Does Themify Event Post have any unpatched vulnerabilities?

No. All known vulnerabilities in Themify Event Post have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Themify Event Post compatible with WordPress 6.9.4?

According to WordPress.org data, Themify Event Post 1.3.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Themify Event Post compatible with PHP 7.2+?

Themify Event Post requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Themify Event Post updated?

Themify Event Post was last updated on Feb 27, 2026. Frequent updates are generally a positive security signal.

What is Themify Event Post's security score?

Themify Event Post has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Themify Event Post Security & Risk Analysis

wordpress.org/plugins/themify-event-post

This plugin will add Event post type.

3K active installs v1.3.5 PHP 7.2+ WP 5.2+ Updated Feb 27, 2026

dateeventpostpost-type

A · Safe

CVEs total3

Unpatched0

Last CVEMar 27, 2025

Plugin page Download

Safety Verdict

Is Themify Event Post Safe to Use in 2026?

Generally Safe

Score 97/100

Themify Event Post has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Mar 27, 2025Updated 1mo ago

Risk Assessment

The "themify-event-post" v1.3.5 plugin presents a mixed security posture. On the positive side, it demonstrates good practices with 100% of SQL queries utilizing prepared statements and a substantial number of capability checks (8). The absence of file operations and external HTTP requests further strengthens its security. However, there are significant areas of concern. The presence of two AJAX handlers without authentication checks creates a direct attack vector. Furthermore, the use of `unserialize` is a dangerous function that, if not handled with extreme care and input validation, can lead to remote code execution vulnerabilities. The taint analysis, while reporting no critical or high severity flows, does indicate 4 flows with unsanitized paths, which warrants attention. The plugin's vulnerability history is also a notable red flag, with 3 known CVEs, including one high severity and two medium severity. The historical prevalence of Cross-site Scripting and PHP Remote File Inclusion vulnerabilities suggests recurring security weaknesses that attackers could potentially exploit. While there are no currently unpatched vulnerabilities, the past patterns indicate a need for vigilant monitoring and prompt patching when new issues arise. The plugin shows strengths in its database query security and capability checks, but the unprotected entry points, dangerous function usage, and historical vulnerability patterns indicate a notable risk.

Key Concerns

Unprotected AJAX handlers
Use of dangerous function (unserialize)
Flows with unsanitized paths (taint analysis)
Known high severity CVE (unpatched)
Known medium severity CVEs (unpatched)
Output escaping not fully proper (65%)

Vulnerabilities

Themify Event Post Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2025-30832medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Themify Event Post <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 27, 2025 Patched in 1.3.3 (7d)

CVE-2025-30831high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Themify Event Post <= 1.3.2 - Authenticated (Contributor+) Local File Inclusion

Mar 27, 2025 Patched in 1.3.3 (7d)

CVE-2024-30440medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Themify Event Post <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

Mar 28, 2024 Patched in 1.2.8 (7d)

Code Analysis

Analyzed Mar 16, 2026

Themify Event Post Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

144

270 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$new_data = unserialize( $fileContent , ['allowed_classes' => false] );includes\themify-metabox\includes\themify-metabox-core.php:562

unserialize$currentSwatches = unserialize( get_option( 'themify_saved_' . $type, serialize( array() ) ) );includes\themify-metabox\includes\themify-metabox-core.php:572

Bundled Libraries

TinyMCE

SQL Query Safety

100% prepared4 total queries

Output Escaping

65% escaped414 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

9 flows4 with unsanitized paths

get_select (includes\admin.php:319)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Themify Event Post Attack Surface

Entry Points7

Unprotected2

AJAX Handlers 6

authwp_ajax_themify_metabox_media_lib_browseincludes\themify-metabox\includes\themify-field-types.php:8

authwp_ajax_themify_pluploadincludes\themify-metabox\includes\themify-field-types.php:9

authwp_ajax_themify_create_inner_popup_pageincludes\themify-metabox\includes\themify-field-types.php:10

authwp_ajax_themify_create_popup_page_paginationincludes\themify-metabox\includes\themify-field-types.php:11

authwp_ajax_themify_import_colorsincludes\themify-metabox\includes\themify-metabox-core.php:33

authwp_ajax_themify_save_colorsincludes\themify-metabox\includes\themify-metabox-core.php:34

