WP-Safety

Event RSVP and Simple Event Management Plugin Security & Risk Analysis

wordpress.org/plugins/wp-easy-events

Event management, RSVP and event tickets system with event calendar, event venues with maps and event organizers.

30 active installs v4.2.2 PHP + WP 4.5+ Updated Aug 21, 2025
event-managementevent-ticketsevent-venueevents-calendarrsvp
98
A · Safe
CVEs total2
Unpatched0
Last CVEJun 25, 2025
Plugin page Download
Safety Verdict

Is Event RSVP and Simple Event Management Plugin Safe to Use in 2026?

Generally Safe

Score 98/100

Event RSVP and Simple Event Management Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jun 25, 2025Updated 7mo ago
Risk Assessment

The wp-easy-events plugin v4.2.2 presents a mixed security posture. While it demonstrates good practices in areas like SQL query preparation (93%) and output escaping (92%), several concerning aspects warrant attention. The large attack surface, with 39 entry points including 13 unprotected AJAX handlers, significantly increases the potential for exploitation. Furthermore, the presence of two flows with high severity taint analysis results, particularly those involving unsanitized paths, indicates a risk of potential vulnerabilities if these flows are triggered by malicious input. The vulnerability history, though currently showing no unpatched CVEs, reveals a past pattern of medium severity Cross-site Scripting (XSS) vulnerabilities, suggesting that similar issues could resurface if input sanitization and output escaping are not robustly implemented across all entry points. The plugin's strengths lie in its robust handling of SQL and output, but the exposed AJAX handlers and taint analysis findings are key areas of concern that require diligent monitoring and potential remediation.

Key Concerns

  • High number of unprotected AJAX handlers
  • High severity taint flows with unsanitized paths
  • Bundled outdated library (Select2 v3.2)
  • Known vulnerability history (medium XSS)
  • Use of dangerous function (preg_replace(/e))
Vulnerabilities
2

Event RSVP and Simple Event Management Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-5540medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Event RSVP and Simple Event Management Plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 25, 2025 Patched in 4.2.0 (51d)
WF-cae1e209-96f3-49ed-a233-768db8e36c5b-wp-easy-eventsmedium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Event Management, Events Calendar, RSVP Event Tickets Plugin <= 3.8.4 - Cross-Site Scripting

May 18, 2022 Patched in 3.8.5 (615d)
Code Analysis
Analyzed Mar 16, 2026

Event RSVP and Simple Event Management Plugin Code Analysis

Dangerous Functions
2
Raw SQL Queries
3
38 prepared
Unescaped Output
205
2405 escaped
Nonce Checks
28
Capability Checks
34
File Operations
0
External Requests
2
Bundled Libraries
1

Dangerous Functions Found

preg_replace(/e)preg_replace('/eincludes\emd-form-builder-lite\emd-form-functions.php:495
preg_replace(/e)preg_replace('/eincludes\emd-form-builder-lite\emd-form-functions.php:516

Bundled Libraries

Select23.2

SQL Query Safety

93% prepared41 total queries

Output Escaping

92% escaped2610 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

17 flows9 with unsanitized paths
emd_form_builder_lite_get_field (includes\emd-form-builder-lite\emd-form-builder.php:848)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
13 unprotected

