WP-Safety

Workshop Butler Security & Risk Analysis

wordpress.org/plugins/workshop-butler

Integrate your website and Workshop Butler workshop management platform. Promote workshops and trainers, accept registrations.

30 active installs v3.2.3 PHP 7.2.5+ WP 5.5+ Updated Jun 9, 2024
event-managementevent-scheduleonline-registrationstraining-managementworkshop-crm
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Workshop Butler Safe to Use in 2026?

Generally Safe

Score 92/100

Workshop Butler has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The workshop-butler plugin v3.2.3 exhibits a generally positive security posture with several strong practices in place. The absence of any known CVEs and a clean vulnerability history are significant strengths, suggesting the plugin has historically been well-maintained and secure. Furthermore, the code analysis shows excellent use of prepared statements for SQL queries and a very high percentage of properly escaped output, minimizing risks related to SQL injection and cross-site scripting (XSS) from database interactions or data display.

However, there are notable areas of concern. The plugin exposes a significant attack surface with 58 total entry points, of which 8 AJAX handlers are completely unprotected by authentication checks. This means any unauthenticated user could potentially trigger these AJAX actions, opening the door to various security risks depending on the functionality of these handlers. While taint analysis found no critical or high-severity issues related to unsanitized paths, the presence of unprotected AJAX endpoints remains a considerable risk as they could be exploited without requiring any user login or privileges.

In conclusion, while the plugin demonstrates good practices in critical areas like database querying and output sanitization, the lack of authentication on a substantial number of AJAX endpoints presents a significant security weakness. The absence of historical vulnerabilities is a positive indicator, but it does not negate the immediate risks posed by the current code. Addressing these unprotected entry points should be a priority to improve the plugin's overall security.

Key Concerns

  • 8 unprotected AJAX handlers
Vulnerabilities
None known

Workshop Butler Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Workshop Butler Release Timeline

v3.2.3Current
v3.2.2
v3.2.1
v3.2
v3.1.9
v3.1.8
v3.1.7
v3.1.6
v3.1.5.1
v3.1.5
v3.1.4
v3.1.3
v3.1.2
v3.1.1
v3.1.0
v3.0.3
v3.0.2.1
v3.0.2
v3.0.1
v3.0.0
Code Analysis
Analyzed Apr 16, 2026

Workshop Butler Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
456 escaped
Nonce Checks
4
Capability Checks
0
File Operations
2
External Requests
3
Bundled Libraries
0

Output Escaping

99% escaped461 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
get_values (public/includes/class-wsb-ajax.php:29)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Workshop Butler Attack Surface

Entry Points58
Unprotected8

AJAX Handlers 8

noprivwp_ajax_wsb_get_valuespublic/class-wsb-integration-public.php:378
authwp_ajax_wsb_get_valuespublic/class-wsb-integration-public.php:379
noprivwp_ajax_wsb_registerpublic/class-wsb-integration-public.php:381
authwp_ajax_wsb_registerpublic/class-wsb-integration-public.php:382
noprivwp_ajax_wsb_pre_registerpublic/class-wsb-integration-public.php:384
authwp_ajax_wsb_pre_registerpublic/class-wsb-integration-public.php:385
noprivwp_ajax_wsb_tax_validationpublic/class-wsb-integration-public.php:387
authwp_ajax_wsb_tax_validationpublic/class-wsb-integration-public.php:388

