WP-Safety

Events Shortcodes For The Events Calendar Security & Risk Analysis

wordpress.org/plugins/template-events-calendar

Add The Events Calendar shortcode or Gutenberg block to show upcoming events list with event details on any WordPress page using smart event filters.

10K active installs v2.6.2 PHP 7.2+ WP 5.0+ Updated Mar 13, 2026
calendareventevent-calendarshortcodethe-events-calendar
99
A · Safe
CVEs total1
Unpatched0
Last CVEDec 28, 2023
Plugin page Download
Safety Verdict

Is Events Shortcodes For The Events Calendar Safe to Use in 2026?

Generally Safe

Score 99/100

Events Shortcodes For The Events Calendar has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 28, 2023Updated 21d ago
Risk Assessment

The template-events-calendar plugin v2.6.2 demonstrates a generally good security posture with a robust implementation of prepared statements for SQL queries and a high percentage of properly escaped outputs. The absence of critical or high severity taint flows, and the fact that all identified entry points have authorization checks, are positive indicators. However, the presence of a `unserialize` function, while not explicitly flagged in taint analysis for this version, represents a potential area of concern if user-controlled data is ever passed to it without strict sanitization. The vulnerability history reveals one previously documented high-severity SQL injection vulnerability, even though it is currently patched. This historical pattern suggests a past weakness in handling SQL commands, implying a need for continued vigilance and robust security practices in this area.

Overall, the plugin has strengths in its input validation and output escaping mechanisms, along with a well-managed attack surface. The primary weakness lies in the potential risk associated with the `unserialize` function and the reminder from past SQL injection vulnerabilities. While the current version appears to have addressed past issues, the historical context and the presence of a known dangerous function warrant careful monitoring and a slightly reduced confidence score.

Key Concerns

  • One previously unpatched high severity CVE
  • Use of a dangerous function (unserialize)
Vulnerabilities
1

Events Shortcodes For The Events Calendar Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2023-52142high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Events Shortcodes & Templates For The Events Calendar <= 2.3.1 - Authenticated (Contributor+) SQL Injection via shortcode

Dec 28, 2023 Patched in 2.3.2 (26d)
Code Analysis
Analyzed Mar 16, 2026

Events Shortcodes For The Events Calendar Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
4 prepared
Unescaped Output
123
1057 escaped
Nonce Checks
14
Capability Checks
18
File Operations
1
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$titan_settings = @unserialize($titan_raw_data, ['allowed_classes' => false]);events-calendar-templates.php:500

SQL Query Safety

100% prepared4 total queries

Output Escaping

90% escaped1180 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
csf_export (admin\codestar-framework\functions\actions.php:64)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Events Shortcodes For The Events Calendar Attack Surface

Entry Points11
Unprotected0

AJAX Handlers 10

authwp_ajax_csf-get-iconsadmin\codestar-framework\functions\actions.php:52
authwp_ajax_csf-exportadmin\codestar-framework\functions\actions.php:89
authwp_ajax_csf-importadmin\codestar-framework\functions\actions.php:125
authwp_ajax_csf-resetadmin\codestar-framework\functions\actions.php:162
authwp_ajax_csf-chosenadmin\codestar-framework\functions\actions.php:201
authwp_ajax_cpfm_handle_opt_inadmin\cpfm-feedback\cpfm-feedback-notice.php:13
authwp_ajax_ect_dashboard_install_pluginadmin\events-addon-page\events-addon-page.php:57
authwp_ajax_cool_plugins_admin_review_notice_dismissadmin\feedback-notice\feedback-notice.php:73
authwp_ajax_ect_install_pluginadmin\marketing\ect-marketing.php:42
authwp_ajax_ect_dismiss_noticeadmin\marketing\ect-marketing.php:43

