WP-Safety

Upcoming Events Lists Security & Risk Analysis

wordpress.org/plugins/upcoming-events-lists

A WordPress plugin to show a list of upcoming events on the front-end.

1K active installs v1.4.0 PHP 7.0+ WP 6.0+ Updated Apr 15, 2025
calendareventsfeedupcoming-eventswidget
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is Upcoming Events Lists Safe to Use in 2026?

Mostly Safe

Score 78/100

Upcoming Events Lists is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Sep 22, 2025Updated 11mo ago
Risk Assessment

The "upcoming-events-lists" plugin version 1.4.0 exhibits a mixed security posture. On the positive side, the static analysis reveals good practices such as 100% of SQL queries using prepared statements and the presence of nonce checks. The absence of dangerous functions, file operations, and external HTTP requests is also reassuring, suggesting a limited potential for certain types of attacks. However, the critical weakness lies in the vulnerability history. The presence of one known medium-severity CVE, "Exposure of Sensitive Information to an Unauthorized Actor," which is currently unpatched, represents a significant risk. The fact that this is the only known vulnerability and it's recent is concerning, as it indicates a potential for unauthorized access to sensitive data if exploited. The code analysis also highlights a concern with output escaping, as only 50% of outputs are properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities, although no direct taint flows were detected. The plugin has a small attack surface with only one shortcode, and importantly, no unprotected entry points identified in the static analysis.

Key Concerns

  • Unpatched medium severity CVE
  • Half of outputs unescaped
Vulnerabilities
1

Upcoming Events Lists Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-57994medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

Upcoming Events Lists <= 1.4.0 - Authenticated (Subscriber+) Insecure Direct Object Reference

Sep 22, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Upcoming Events Lists Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
22
22 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

50% escaped44 total outputs
Attack Surface

Upcoming Events Lists Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[upcoming_events_list] includes\Frontend\Frontend.php:31
WordPress Hooks 15
actioninitincludes\Admin\Admin.php:38
actionupcoming_events_lists/activationincludes\Admin\Admin.php:39
actionupcoming_events_lists/deactivationincludes\Admin\Admin.php:40
actionadmin_enqueue_scriptsincludes\Admin\Admin.php:42
actiondo_meta_boxesincludes\Admin\Admin.php:44
actionadd_meta_boxesincludes\Admin\Admin.php:50
actionsave_postincludes\Admin\Admin.php:51
actionwp_loadedincludes\Assets.php:47
actionwp_enqueue_scriptsincludes\Frontend\Frontend.php:28
filterthe_contentincludes\Frontend\Frontend.php:29
filterthe_contentincludes\Frontend\Frontend.php:30
actioninitincludes\GutenbergBlock.php:24
actionrest_api_initincludes\REST\EventController.php:32
actionplugins_loadedupcoming-events-lists.php:81
actionwidgets_initupcoming-events-lists.php:145
Maintenance & Trust

Upcoming Events Lists Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 15, 2025
PHP min version7.0
Downloads42K

Community Trust

Rating96/100
Number of ratings6
Active installs1K
Alternatives

Upcoming Events Lists Alternatives

External Events Calendar

External Events Calendar

external-events-calendar

A
85

This plugin adds a basic "upcoming events" calendar of links to Wordpress.

30 No CVEs
Simple Calendar – Google Calendar Plugin

Simple Calendar – Google Calendar Plugin

google-calendar-events

A
95

Add Google Calendar events to your WordPress site in minutes. Beautiful calendar displays. Mobile responsive.

50K 7 CVEs
Events Widgets For Elementor And The Events Calendar

Events Widgets For Elementor And The Events Calendar

events-widgets-for-elementor-and-the-events-calendar

A
99

The Events Calendar Elementor widgets help you manage and display an upcoming events list with date, time, venue and event ticket booking details.

10K 1 CVE
ICS Calendar

ICS Calendar

ics-calendar

A
99

Add the calendar you already use to Any WordPress site! Google Calendar, Microsoft 365, iCloud and more… no API keys or complicated setup required.

10K 1 CVE
Show Eventbrite Events – Event Feed for Eventbrite

Show Eventbrite Events – Event Feed for Eventbrite

event-feed-for-eventbrite

A
99

Show Eventbrite events easily with the Eventbrite WordPress plugin. Eventbrite widget integration without imports or complicated setup.

900 1 CVE
Developer Profile

Upcoming Events Lists Developer Profile

Sayful Islam

5 plugins · 36K total installs

83
trust score
Avg Security Score
93/100
Avg Patch Time
38 days
View full developer profile
Detection Fingerprints

How We Detect Upcoming Events Lists

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/upcoming-events-lists/assets/css/admin-style.css/wp-content/plugins/upcoming-events-lists/assets/js/admin.js
Script Paths
/wp-content/plugins/upcoming-events-lists/assets/js/admin.js
Version Parameters
upcoming-events-lists/assets/css/admin-style.css?ver=upcoming-events-lists/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
upcoming-events-lists
Data Attributes
data-post-id
REST Endpoints
/wp-json/upcoming-events-lists/v1/events
Shortcode Output
[upcoming_events_lists]
FAQ

Frequently Asked Questions about Upcoming Events Lists