Shortcodes 50

[wsb_schedule] public/class-wsb-integration-public.php:308
[wsb_event] public/class-wsb-integration-public.php:309
[wsb_registration] public/class-wsb-integration-public.php:310
[wsb_trainer_list] public/class-wsb-integration-public.php:312
[wsb_trainer] public/class-wsb-integration-public.php:313
[wsb_schedule_date] public/class-wsb-integration-public.php:316
[wsb_schedule_time] public/class-wsb-integration-public.php:317
[wsb_schedule_filters] public/class-wsb-integration-public.php:318
[wsb_schedule_item] public/class-wsb-integration-public.php:319
[wsb_schedule_register] public/class-wsb-integration-public.php:320
[wsb_schedule_title] public/class-wsb-integration-public.php:321
[wsb_schedule_image] public/class-wsb-integration-public.php:322
[wsb_schedule_trainers] public/class-wsb-integration-public.php:323
[wsb_schedule_schedule] public/class-wsb-integration-public.php:324
[wsb_schedule_location] public/class-wsb-integration-public.php:325
[wsb_schedule_language] public/class-wsb-integration-public.php:326
[wsb_trainer_list_filters] public/class-wsb-integration-public.php:328
[wsb_trainer_list_item] public/class-wsb-integration-public.php:329
[wsb_trainer_list_photo] public/class-wsb-integration-public.php:330
[wsb_trainer_list_name] public/class-wsb-integration-public.php:331
[wsb_trainer_list_country] public/class-wsb-integration-public.php:332
[wsb_trainer_list_badges] public/class-wsb-integration-public.php:333
[wsb_trainer_list_rating] public/class-wsb-integration-public.php:334
[wsb_event_title] public/class-wsb-integration-public.php:336
[wsb_event_registration_button] public/class-wsb-integration-public.php:337
[wsb_event_schedule] public/class-wsb-integration-public.php:338
[wsb_event_image] public/class-wsb-integration-public.php:339
[wsb_event_location] public/class-wsb-integration-public.php:340
[wsb_event_social_links] public/class-wsb-integration-public.php:341
[wsb_event_events] public/class-wsb-integration-public.php:342
[wsb_event_description] public/class-wsb-integration-public.php:343
[wsb_event_trainers] public/class-wsb-integration-public.php:344
[wsb_event_tickets] public/class-wsb-integration-public.php:345
[wsb_registration_form] public/class-wsb-integration-public.php:347
[wsb_trainer_name] public/class-wsb-integration-public.php:349
[wsb_trainer_country] public/class-wsb-integration-public.php:350
[wsb_trainer_photo] public/class-wsb-integration-public.php:351
[wsb_trainer_stats] public/class-wsb-integration-public.php:353
[wsb_trainer_social_link] public/class-wsb-integration-public.php:354
[wsb_trainer_email] public/class-wsb-integration-public.php:355
[wsb_trainer_events] public/class-wsb-integration-public.php:357
[wsb_trainer_badges] public/class-wsb-integration-public.php:358
[wsb_trainer_bio] public/class-wsb-integration-public.php:359
[wsb_trainer_testimonials] public/class-wsb-integration-public.php:361
[wsb_testimonial] public/class-wsb-integration-public.php:362
[wsb_testimonial_author] public/class-wsb-integration-public.php:363
[wsb_testimonial_rating] public/class-wsb-integration-public.php:364
[wsb_testimonial_content] public/class-wsb-integration-public.php:365
[wsb_next_event] public/class-wsb-integration-public.php:367
[wsb_next_event_button] public/class-wsb-integration-public.php:368
WordPress Hooks 65
actionplugins_loadedincludes/class-wsb-integration.php:277
actionadmin_enqueue_scriptsincludes/class-wsb-integration.php:292
actionadmin_enqueue_scriptsincludes/class-wsb-integration.php:293
actioninitincludes/class-wsb-integration.php:294
actionadmin_initincludes/class-wsb-integration.php:297
actioninitincludes/class-wsb-integration.php:298
actionwidgets_initincludes/class-wsb-integration.php:309
actionwp_enqueue_scriptsincludes/class-wsb-integration.php:323
actionwp_enqueue_scriptsincludes/class-wsb-integration.php:324
actioninitincludes/class-wsb-integration.php:326
filterpre_get_document_titleincludes/class-wsb-integration.php:327
filterthe_titleincludes/class-wsb-integration.php:328
filterwpseo_frontend_presenter_classesincludes/class-wsb-integration.php:330
filterwpseo_opengraph_titleincludes/class-wsb-integration.php:331
filterwpseo_add_opengraph_additional_imagesincludes/class-wsb-integration.php:332
