Does Theater for WordPress have any unpatched vulnerabilities?

No. All known vulnerabilities in Theater for WordPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Theater for WordPress compatible with WordPress 6.9.4?

According to WordPress.org data, Theater for WordPress 0.19.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Theater for WordPress compatible with PHP 5.4+?

Theater for WordPress requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Theater for WordPress updated?

Theater for WordPress was last updated on Dec 17, 2025. Frequent updates are generally a positive security signal.

What is Theater for WordPress's security score?

Theater for WordPress has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Theater for WordPress Security & Risk Analysis

wordpress.org/plugins/theatre

Manage and publish events for your theater, live venue, cinema, club or festival.

600 active installs v0.19.1 PHP 5.4+ WP 4.7+ Updated Dec 17, 2025

eventsshowsstagetheatrevenue

A · Safe

CVEs total7

Unpatched0

Last CVEFeb 25, 2026

Plugin page Download

Safety Verdict

Is Theater for WordPress Safe to Use in 2026?

Generally Safe

Score 95/100

Theater for WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Feb 25, 2026Updated 3mo ago

Risk Assessment

The "theatre" plugin v0.19.1 exhibits a mixed security posture. While it demonstrates good practices in handling SQL queries with prepared statements and has a substantial number of nonce and capability checks, significant concerns remain.

The static analysis reveals a notable attack surface, with 2 out of 15 entry points lacking authentication checks. This is particularly worrying given the plugin's history of vulnerabilities, including Cross-site Scripting and Missing Authorization. The presence of 5 flows with unsanitized paths, although not currently classified as critical or high severity, indicates potential avenues for input manipulation and injection attacks. The plugin's history of 7 medium-severity CVEs, all of which are reportedly patched, suggests a recurring pattern of security weaknesses that require ongoing attention.

In conclusion, "theatre" v0.19.1 has some strong security foundations, but the unprotected AJAX handlers and the historical patterns of input sanitization and authorization issues present tangible risks. The lack of critical or high severity issues in the current analysis is positive, but the 2 unprotected entry points and the history of vulnerabilities warrant caution and careful monitoring.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths
Low percentage of properly escaped output
History of medium severity CVEs

Vulnerabilities

Theater for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

4 CVEs in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

7 total CVEs

CVE-2025-69343medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Theater for WordPress <= 0.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Feb 25, 2026 Patched in 0.19.1 (9d)

CVE-2025-69331medium · 4.3Missing Authorization

Theater for WordPress <= 0.19 - Missing Authorization

Dec 28, 2025 Patched in 0.19.1 (18d)

CVE-2025-64259medium · 5.3Missing Authorization

Theater for WordPress <= 0.18.8 - Missing Authorization

Nov 13, 2025 Patched in 0.19 (5d)

CVE-2025-58020medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Theater for WordPress <= 0.18.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025 Patched in 0.19 (44d)

CVE-2025-31846medium · 4.3Missing Authorization

Theater for WordPress <= 0.18.7 - Missing Authorization

Apr 1, 2025 Patched in 0.18.8 (217d)

CVE-2024-11371medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Theater for WordPress <= 0.18.6.2 - Reflected Cross-Site Scripting

Nov 20, 2024 Patched in 0.18.7 (1d)

CVE-2023-47833medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Theater for WordPress <= 0.18.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

Nov 16, 2023 Patched in 0.18.4 (162d)

Code Analysis

Analyzed Mar 16, 2026

Theater for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

169

77 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

31% escaped246 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths

get_suggestion_html (functions\jeero\class-theater-jeero-suggest.php:131)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Theater for WordPress Attack Surface

