Does VCP Events have any unpatched vulnerabilities?

No. All known vulnerabilities in VCP Events have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is VCP Events compatible with WordPress 4.8.28?

According to WordPress.org data, VCP Events 1.0 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is VCP Events updated?

VCP Events was last updated on Apr 18, 2018. Frequent updates are generally a positive security signal.

What is VCP Events's security score?

VCP Events has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

VCP Events Security & Risk Analysis

wordpress.org/plugins/vcp-events

Add a google plus comment stream next to a your livestream or video.

10 active installs v1.0 PHP + WP + Updated Apr 18, 2018

commentsgooglegoogle-pluslivestreamingvideo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is VCP Events Safe to Use in 2026?

Generally Safe

Score 85/100

VCP Events has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The vcp-events plugin v1.0 demonstrates a generally good security posture with no known vulnerabilities or critical taint flows. The code analysis shows a low attack surface, with only one AJAX handler, and importantly, this handler appears to have necessary authorization checks. The plugin also adheres to good practices like using prepared statements for all SQL queries and incorporating nonce checks. However, a significant concern arises from the low percentage (13%) of properly escaped outputs. This indicates a high likelihood of cross-site scripting (XSS) vulnerabilities, where user-supplied data could be injected into the page without proper sanitization, leading to potential arbitrary code execution within the user's browser context. The file operation, while only one, also warrants attention. Despite the absence of historical CVEs, which is positive, the current unescaped output issue presents a tangible and critical risk.

Key Concerns

Low output escaping percentage
Presence of file operations

Vulnerabilities

None known

VCP Events Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

VCP Events Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

13% escaped86 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<kjp_custom_posts> (kjp_custom_posts.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

VCP Events Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_vcp_save_srcvcp_src_saver.php:4

WordPress Hooks 8

actioninitkjp_custom_posts.php:39

actionadd_meta_boxeskjp_custom_posts.php:163

actionsave_postkjp_custom_posts.php:164

actionadmin_menuvcp_options_menu.php:34

actionadmin_initvcp_options_menu.php:47

actionwp_headVideo-Comments-Plus.php:35

actionwp_enqueue_scriptsVideo-Comments-Plus.php:556

actionadmin_headVideo-Comments-Plus.php:557

Maintenance & Trust

VCP Events Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedApr 18, 2018

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

VCP Events Alternatives

Social Comments

social-comments

This plugin adds Google Plus Comments system, Facebook comments and / or Disqus Comments to your site.

400 No CVEs

Google+ Comments

google-plus-comments

The Google+ Comments WordPress plugin makes it easier for you to setup, administer and customise Google+ comments from your WordPress site.

40 1 unpatched

GP – GeePress

All the tools you need to integrate your WordPress and Google+.

40 No CVEs

YouTube Comments

youtube-comments

This plugin finds YouTube links in post content and imports the video comments.

10 No CVEs

Dynamic XML Sitemaps Generator for Google

xml-sitemap-generator-for-google

100

Boost SEO 🚀 with powerful XML, HTML, Image, Video & Google News sitemaps for better search engine indexing.

20K 1 CVE

Developer Profile

VCP Events Developer Profile

kpmediadesigner

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect VCP Events

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/vcp-events/vcp-events.php/wp-content/plugins/vcp-events/css/vcp-events-style.css/wp-content/plugins/vcp-events/js/vcp-events-script.js

Script Paths

/wp-content/plugins/vcp-events/js/vcp-events-script.js

Version Parameters

vcp-events/css/vcp-events-style.css?ver=vcp-events/js/vcp-events-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

vcp-button-disable

Data Attributes

vcp_ajaxurl

JS Globals