actioninitincludes/class-wsb-integration.php:335
actionwsb_filterspublic/includes/hooks/class-event-calendar-hooks.php:27
actionwsb_calendarpublic/includes/hooks/class-event-calendar-hooks.php:28
actionwsb_calendar_itempublic/includes/hooks/class-event-calendar-hooks.php:29
actionwsb_calendar_item_titlepublic/includes/hooks/class-event-calendar-hooks.php:30
actionwsb_calendar_item_timepublic/includes/hooks/class-event-calendar-hooks.php:31
actionwsb_calendar_item_datepublic/includes/hooks/class-event-calendar-hooks.php:32
actionwsb_calendar_item_imagepublic/includes/hooks/class-event-calendar-hooks.php:33
actionwsb_calendar_item_locationpublic/includes/hooks/class-event-calendar-hooks.php:34
actionwsb_calendar_item_languagepublic/includes/hooks/class-event-calendar-hooks.php:42
actionwsb_calendar_item_schedulepublic/includes/hooks/class-event-calendar-hooks.php:50
actionwsb_calendar_item_registerpublic/includes/hooks/class-event-calendar-hooks.php:58
actionwsb_calendar_item_tagpublic/includes/hooks/class-event-calendar-hooks.php:66
actionwsb_calendar_item_trainerspublic/includes/hooks/class-event-calendar-hooks.php:67
actionwsb_registration_formpublic/includes/hooks/class-registration-form-hooks.php:25
actionwsb_registration_form_fieldspublic/includes/hooks/class-registration-form-hooks.php:30
actionwsb_registration_form_input_fieldpublic/includes/hooks/class-registration-form-hooks.php:35
actionwsb_registration_form_labelpublic/includes/hooks/class-registration-form-hooks.php:40
actionwsb_registration_form_textarea_fieldpublic/includes/hooks/class-registration-form-hooks.php:45
actionwsb_registration_form_checkbox_fieldpublic/includes/hooks/class-registration-form-hooks.php:50
actionwsb_registration_form_country_fieldpublic/includes/hooks/class-registration-form-hooks.php:55
actionwsb_registration_form_select_fieldpublic/includes/hooks/class-registration-form-hooks.php:60
actionwsb_registration_form_ticket_fieldpublic/includes/hooks/class-registration-form-hooks.php:65
actionwsb_registration_form_sectionspublic/includes/hooks/class-registration-form-hooks.php:70
actionwsb_event_register_buttonpublic/includes/hooks/class-single-event-hooks.php:25
actionwsb_event_infopublic/includes/hooks/class-single-event-hooks.php:26
actionwsb_event_trainerspublic/includes/hooks/class-single-event-hooks.php:27
actionwsb_event_descriptionpublic/includes/hooks/class-single-event-hooks.php:28
actionwsb_event_cover_imagepublic/includes/hooks/class-single-event-hooks.php:29
actionwsb_event_ticketspublic/includes/hooks/class-single-event-hooks.php:30
actionwsb_event_social_linkspublic/includes/hooks/class-single-event-hooks.php:31
actionwsb_event_eventspublic/includes/hooks/class-single-event-hooks.php:32
actionwsb_trainer_photopublic/includes/hooks/class-single-trainer-hooks.php:25
actionwsb_trainer_emailpublic/includes/hooks/class-single-trainer-hooks.php:26
actionwsb_trainer_countrypublic/includes/hooks/class-single-trainer-hooks.php:27
actionwsb_trainer_badgespublic/includes/hooks/class-single-trainer-hooks.php:28
actionwsb_trainer_biopublic/includes/hooks/class-single-trainer-hooks.php:29
actionwsb_trainer_testimonialspublic/includes/hooks/class-single-trainer-hooks.php:30
actionwsb_trainer_future_eventspublic/includes/hooks/class-single-trainer-hooks.php:31
actionwsb_trainer_past_eventspublic/includes/hooks/class-single-trainer-hooks.php:32
actionwsb_trainer_social_linkspublic/includes/hooks/class-single-trainer-hooks.php:33
actionwsb_trainer_statspublic/includes/hooks/class-single-trainer-hooks.php:34
actionwsb_trainer_list_filterspublic/includes/hooks/class-trainer-list-hooks.php:27
actionwsb_trainer_list_itemspublic/includes/hooks/class-trainer-list-hooks.php:28
actionwsb_trainer_list_itempublic/includes/hooks/class-trainer-list-hooks.php:29
actionwsb_trainer_list_item_photopublic/includes/hooks/class-trainer-list-hooks.php:30
actionwsb_trainer_list_item_namepublic/includes/hooks/class-trainer-list-hooks.php:31
actionwsb_trainer_list_item_countrypublic/includes/hooks/class-trainer-list-hooks.php:32
actionwsb_trainer_list_item_badgespublic/includes/hooks/class-trainer-list-hooks.php:33
actionwsb_trainer_list_item_ratingpublic/includes/hooks/class-trainer-list-hooks.php:34
Maintenance & Trust