Entry Points15

Unprotected2

AJAX Handlers 5

authwp_ajax_wpt_jeero_suggestfunctions\jeero\class-theater-jeero-suggest.php:14

authwp_ajax_wpt_event_editor_delete_eventfunctions\wpt_event_editor.php:26

authwp_ajax_wpt_event_editor_create_eventfunctions\wpt_event_editor.php:27

authwp_ajax_wpt_event_editor_reset_create_formfunctions\wpt_event_editor.php:28

authwp_ajax_wpt_event_editor_get_new_enddatefunctions\wpt_event_editor.php:29

Shortcodes 10

[wpt_calendar] functions\wpt_calendar.php:22

[wpt_events] functions\wpt_frontend.php:12

[wpt_productions] functions\wpt_frontend.php:13

[wpt_seasons] functions\wpt_frontend.php:14

[wp_theatre_iframe] functions\wpt_frontend.php:16

[wpt_production_events] functions\wpt_frontend.php:18

[wpt_season_productions] functions\wpt_frontend.php:20

[wpt_season_events] functions\wpt_frontend.php:21

[wpt_event_ticket_button] functions\wpt_frontend.php:23

[wp_theatre_events] functions\wpt_frontend.php:28

WordPress Hooks 126

actionpre_get_postsfunctions\event\class-theater-event-archive.php:19

actionpre_get_postsfunctions\event\class-theater-event-archive.php:20

filterthe_excerpt_embedfunctions\event\class-theater-event-embed.php:14

filterwpt/setup/post_type/args/?post_type=wp_theatre_prodfunctions\event\class-theater-event-gutenberg.php:11

filterwpt/event_editor/form/htmlfunctions\event\class-theater-event-gutenberg.php:12

actionsave_postfunctions\event\class-theater-event-order.php:36

actionupdated_post_metafunctions\event\class-theater-event-order.php:37

actionadded_post_metafunctions\event\class-theater-event-order.php:38

actiondeleted_post_metafunctions\event\class-theater-event-order.php:39

filterpre_get_postsfunctions\event\class-theater-event-order.php:40

actionwpt_cronfunctions\event\class-theater-event-order.php:41

filterpre_get_postsfunctions\event\class-theater-event-order.php:344

filterpre_set_site_transient_update_pluginsfunctions\extensions\EDD_SL_Plugin_Updater.php:63

filterplugins_apifunctions\extensions\EDD_SL_Plugin_Updater.php:64

actionadmin_initfunctions\extensions\EDD_SL_Plugin_Updater.php:67

filterpre_set_site_transient_update_pluginsfunctions\extensions\EDD_SL_Plugin_Updater.php:188

filterplugin_row_metafunctions\extensions\wpt_extensions_promo.php:10

actionadmin_menufunctions\extensions\wpt_extensions_promo.php:13

filterwpt_admin_page_tabsfunctions\extensions\wpt_extensions_updater.php:16

filteradmin_initfunctions\extensions\wpt_extensions_updater.php:17

filteradmin_initfunctions\extensions\wpt_extensions_updater.php:18

actionadmin_initfunctions\extensions\wpt_extensions_updater.php:21

actionadmin_initfunctions\extensions\wpt_extensions_updater.php:22

actionadmin_initfunctions\extensions\wpt_extensions_updater.php:23

actionadmin_menufunctions\jeero\class-theater-jeero-suggest.php:16

actionwpt/importer/execute/beforefunctions\transient\class-theater-transients.php:35

actionwpt/importer/execute/afterfunctions\transient\class-theater-transients.php:36

actionwpt/importer/execute/afterfunctions\transient\class-theater-transients.php:37