Event RSVP and Simple Event Management Plugin Attack Surface

Entry Points39
Unprotected13

AJAX Handlers 34

authwp_ajax_emd_insert_new_shcincludes\admin\shortcode-list-functions.php:72
authwp_ajax_single_tax_add_taxtermincludes\admin\singletax\emd-singletax-functions.php:4
authwp_ajax_wp_easy_events_emd_calc_formulaincludes\calculate-functions.php:8
noprivwp_ajax_wp_easy_events_emd_calc_formulaincludes\calculate-functions.php:9
authwp_ajax_emd_load_fileincludes\class-install-deactivate.php:51
noprivwp_ajax_emd_load_fileincludes\class-install-deactivate.php:52
authwp_ajax_emd_delete_fileincludes\class-install-deactivate.php:53
noprivwp_ajax_emd_delete_fileincludes\class-install-deactivate.php:54
authwp_ajax_emd_check_userEmailincludes\common-functions.php:541
authwp_ajax_emd_check_uniqueincludes\common-functions.php:570
authwp_ajax_emd_calendar_ajaxincludes\emd-calendar\calendar-admin-functions.php:110
noprivwp_ajax_emd_calendar_ajaxincludes\emd-calendar\calendar-admin-functions.php:111
authwp_ajax_emd_form_builder_lite_get_fieldincludes\emd-form-builder-lite\emd-form-builder.php:847
authwp_ajax_emd_form_builder_lite_get_pageincludes\emd-form-builder-lite\emd-form-builder.php:1226
authwp_ajax_emd_form_builder_lite_get_rowincludes\emd-form-builder-lite\emd-form-builder.php:1279
authwp_ajax_emd_form_builder_lite_save_formincludes\emd-form-builder-lite\emd-form-builder.php:1306
authwp_ajax_emd_form_builder_lite_get_hrincludes\emd-form-builder-lite\emd-form-builder.php:1425
authwp_ajax_emd_form_builder_lite_get_htmlincludes\emd-form-builder-lite\emd-form-builder.php:1445
authwp_ajax_emd_formb_lite_submit_ajax_formincludes\emd-form-builder-lite\emd-form-frontend.php:9
noprivwp_ajax_emd_formb_lite_submit_ajax_formincludes\emd-form-builder-lite\emd-form-frontend.php:10
noprivwp_ajax_emd_check_userEmailincludes\emd-form-builder-lite\emd-form-frontend.php:11
noprivwp_ajax_emd_check_uniqueincludes\emd-form-builder-lite\emd-form-frontend.php:12
noprivwp_ajax_emd_lite_process_loginincludes\emd-form-builder-lite\emd-form-frontend.php:1933
authwp_ajax_emd_lite_process_loginincludes\emd-form-builder-lite\emd-form-frontend.php:1934
noprivwp_ajax_emd_lite_verify_registrationincludes\emd-form-builder-lite\emd-form-frontend.php:2021
authwp_ajax_emd_lite_verify_registrationincludes\emd-form-builder-lite\emd-form-frontend.php:2022
authwp_ajax_emd_form_builder_lite_pagenumincludes\emd-form-builder-lite\emd-form-functions.php:1102
noprivwp_ajax_emd_form_builder_lite_pagenumincludes\emd-form-builder-lite\emd-form-functions.php:1103
noprivwp_ajax_emd_verify_emailincludes\login-register-functions.php:143
authwp_ajax_emd_verify_emailincludes\login-register-functions.php:144
authwp_ajax_wp_easy_events_send_deactivate_reasonincludes\plugin-feedback-functions.php:11
authwp_ajax_wp_easy_events_show_ratemeincludes\plugin-feedback-functions.php:16
authwp_ajax_emd_get_widg_pagenumincludes\widget-functions.php:10
noprivwp_ajax_emd_get_widg_pagenumincludes\widget-functions.php:11

