Does The Events Calendar: oEmbed have any unpatched vulnerabilities?

No. All known vulnerabilities in The Events Calendar: oEmbed have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is The Events Calendar: oEmbed compatible with WordPress 3.7.41?

According to WordPress.org data, The Events Calendar: oEmbed 0.2 has been tested up to WordPress 3.7.41. Check the plugin's changelog for the latest compatibility information.

How often is The Events Calendar: oEmbed updated?

The Events Calendar: oEmbed was last updated on Feb 7, 2014. Frequent updates are generally a positive security signal.

What is The Events Calendar: oEmbed's security score?

The Events Calendar: oEmbed has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

The Events Calendar: oEmbed Security & Risk Analysis

wordpress.org/plugins/tribe-events-oembed

Enable oEmbed functionality on your WordPress The Events Calendar plugin by Tri.be.

10 active installs v0.2 PHP + WP 3.6+ Updated Feb 7, 2014

calendarembedevents-calendaroembedtribe

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is The Events Calendar: oEmbed Safe to Use in 2026?

Generally Safe

Score 85/100

The Events Calendar: oEmbed has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The "tribe-events-oembed" v0.2 plugin exhibits a seemingly robust security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the potential attack surface. Furthermore, the lack of dangerous functions, file operations, external HTTP requests, and the use of prepared statements for all SQL queries are positive indicators. However, the plugin's security is severely undermined by the complete lack of output escaping. This means that any data processed or displayed by the plugin is not sanitized, leaving it vulnerable to Cross-Site Scripting (XSS) attacks if user-supplied data is ever incorporated into its outputs. The plugin also lacks any nonce or capability checks, meaning that even if new entry points were added in the future, they would likely be unprotected. The absence of any known vulnerabilities in its history is a positive sign, but it does not mitigate the critical risk posed by unescaped output.

Key Concerns

100% of outputs are not properly escaped
0 capability checks found
0 nonce checks found

Vulnerabilities

None known

The Events Calendar: oEmbed Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

The Events Calendar: oEmbed Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped10 total outputs

Attack Surface

The Events Calendar: oEmbed Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actioninittribe-events-oembed.php:41

filtergenerate_rewrite_rulestribe-events-oembed.php:42

filterquery_varstribe-events-oembed.php:43

actiontemplate_redirecttribe-events-oembed.php:44

actiontribe_general_settings_tab_fieldstribe-events-oembed.php:45

actioninittribe-events-oembed.php:392

actionadmin_headtribe-events-oembed.php:397

actionplugins_loadedtribe-events-oembed.php:403

Maintenance & Trust

The Events Calendar: oEmbed Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41

Last updatedFeb 7, 2014

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

The Events Calendar: oEmbed Alternatives

Duplicate TEC Event

duplicate-tec-event

Adds the ability to duplicate an event created by Modern Tribe's The Event Calendar plugin.

1K No CVEs

Events Calendar by AddEvent – Embeddable Event Calendar Plugin

addevent

100

Easily embed your events calendar on your WordPress site with AddEvent's embeddable calendar plugin.

100 No CVEs

Rouergue Creation Events Sidebar

rouergue-creation-sidebar-embed

100

This plugin provides a clean and controlled integration of Calendar Embed (The Events Calendar) into a WordPress sidebar.

0 No CVEs

Timetable and Event Schedule by MotoPress

mp-timetable

Smart event organizer and time-management tool with a clean minimalist design for featuring your timetables and upcoming events.

30K 8 CVEs

Embed PDF Viewer

embed-pdf-viewer

Embed a PDF from the Media Library or elsewhere via oEmbed or as a block into an iframe tag.

20K 2 CVEs

Developer Profile

The Events Calendar: oEmbed Developer Profile

Timothy Wood

5 plugins · 770 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect The Events Calendar: oEmbed

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tribe-events-oembed/oembed.js/wp-content/plugins/tribe-events-oembed/oembed.min.js

Script Paths

tribe-events-oembed/oembed.jstribe-events-oembed/oembed.min.js

HTML / DOM Fingerprints

FAQ