Does Action Network have any unpatched vulnerabilities?

No. All known vulnerabilities in Action Network have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Action Network compatible with WordPress 6.8.5?

According to WordPress.org data, Action Network 1.8.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Action Network updated?

Action Network was last updated on Nov 18, 2025. Frequent updates are generally a positive security signal.

What is Action Network's security score?

Action Network has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Action Network Security & Risk Analysis

wordpress.org/plugins/wp-action-network

Provides Action Network (actionnetwork.org) action embed codes as shortcodes and a calendar and signup widget

400 active installs v1.8.2 PHP + WP 4.6+ Updated Nov 18, 2025

action-networkeventsonline-organizingsignup

A · Safe

CVEs total3

Unpatched0

Last CVEJan 8, 2025

Download

Safety Verdict

Is Action Network Safe to Use in 2026?

Generally Safe

Score 97/100

Action Network has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jan 8, 2025Updated 4mo ago

Risk Assessment

The wp-action-network plugin v1.8.2 presents a mixed security posture. On the positive side, the plugin demonstrates good practices in its use of prepared statements for SQL queries (79%) and a high percentage of properly escaped output (90%). It also avoids bundled libraries and has a low number of external HTTP requests. However, significant concerns arise from its attack surface. With 6 out of 11 entry points lacking authentication checks, particularly AJAX handlers, this plugin is vulnerable to unauthorized actions. The presence of the `unserialize` function, a known risky operation, combined with taint analysis revealing unsanitized paths, suggests potential for critical vulnerabilities if these flows are exploited with malicious input. The plugin's vulnerability history, with 3 known CVEs including one high severity, points to recurring issues like Cross-Site Scripting and SQL Injection. While there are currently no unpatched vulnerabilities, the past patterns indicate a potential for new vulnerabilities to emerge or existing ones to be re-introduced if not rigorously addressed. The plugin's strengths in output escaping and prepared statements are overshadowed by the significant risks posed by its unprotected entry points and the historical vulnerability profile.

Key Concerns

Unprotected AJAX handlers
Unsanitized paths in taint analysis
High severity vulnerability in history
Medium severity vulnerabilities in history
Use of unserialize function
Missing nonce checks on AJAX

Vulnerabilities

Action Network Security Vulnerabilities

CVEs by Year

2 CVEs in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2024-12394medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Action Network <= 1.4.4 - Reflected Cross-Site Scripting

Jan 8, 2025 Patched in 1.8.0 (303d)

CVE-2024-2954high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WordPress Action Network 1.4.3 -Authentcated (Admin+) SQL Injection

Mar 26, 2024 Patched in 1.4.4 (42d)

CVE-2024-25921medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Action Network <= 1.4.2 - Reflected Cross-Site Scripting via 'search'

Feb 14, 2024 Patched in 1.4.3 (7d)

Code Analysis

Analyzed Mar 16, 2026

Action Network Code Analysis

Dangerous Functions

Raw SQL Queries

50 prepared

Unescaped Output

162 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$location_json = isset($event['location']) ? unserialize( $event['location'] ) : new stdClass();actionnetwork.php:592

unserialize$location = unserialize( $location_hash );actionnetwork.php:647

unserialize$location_object = unserialize( $event['location'] );actionnetwork.php:1173

unserialize$resource = unserialize($result['resource']);includes\actionnetwork-sync.class.php:193

unserialize$action_types = unserialize( $instance['action_types'] );includes\actionnetwork-widgets.class.php:222

unserialize$tags = unserialize( $instance['tags'] );includes\actionnetwork-widgets.class.php:828

unserialize$values = unserialize($value);includes\uwfWidgetControls.class.php:46

SQL Query Safety

79% prepared63 total queries

Output Escaping

90% escaped181 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

extra_tablenav (includes\actionnetwork-action-list.class.php:427)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Action Network Attack Surface