Shortcodes 1

[themify_event_post] includes\system.php:50

WordPress Hooks 60

actionadmin_menuincludes\admin.php:12

actionadmin_initincludes\admin.php:13

actionupdated_optionincludes\admin.php:14

filtermanage_edit-event_columnsincludes\admin.php:15

actionmanage_event_posts_custom_columnincludes\admin.php:16

actionrestrict_manage_postsincludes\admin.php:17

filterimage_resize_dimensionsincludes\functions.php:808

actioninitincludes\post-type.php:77

actionadmin_enqueue_scriptsincludes\system.php:41

actionpre_get_postsincludes\system.php:45

actionafter_setup_themeincludes\system.php:48

actioninitincludes\system.php:49

filterthemify_metabox/fields/themify-meta-boxesincludes\system.php:51

actionwp_enqueue_scriptsincludes\system.php:52

filtertemplate_includeincludes\system.php:53

filterpost_classincludes\system.php:54

actionthemify_builder_setup_modulesincludes\system.php:61

filterthemify_search_argsincludes\system.php:63

filterthe_contentincludes\system.php:93

filterthemify_metaboxesincludes\themify-metabox\example-functions.php:30

filterthemify_metabox/fields/tm-exampleincludes\themify-metabox\example-functions.php:229

filterthemify_metabox/user/fieldsincludes\themify-metabox\example-functions.php:259

filterthemify_metabox/taxonomy/category/fieldsincludes\themify-metabox\example-functions.php:280

actioninitincludes\themify-metabox\includes\themify-metabox-core.php:17

actionadmin_menuincludes\themify-metabox\includes\themify-metabox-core.php:27

actionpre_post_updateincludes\themify-metabox\includes\themify-metabox-core.php:28

actionsave_postincludes\themify-metabox\includes\themify-metabox-core.php:29

actionadmin_enqueue_scriptsincludes\themify-metabox\includes\themify-metabox-core.php:30

filteris_protected_metaincludes\themify-metabox\includes\themify-metabox-core.php:31

actionadmin_initincludes\themify-metabox\includes\themify-metabox-core.php:35

filtersave_postincludes\themify-metabox\includes\themify-metabox-core.php:40

actionadd_meta_boxesincludes\themify-metabox\includes\themify-metabox-core.php:44

actionadmin_headincludes\themify-metabox\includes\themify-metabox-core.php:45

actionadmin_enqueue_scriptsincludes\themify-metabox\includes\themify-metabox-core.php:46

actiontemplate_redirectincludes\themify-metabox\includes\themify-metabox-core.php:50

actionwp_before_admin_bar_renderincludes\themify-metabox\includes\themify-metabox-core.php:697

actionwp_enqueue_scriptsincludes\themify-metabox\includes\themify-metabox-core.php:698

filteruse_block_editor_for_postincludes\themify-metabox\includes\themify-metabox-core.php:728

filterscreen_options_show_screenincludes\themify-metabox\includes\themify-metabox-core.php:730

actioninitincludes\themify-metabox\includes\themify-metabox-core.php:772

actioninitincludes\themify-metabox\includes\themify-term-fields.php:22

actionadmin_enqueue_scriptsincludes\themify-metabox\includes\themify-term-fields.php:23

actioncreated_termincludes\themify-metabox\includes\themify-term-fields.php:35

actionedited_termincludes\themify-metabox\includes\themify-term-fields.php:36

actionshow_user_profileincludes\themify-metabox\includes\themify-user-fields.php:22

actionedit_user_profileincludes\themify-metabox\includes\themify-user-fields.php:23

actionadmin_enqueue_scriptsincludes\themify-metabox\includes\themify-user-fields.php:24

actionpersonal_options_updateincludes\themify-metabox\includes\themify-user-fields.php:25

