WP-Safety

WP Conference Security & Risk Analysis

wordpress.org/plugins/wp-conference

Here we present a New Plugin which basically helps to arrange Seminar/Conference in an organized manner. We provide a system that can handle the foll …

10 active installs v1.2 PHP 5.2.4+ WP 3.9.19+ Updated Jul 3, 2023
conference-pluginfree-wordpress-pluginseminar-plugin
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Conference Safe to Use in 2026?

Generally Safe

Score 85/100

WP Conference has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The wp-conference plugin v1.2 presents a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and shows no history of known vulnerabilities, suggesting a generally stable development history. The absence of external HTTP requests and file operations also reduces potential attack vectors.

However, significant concerns are raised by the presence of two unprotected AJAX handlers, which represent direct entry points for attackers without proper authentication or authorization. Furthermore, the high number of dangerous function calls, specifically `unserialize`, is a critical red flag. If user-controlled data is ever passed to `unserialize` without robust validation, it can lead to Remote Code Execution (RCE) vulnerabilities. The taint analysis also indicates a flow with unsanitized paths, although it was not classified as critical or high severity, it still warrants attention as it points to potential data handling weaknesses.

The limited number of output escaping instances (8%) compared to the total outputs (226) suggests a widespread risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected into the site's output.

Key Concerns

  • Unprotected AJAX handlers found
  • Dangerous function 'unserialize' present
  • Low percentage of properly escaped output
  • Taint flow with unsanitized paths
Vulnerabilities
None known

WP Conference Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WP Conference Release Timeline

v1.1
Code Analysis
Analyzed Mar 16, 2026

WP Conference Code Analysis

Dangerous Functions
20
Raw SQL Queries
0
0 prepared
Unescaped Output
209
17 escaped
Nonce Checks
3
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$speakers = unserialize($postmeta['session_speakers'][0]);alongside_detailed_view.php:23
unserialize$selected_tracks = unserialize($postmeta['session_tracks'][0]);alongside_detailed_view.php:77
unserialize$conference_tracks = unserialize($conference_postmeta['tracks'][0]);alongside_detailed_view.php:78
unserialize$speakers = unserialize($postmeta['session_speakers'][0]);alongside_minimal_view.php:23
unserialize$selected_tracks = unserialize($postmeta['session_tracks'][0]);alongside_minimal_view.php:64
unserialize$conference_tracks = unserialize($conference_postmeta['tracks'][0]);alongside_minimal_view.php:65
unserialize$speakers = unserialize($session_postmeta['session_speakers'][0]);single-session.php:42
unserialize$selected_tracks = unserialize($session_postmeta['session_tracks'][0]);single-session.php:95
unserialize$conference_tracks = unserialize($conference_postmeta['tracks'][0]);single-session.php:96
unserialize$social_medias = unserialize($speaker_postmeta['social_medias'][0]);single-speaker.php:37
unserialize$speakers = unserialize($postmeta['session_speakers'][0]);single-speaker.php:71
unserialize$selected_tracks = unserialize($session_postmeta['session_tracks'][0]);single-speaker.php:173
unserialize$conference_tracks = unserialize($conference_postmeta['tracks'][0]);single-speaker.php:174
unserialize$speakers = unserialize($postmeta['conference_speakers'][0]);speaker_listing.php:7
unserialize$speakers = unserialize($postmeta['session_speakers'][0]);tabbed_detailed_view.php:27
unserialize$selected_tracks = unserialize($postmeta['session_tracks'][0]);tabbed_detailed_view.php:81
unserialize$conference_tracks = unserialize($conference_postmeta['tracks'][0]);tabbed_detailed_view.php:82
unserialize$speakers = unserialize($postmeta['session_speakers'][0]);tabbed_minimal_view.php:27
unserialize$selected_tracks = unserialize($postmeta['session_tracks'][0]);tabbed_minimal_view.php:68
unserialize$conference_tracks = unserialize($conference_postmeta['tracks'][0]);tabbed_minimal_view.php:69

Output Escaping

8% escaped226 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<single-speaker> (single-speaker.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

WP Conference Attack Surface

Entry Points4
Unprotected2

AJAX Handlers 2

authwp_ajax_get_tracksconference.php:684
noprivwp_ajax_get_tracksconference.php:685

Shortcodes 2

[conferenceoverview] conference.php:916
[speakeroverview] conference.php:930
WordPress Hooks 18
actioninitconference.php:127
filtermanage_speaker_posts_columnsconference.php:141
actionmanage_speaker_posts_custom_columnconference.php:148
filtermanage_edit-speaker_sortable_columnsconference.php:156
filtermanage_session_posts_columnsconference.php:170
actionmanage_session_posts_custom_columnconference.php:183
filtermanage_edit-session_sortable_columnsconference.php:191
filtermanage_conference_posts_columnsconference.php:205
actionmanage_conference_posts_custom_columnconference.php:216
actionpre_get_postsconference.php:218
actionadmin_menuconference.php:266
actionwp_enqueue_scriptsconference.php:295
actionadmin_enqueue_scriptsconference.php:321
actionadmin_initconference.php:340
actionsave_postconference.php:470
actionsave_postconference.php:711
actionsave_postconference.php:852
filtersingle_templateconference.php:946
Maintenance & Trust

WP Conference Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33
Last updatedJul 3, 2023
PHP min version5.2.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

WP Conference Alternatives

WP Abstracts

WP Abstracts

wp-abstracts-manuscripts-manager

C
66

Manage conferences, abstracts submission, authors, reviews, attachments, email notifications and more.

300 1 unpatched
Client Carousel

Client Carousel

client-carousel

A
85

Wordpress Client Slider Requires at least: 4.4.2 Tested Up to: 4.4.2 Stable tag: 1.0.0 Third party plugins: Owl Carousel Version: 2.0.0-beta 2.

100 No CVEs
Developer Profile

WP Conference Developer Profile

Ablion IT Solutions Pvt. Ltd.

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Conference

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-conference/css/wcp_front.css/wp-content/plugins/wp-conference/js/wcp_front.js
Script Paths
/wp-content/plugins/wp-conference/js/wcp_front.js
Version Parameters
wp-conference/css/wcp_front.css?ver=wp-conference/js/wcp_front.js?ver=

HTML / DOM Fingerprints

CSS Classes
wcp-speaker-sectionwcp-session-sectionwcp-conference-sectionwcp-speaker-itemwcp-session-itemwcp-conference-item
Data Attributes
data-conferenceiddata-view
Shortcode Output
[conferenceoverview][speakeroverview]
FAQ

Frequently Asked Questions about WP Conference