actionupdated_optionfunctions\transient\class-theater-transients.php:39

actionsave_postfunctions\transient\class-theater-transients.php:55

actionadded_post_metafunctions\transient\class-theater-transients.php:56

actionupdated_post_metafunctions\transient\class-theater-transients.php:57

actionadmin_initfunctions\wpt_admin.php:10

actionadmin_menufunctions\wpt_admin.php:18

actionadmin_menufunctions\wpt_admin.php:19

actionadd_meta_boxesfunctions\wpt_admin.php:21

actionquick_edit_custom_boxfunctions\wpt_admin.php:22

actionsave_postfunctions\wpt_admin.php:24

filterrequestfunctions\wpt_admin.php:27

actionwidgets_initfunctions\wpt_calendar.php:23

filterwpt/listing/classesfunctions\wpt_context.php:20

filtershortcode_atts_wpt_eventsfunctions\wpt_context.php:22

filtershortcode_atts_wpt_production_eventsfunctions\wpt_context.php:23

filtershortcode_atts_wpt_productionsfunctions\wpt_context.php:24

filterwpt/event/htmlfunctions\wpt_context.php:26

filterwpt/production/htmlfunctions\wpt_context.php:27

actionwpt/listing/html/beforefunctions\wpt_context.php:29

actionwpt/listing/html/afterfunctions\wpt_context.php:30

filterredirect_post_locationfunctions\wpt_event_admin.php:10

actionadd_meta_boxesfunctions\wpt_event_admin.php:11

actionadd_meta_boxesfunctions\wpt_event_admin.php:12

actionsave_postfunctions\wpt_event_admin.php:13

filterwp_link_query_argsfunctions\wpt_event_admin.php:14

filterwpt/event_editor/fieldsfunctions\wpt_event_admin.php:15

actionadmin_menufunctions\wpt_event_admin.php:17

actionadmin_initfunctions\wpt_event_editor.php:14

actionsave_postfunctions\wpt_event_editor.php:24

actionsave_postfunctions\wpt_event_editor.php:1009

actioninitfunctions\wpt_feeds.php:13

actionwp_headfunctions\wpt_feeds.php:14

filterwpt_filter_datefunctions\wpt_filter.php:25

filterwpt_filter_permalinkfunctions\wpt_filter.php:26

filterwpt_filter_wpautopfunctions\wpt_filter.php:27

filterwpt_filter_tickets_urlfunctions\wpt_filter.php:28

actioninitfunctions\wpt_frontend.php:7

actionwp_headfunctions\wpt_frontend.php:8

filterthe_contentfunctions\wpt_frontend.php:10

actiontemplate_redirectfunctions\wpt_frontend.php:29

actionwp_loadedfunctions\wpt_importer.php:78

filtercron_schedulesfunctions\wpt_importer.php:80

filteradmin_initfunctions\wpt_importer.php:82

filterwpt_admin_page_tabsfunctions\wpt_importer.php:83

actionadd_meta_boxesfunctions\wpt_importer.php:86

actionwp_loadedfunctions\wpt_importer.php:93

filterquery_varsfunctions\wpt_listing.php:29

actionadmin_initfunctions\wpt_listing_page.php:14

filterwpt_admin_page_tabsfunctions\wpt_listing_page.php:15

filterdisplay_post_statesfunctions\wpt_listing_page.php:16

actionthe_contentfunctions\wpt_listing_page.php:18

filterwpt_production_page_content_beforefunctions\wpt_listing_page.php:19

filterwpt_production_page_content_afterfunctions\wpt_listing_page.php:20

filterwpt_listing_filter_pagination_urlfunctions\wpt_listing_page.php:21

actioninitfunctions\wpt_listing_page.php:24

actionadd_option_wpt_listing_pagefunctions\wpt_listing_page.php:26

actionupdate_option_wpt_listing_pagefunctions\wpt_listing_page.php:27

actioninitfunctions\wpt_listing_page.php:29

actionwidgets_initfunctions\wpt_listing_page.php:31

filterthe_contentfunctions\wpt_production.php:173

filterthe_contentfunctions\wpt_production.php:174

actionadmin_menufunctions\wpt_productions_admin.php:12

filterwpt_production_title_htmlfunctions\wpt_productions_admin.php:14

filterwpt/production/thumbnail/htmlfunctions\wpt_productions_admin.php:15

actioncurrent_screenfunctions\wpt_productions_admin.php:17

actionadmin_initfunctions\wpt_production_permalink.php:15