actionedit_user_profile_updateincludes\themify-metabox\includes\themify-user-fields.php:26

actionafter_setup_themeincludes\themify-metabox\themify-metabox.php:35

filtermce_external_pluginsincludes\tinymce.php:12

filtermce_buttonsincludes\tinymce.php:13

actionwp_enqueue_editorincludes\tinymce.php:14

actionwidgets_initincludes\widgets.php:117

actionwidgets_initincludes\widgets.php:260

filterthemify_builder_active_varsmodules\module-event-posts.php:18

actionadmin_initthemify-event-post.php:37

actionadmin_noticesthemify-event-post.php:38

actionafter_setup_themethemify-event-post.php:50

filterplugin_row_metathemify-event-post.php:51

Maintenance & Trust

Themify Event Post Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 27, 2026

PHP min version7.2

Downloads85K

Community Trust

Rating100/100

Number of ratings2

Active installs3K

Alternatives

Themify Event Post Alternatives

Same Category Posts

same-category-posts

Show posts related to the current category or other custom post types.

3K 1 CVE

Bulk Post Status Update

bulk-post-status-update

The users can change the status of posts and custom posts to draft and publish them in bulk.

200 No CVEs

last updated

last-updated

Mark posts as significantly updated an display them in a widget.

100 No CVEs

Press, News, Events

press-news-events

Create custom post types for press releases, references to external news stories, and events.

60 No CVEs

Super Simple Events

super-simple-events

Super Simple Events is an events plugin for WordPress, built to be easy to use and manage.

30 No CVEs

Developer Profile

Themify Event Post Developer Profile

themifyme

10 plugins · 140K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

145 days

View full developer profile

Detection Fingerprints

How We Detect Themify Event Post

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/themify-event-post/css/event-styles.css/wp-content/plugins/themify-event-post/js/themify-event-post.js/wp-content/plugins/themify-event-post/assets/css/frontend.css/wp-content/plugins/themify-event-post/assets/js/frontend.js/wp-content/plugins/themify-event-post/assets/css/calendar.css/wp-content/plugins/themify-event-post/assets/js/calendar.js/wp-content/plugins/themify-event-post/includes/themify-metabox/assets/css/themify-metabox.css/wp-content/plugins/themify-event-post/includes/themify-metabox/assets/js/themify-metabox.js

Script Paths

/wp-content/plugins/themify-event-post/js/themify-event-post.js/wp-content/plugins/themify-event-post/assets/js/frontend.js/wp-content/plugins/themify-event-post/assets/js/calendar.js/wp-content/plugins/themify-event-post/includes/themify-metabox/assets/js/themify-metabox.js

Version Parameters

themify-event-post/css/event-styles.css?ver=themify-event-post/js/themify-event-post.js?ver=themify-event-post/assets/css/frontend.css?ver=themify-event-post/assets/js/frontend.js?ver=themify-event-post/assets/css/calendar.css?ver=themify-event-post/assets/js/calendar.js?ver=themify-event-post/includes/themify-metabox/assets/css/themify-metabox.css?ver=themify-event-post/includes/themify-metabox/assets/js/themify-metabox.js?ver=

HTML / DOM Fingerprints

CSS Classes

themify_event_post_wrapthemify_event_archivethemify_event_single

Data Attributes

data-post-type="event"

JS Globals

ThemifyEventPostThemifyCalendar

Shortcode Output

[themify_event_postthemify_event_post

FAQ

Themify Event Post Security & Risk Analysis

Is Themify Event Post Safe to Use in 2026?

Generally Safe

Key Concerns

Themify Event Post Security Vulnerabilities

CVEs by Year

Severity Breakdown

Themify Event Post Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Themify Event Post Attack Surface

AJAX Handlers 6

Shortcodes 1

Themify Event Post Maintenance & Trust

Maintenance Signals

Community Trust

Themify Event Post Alternatives

Same Category Posts

Bulk Post Status Update

last updated

Press, News, Events

Super Simple Events

Themify Event Post Developer Profile

How We Detect Themify Event Post

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Themify Event Post