Shortcodes 1

[events-calendar-templates] includes\events-shortcode.php:26
WordPress Hooks 58
actionwp_enqueue_scriptsadmin\codestar-framework\classes\abstract.class.php:21
actionadmin_menuadmin\codestar-framework\classes\admin-options.class.php:110
actionadmin_bar_menuadmin\codestar-framework\classes\admin-options.class.php:111
actionnetwork_admin_menuadmin\codestar-framework\classes\admin-options.class.php:115
filteradmin_footer_textadmin\codestar-framework\classes\admin-options.class.php:530
actionafter_setup_themeadmin\codestar-framework\classes\setup.class.php:77
actioninitadmin\codestar-framework\classes\setup.class.php:78
actionswitch_themeadmin\codestar-framework\classes\setup.class.php:79
actionadmin_enqueue_scriptsadmin\codestar-framework\classes\setup.class.php:80
actionwp_enqueue_scriptsadmin\codestar-framework\classes\setup.class.php:81
actionwp_headadmin\codestar-framework\classes\setup.class.php:82
filteradmin_body_classadmin\codestar-framework\classes\setup.class.php:83
actionadmin_footeradmin\codestar-framework\classes\shortcode-options.class.php:49
actioncustomize_controls_print_footer_scriptsadmin\codestar-framework\classes\shortcode-options.class.php:50
actionelementor/editor/before_enqueue_scriptsadmin\codestar-framework\classes\shortcode-options.class.php:61
actionelementor/editor/footeradmin\codestar-framework\classes\shortcode-options.class.php:62
actionelementor/editor/footeradmin\codestar-framework\classes\shortcode-options.class.php:63
actionenqueue_block_editor_assetsadmin\codestar-framework\classes\shortcode-options.class.php:305
actionmedia_buttonsadmin\codestar-framework\classes\shortcode-options.class.php:309
actionadmin_footeradmin\codestar-framework\fields\icon\icon.php:42
actioncustomize_controls_print_footer_scriptsadmin\codestar-framework\fields\icon\icon.php:43
actionadmin_initadmin\cpfm-feedback\cpfm-feedback-notice.php:11
actionadmin_enqueue_scriptsadmin\cpfm-feedback\cpfm-feedback-notice.php:12
actionadmin_footeradmin\cpfm-feedback\cpfm-feedback-notice.php:15
filtercron_schedulesadmin\cpfm-feedback\cron\class-cron.php:14
actionect_extra_data_updateadmin\cpfm-feedback\cron\class-cron.php:15
actioncsf_options_beforeadmin\ect-codestar-settings.php:41
actioncsf_ects_options_save_afteradmin\ect-codestar-settings.php:42
actionadmin_print_stylesadmin\ect-event-shortcode.php:40
actionadmin_menuadmin\events-addon-page\events-addon-page.php:56
actionadmin_enqueue_scriptsadmin\events-addon-page\events-addon-page.php:58
actionadmin_enqueue_scriptsadmin\feedback\admin-feedback-form.php:22
actionadmin_headadmin\feedback\admin-feedback-form.php:23
actionect_display_admin_noticesadmin\feedback-notice\feedback-notice.php:71
actionadmin_print_scriptsadmin\feedback-notice\feedback-notice.php:72
actionenqueue_block_editor_assetsadmin\gutenberg-block\ect-block.php:31
actionplugins_loadedadmin\gutenberg-block\ect-block.php:36
actionect_display_admin_noticesadmin\marketing\ect-marketing.php:33
actionect_display_admin_noticesadmin\marketing\ect-marketing.php:40
actioninitadmin\visual-composer\ect-class-vc.php:13
actionadmin_initevents-calendar-templates.php:76
actionadmin_initevents-calendar-templates.php:77
actionactivated_pluginevents-calendar-templates.php:78
actionplugins_loadedevents-calendar-templates.php:81
actionplugins_loadedevents-calendar-templates.php:84
actioninitevents-calendar-templates.php:85
actionadmin_enqueue_scriptsevents-calendar-templates.php:86
actionplugin_row_metaevents-calendar-templates.php:89
actionadmin_print_scriptsevents-calendar-templates.php:100
actionadmin_noticesevents-calendar-templates.php:198
actioncpfm_register_noticeevents-calendar-templates.php:263
actioncpfm_after_opt_in_ectevents-calendar-templates.php:287
actionect_display_admin_noticesevents-calendar-templates.php:362
actionenqueue_block_editor_assetsincludes\events-shortcode-block\includes\ebec-block.php:25
actioninitincludes\events-shortcode-block\includes\ebec-block.php:26
actioninitincludes\events-shortcode-block\includes\ebec-block.php:27
filtertribe_rest_event_max_per_pageincludes\events-shortcode-block\includes\ebec-block.php:50
filterrest_tribe_events_collection_paramsincludes\events-shortcode-block\includes\ebec-block.php:53

