2/js/media.js/wp-content/plugins/sympose/vendor/cmb2/cmb2/js/colorpicker.js/wp-content/plugins/sympose/vendor/cmb2/cmb2/js/dom.js/wp-content/plugins/sympose/vendor/cmb2/cmb2/js/select2.min.js/wp-content/plugins/sympose/vendor/cmb2/cmb2/js/select2_locale_*.js+40 more

Version Parameters

sympose/assets/css/admin.css?ver=sympose/assets/js/admin.js?ver=sympose/assets/css/public.css?ver=sympose/assets/js/public.js?ver=

HTML / DOM Fingerprints

CSS Classes

sympose-event-datesympose-event-timesympose-event-locationsympose-person-namesympose-organisation-name

HTML Comments

+4 more

Data Attributes

data-sympose-event-datedata-sympose-event-timedata-sympose-event-locationdata-sympose-person-namedata-sympose-organisation-name

JS Globals

sympose_paramsSympose_AdminSympose_Public

REST Endpoints

/wp-json/sympose/v1/sessions/wp-json/sympose/v1/people/wp-json/sympose/v1/organisations

FAQ