Workshop Butler Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedJun 9, 2024
PHP min version7.2.5
Downloads7K

Community Trust

Rating0/100
Number of ratings0
Active installs30
Alternatives

Workshop Butler Alternatives

WP Events Manager

WP Events Manager

wp-events-manager

A
97

The all in one Events Manager for WordPress: create and manage events, sell event tickets online easily. No Coding Required.

30K 2 CVEs
Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform

Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform

sugar-calendar-lite

A
98

Easily manage events and sell tickets on your WordPress site. Sugar Calendar is easy-to-use, reliable, and exceptionally powerful. See for yourself.

10K 2 CVEs
Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)

Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)

wp-event-solution

B
82

Events calendar plugin for WordPress to manage events, bookings, registrations, scheduling, virtual events, and tickets sales.

10K 21 CVEs
EventON – Events Calendar

EventON – Events Calendar

eventon-lite

A
85

Create beautiful, responsive event calendars with unlimited events, repeating schedules, virtual support, and a sleek minimal design!

6K 12 CVEs
RSVP and Event Management

RSVP and Event Management

rsvp

A
95

Simple Event Registration & RSVP Management for WordPress

3K 6 CVEs
Developer Profile

Workshop Butler Developer Profile

Workshop Butler Team

1 plugin · 30 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Workshop Butler

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/workshop-butler/assets/css/public-styles.css/wp-content/plugins/workshop-butler/assets/js/public-scripts.js/wp-content/plugins/workshop-butler/assets/css/admin-styles.css/wp-content/plugins/workshop-butler/assets/js/admin-scripts.js
Script Paths
/wp-content/plugins/workshop-butler/vendor/autoload.php
Version Parameters
workshop-butler/assets/css/public-styles.css?ver=workshop-butler/assets/js/public-scripts.js?ver=workshop-butler/assets/css/admin-styles.css?ver=workshop-butler/assets/js/admin-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
wsb-events-listwsb-trainer-profilewsb-testimonial-slider
HTML Comments
<!-- WSB_Integration --><!-- Workshop Butler Plugin -->
Data Attributes
data-wsb-api-keydata-wsb-event-id
JS Globals
window.WSB_Integration_Publicvar WSB_AJAX_URL
REST Endpoints
/wp-json/wsb-integration/v1/events/wp-json/wsb-integration/v1/trainers
Shortcode Output
[wsb_events][wsb_trainers][wsb_testimonials]
FAQ

Frequently Asked Questions about Workshop Butler