actionadmin_initfunctions\wpt_production_permalink.php:16

actioninitfunctions\wpt_setup.php:11

actioninitfunctions\wpt_setup.php:13

actioninitfunctions\wpt_setup.php:14

filtergettextfunctions\wpt_setup.php:16

actionwidgets_initfunctions\wpt_setup.php:18

actionplugins_loadedfunctions\wpt_setup.php:20

actionupdated_post_metafunctions\wpt_setup.php:22

actionadded_post_metafunctions\wpt_setup.php:23

actionset_object_termsfunctions\wpt_setup.php:24

actionbefore_delete_postfunctions\wpt_setup.php:26

actionwp_trash_postfunctions\wpt_setup.php:27

actionuntrash_postfunctions\wpt_setup.php:28

filterwp_untrash_post_statusfunctions\wpt_setup.php:29

filtercron_schedulesfunctions\wpt_setup.php:31

filterquery_varsfunctions\wpt_setup.php:33

actioninitfunctions\wpt_setup.php:34

actionupdated_post_metafunctions\wpt_setup.php:553

actionadded_post_metafunctions\wpt_setup.php:554

actionupdated_post_metafunctions\wpt_setup.php:577

actionadded_post_metafunctions\wpt_setup.php:578

actionsave_postfunctions\wpt_status.php:10

actionset_object_termsfunctions\wpt_tags.php:5

actionupdated_post_metafunctions\wpt_tags.php:6

actionadded_post_metafunctions\wpt_tags.php:7

actionupdated_post_metafunctions\wpt_tags.php:37

actionadded_post_metafunctions\wpt_tags.php:38

actionafter_setup_themeintegrations\jetpack-featured-content.php:5

filterwpseo_metadescintegrations\wordpress-seo.php:5

actionadd_meta_boxesintegrations\wordpress-seo.php:6

actionadmin_inittheater.php:132

actionplugins_loadedtheater.php:136

Scheduled Events 1

wpt_cron

Maintenance & Trust

Theater for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 17, 2025

PHP min version5.4

Downloads43K

Community Trust

Rating98/100

Number of ratings25

Active installs600

Alternatives

Theater for WordPress Alternatives

Simple Event Planner

simple-event-planner

A powerful & flexible plugin to create event listing and event calendar on your website in a simple & elegant way.

1K 2 CVEs

AM Events

am-events

Manage and display your events. Allows fully customizable layouts and includes a widget for upcoming events.

100 1 unpatched

Bulk Edit Events – Create Events in a Bulk Editor

bulk-edit-events

100

Modern Bulk Editor for Events, create and edit events in a spreadsheet inside wp-admin. No need to export/import, all the changes are applied live.

100 No CVEs

Event RSVP and Simple Event Management Plugin

wp-easy-events

Event management, RSVP and event tickets system with event calendar, event venues with maps and event organizers.

30 2 CVEs

Event Page Plugin

event-page

The Event Page Plugin allows you to create a page, category page or post on your wordpress blog that lists all your events sorted in ascending or desc …

20 No CVEs

Developer Profile

Theater for WordPress Developer Profile

Jeroen Schmit

5 plugins · 1K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

65 days

View full developer profile

Detection Fingerprints

How We Detect Theater for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/theatre/css//wp-content/plugins/theatre/js/

Script Paths

/wp-content/plugins/theatre/js/theater.js/wp-content/plugins/theatre/js/theater-admin.js/wp-content/plugins/theatre/js/theater-frontend.js

Version Parameters

theatre/style.css?ver=theatre/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

theatre-event-archivetheatre-event-singletheatre-productions-list

Data Attributes

data-wpt-event-iddata-wpt-production-id

JS Globals

wpt_data

REST Endpoints

/wp-json/theatre/v1/events/wp-json/theatre/v1/productions

Shortcode Output

[theatre_events[theatre_productions

FAQ