Entry Points11

Unprotected6

AJAX Handlers 7

authwp_ajax_actionnetwork_process_queueactionnetwork.php:896

noprivwp_ajax_actionnetwork_process_queueactionnetwork.php:897

authwp_ajax_actionnetwork_get_queue_statusactionnetwork.php:966

noprivwp_ajax_getActionNetworksactionnetwork.php:2106

authwp_ajax_getActionNetworksactionnetwork.php:2107

authwp_ajax_actionnetwork_signupincludes\actionnetwork-widgets.class.php:1066

noprivwp_ajax_actionnetwork_signupincludes\actionnetwork-widgets.class.php:1067

Shortcodes 4

[actionnetwork] actionnetwork.php:373

[wp-action-network] actionnetwork.php:375

[actionnetwork_list] actionnetwork.php:501

[actionnetwork_calendar] actionnetwork.php:629

WordPress Hooks 10

actionplugins_loadedactionnetwork.php:238

actionadmin_noticesactionnetwork.php:285

actionwidgets_initactionnetwork.php:295

actionadmin_menuactionnetwork.php:707

actionadmin_initactionnetwork.php:768

actionactionnetwork_cron_dailyactionnetwork.php:840

filtermce_external_pluginsactionnetwork.php:2049

filtermce_buttonsactionnetwork.php:2050

actionadmin_headactionnetwork.php:2053

actioninitactionnetwork.php:2104

Scheduled Events 1

actionnetwork_cron_daily

Maintenance & Trust

Action Network Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 18, 2025

PHP min version

Downloads13K

Community Trust

Rating100/100

Number of ratings2

Active installs400

Alternatives

Action Network Alternatives

Volunteer Sign Up Sheets

pta-volunteer-sign-up-sheets

Easily create and manage sign-up sheets for activities and events, while protecting the privacy of the volunteers' personal information.

1K 1 CVE

SalsaPress

salsa-press

Connects WordPress to Salsa for embedding events, sign up forms, and reports.

10 No CVEs

The Events Calendar

the-events-calendar

The Events Calendar: #1 calendar plugin for WordPress. Create/manage events (virtual too!) on your site with the free plugin.

700K 25 CVEs

Newsletter – Send awesome emails from WordPress

newsletter

An email marketing tool for your blog: subscription forms to create your lists with unlimited subscribers and newsletters.

200K 20 CVEs

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

Optimize your appointment scheduling with our plugin. Sync calendars, automate reminders, and keep your bookings organized.

100K 2 unpatched

Developer Profile

Action Network Developer Profile

Concerted Action

1 plugin · 400 total installs

trust score

Avg Security Score

97/100

Avg Patch Time

117 days

View full developer profile

Detection Fingerprints

How We Detect Action Network

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-action-network/css/actionnetwork-widget.css/wp-content/plugins/wp-action-network/css/actionnetwork-admin.css/wp-content/plugins/wp-action-network/js/actionnetwork-admin.js/wp-content/plugins/wp-action-network/js/actionnetwork-widget.js/wp-content/plugins/wp-action-network/js/actionnetwork-sync.js/wp-content/plugins/wp-action-network/js/actionnetwork-admin-widget.js

Script Paths

/wp-content/plugins/wp-action-network/js/actionnetwork-widget.js/wp-content/plugins/wp-action-network/js/actionnetwork-admin.js

Version Parameters

wp-action-network/css/actionnetwork-widget.css?ver=wp-action-network/css/actionnetwork-admin.css?ver=wp-action-network/js/actionnetwork-admin.js?ver=wp-action-network/js/actionnetwork-widget.js?ver=wp-action-network/js/actionnetwork-sync.js?ver=wp-action-network/js/actionnetwork-admin-widget.js?ver=

HTML / DOM Fingerprints

CSS Classes

actionnetwork-widget-formactionnetwork-embedactionnetwork-calendaractionnetwork-map

HTML Comments

Action Network widget startAction Network widget endactionnetwork_widgetactionnetwork_calendar+1 more

Data Attributes

data-actionnetwork-widget-iddata-actionnetwork-form-iddata-actionnetwork-event-limitdata-actionnetwork-date-formatdata-actionnetwork-show-datesdata-actionnetwork-show-location+3 more

JS Globals

ActionNetworkWidgetActionNetworkSync

REST Endpoints

/wp-json/actionnetwork/v1/settings/wp-json/actionnetwork/v1/forms/wp-json/actionnetwork/v1/events

Shortcode Output

[action_network_widget][action_network_calendar][action_network_map]

FAQ