Scheduled Events 3

ect_extra_data_update
ect_extra_data_update
ect_extra_data_update
Maintenance & Trust

Events Shortcodes For The Events Calendar Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 13, 2026
PHP min version7.2
Downloads569K

Community Trust

Rating98/100
Number of ratings210
Active installs10K
Alternatives

Events Shortcodes For The Events Calendar Alternatives

The Events Calendar Shortcode & Block

The Events Calendar Shortcode & Block

the-events-calendar-shortcode

A
98

Add shortcode, block, Elementor and Bricks functionality to The Events Calendar Plugin, so you can easily list and promote your events anywhere.

20K 2 CVEs
Events Widgets For Elementor And The Events Calendar

Events Widgets For Elementor And The Events Calendar

events-widgets-for-elementor-and-the-events-calendar

A
99

The Events Calendar Elementor widgets help you manage and display an upcoming events list with date, time, venue and event ticket booking details.

10K 1 CVE
Event Single Page Builder For The Events Calendar

Event Single Page Builder For The Events Calendar

event-page-templates-addon-for-the-events-calendar

A
100

The Events Calendar addon to create custom single event page templates and replace the default event single page layout with your own branded design.

6K No CVEs
Event Countdown for The Events Calendar

Event Countdown for The Events Calendar

countdown-for-the-events-calendar

A
98

Event countdown timer addon for The Events Calendar plugin to display upcoming event countdowns anywhere using a simple shortcode.

3K 2 CVEs
Events Search For The Events Calendar

Events Search For The Events Calendar

events-search-addon-for-the-events-calendar

A
100

Adds an AJAX-based events search bar on any page via shortcode to quickly find any upcoming event created with The Events Calendar plugin.

3K No CVEs
Developer Profile

Events Shortcodes For The Events Calendar Developer Profile

CoolHappy

12 plugins · 210K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
203 days
View full developer profile
Detection Fingerprints

How We Detect Events Shortcodes For The Events Calendar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/template-events-calendar/assets/css/ect-style.css/wp-content/plugins/template-events-calendar/assets/css/responsive.css/wp-content/plugins/template-events-calendar/assets/js/ect-scripts.js/wp-content/plugins/template-events-calendar/assets/js/ect-admin-scripts.js/wp-content/plugins/template-events-calendar/admin/gutenberg-block/block.css
Script Paths
/wp-content/plugins/template-events-calendar/assets/js/ect-scripts.js/wp-content/plugins/template-events-calendar/assets/js/ect-admin-scripts.js/wp-content/plugins/template-events-calendar/admin/gutenberg-block/block.js
Version Parameters
template-events-calendar/assets/css/ect-style.css?ver=template-events-calendar/assets/css/responsive.css?ver=template-events-calendar/assets/js/ect-scripts.js?ver=template-events-calendar/assets/js/ect-admin-scripts.js?ver=template-events-calendar/admin/gutenberg-block/block.css?ver=template-events-calendar/admin/gutenberg-block/block.js?ver=

HTML / DOM Fingerprints

CSS Classes
ect-template-full-widthect-template-sidebar-rightect-template-sidebar-leftect-template-event-listect-countdown-wrapperect-single-event-countdown-wrapper
Data Attributes
data-ect-id
JS Globals
ect_admin_paramsect_params
Shortcode Output
[events_calendar_template[events_calendar_countdown
FAQ

Frequently Asked Questions about Events Shortcodes For The Events Calendar