Shortcodes 5

[emd_calendar] includes\emd-calendar\calendar-admin-functions.php:41
[emd_form] includes\emd-form-builder-lite\emd-form-frontend.php:402
[wpee_venue_list] includes\entities\emd-event-venues-shortcodes.php:56
[wpee_event_grid] includes\entities\emd-wpe-event-shortcodes.php:56
[events_calendar] includes\integration-shortcodes.php:9
WordPress Hooks 136
actionemd_display_settings_notifyincludes\admin\class-emd-notifications.php:38
actionwp_easy_events_getting_startedincludes\admin\getting-started.php:9
actionwp_easy_events_settings_glossaryincludes\admin\glossary.php:9
actionemd_notifyincludes\admin\notify-actions.php:363
actionemd_change_notifyincludes\admin\notify-actions.php:364
actionlogin_redirectincludes\admin\notify-actions.php:365
filterwp_mail_from_nameincludes\admin\notify-actions.php:412
filterwp_mail_fromincludes\admin\notify-actions.php:419
actionemd_ext_registerincludes\admin\settings-functions-globs.php:11
filteremd_add_settings_tabincludes\admin\settings-functions-globs.php:12
actionemd_show_settings_tabincludes\admin\settings-functions-globs.php:13
actionemd_ext_registerincludes\admin\settings-functions-misc.php:11
filteremd_add_settings_tabincludes\admin\settings-functions-misc.php:12
actionemd_show_settings_tabincludes\admin\settings-functions-misc.php:13
actionemd_ext_registerincludes\admin\settings-functions.php:11
actionemd_show_settings_pageincludes\admin\settings-functions.php:12
actionemd_show_shortcodes_pageincludes\admin\shortcode-list-functions.php:4
actionemd_create_shc_with_filtersincludes\admin\shortcode-list-functions.php:53
actionadd_meta_boxesincludes\admin\singletax\class-emd-single-taxonomy.php:31
filterwp_terms_checklist_argsincludes\admin\singletax\class-emd-single-taxonomy.php:35
actionsave_postincludes\admin\singletax\class-emd-single-taxonomy.php:39
filtermedia_buttonsincludes\admin\wpas-btn-functions.php:10
actionadmin_footerincludes\admin\wpas-btn-functions.php:11
filterkses_allowed_protocolsincludes\admin\wpas-btn-functions.php:222
filterposts_whereincludes\class-emd-query.php:91
filterposts_joinincludes\class-emd-query.php:94
filteremd_wp_session_cookie_secureincludes\class-emd-session.php:59
filteremd_wp_session_cookie_httponlyincludes\class-emd-session.php:60
filteremd_wp_session_delete_batch_sizeincludes\class-emd-session.php:61
filtersafe_style_cssincludes\class-emd-widget.php:57
actionadmin_initincludes\class-install-deactivate.php:21
actionwp_headincludes\class-install-deactivate.php:33
actionadmin_initincludes\class-install-deactivate.php:37
actionadmin_noticesincludes\class-install-deactivate.php:41
actiongenerate_rewrite_rulesincludes\class-install-deactivate.php:45
filterquery_varsincludes\class-install-deactivate.php:46
actionadmin_initincludes\class-install-deactivate.php:47
actioninitincludes\class-install-deactivate.php:55
filtertiny_mce_before_initincludes\class-install-deactivate.php:60
actionemd_display_settings_calendarincludes\emd-calendar\class-emd-calendar.php:26
actionemd_ext_set_confincludes\emd-form-builder-lite\emd-form-builder.php:12
actionemd_ext_initincludes\emd-form-builder-lite\emd-form-builder.php:22
filterposts_whereincludes\emd-form-builder-lite\emd-form-builder.php:48
actionemd_ext_admin_enqincludes\emd-form-builder-lite\emd-form-builder.php:50
actionemd_show_forms_lite_pageincludes\emd-form-builder-lite\emd-form-builder.php:282
actioninitincludes\emd-form-builder-lite\emd-form-frontend.php:46
filteremd_ext_parse_tagsincludes\emd-form-builder-lite\emd-form-functions.php:786
actioninitincludes\emd-form-builder-lite\emd-form-functions.php:812
filterkses_allowed_protocolsincludes\emd-form-builder-lite\emd-form-functions.php:1180
actionemd_ext_registerincludes\emd-form-builder-lite\settings-functions-login.php:12
filteremd_add_settings_tabincludes\emd-form-builder-lite\settings-functions-login.php:13
actionemd_show_settings_tabincludes\emd-form-builder-lite\settings-functions-login.php:14
actionemd_ext_admin_enqincludes\emd-lite\emd-lite.php:8
filteremd_lite_modalincludes\emd-lite\emd-lite.php:26
actionsave_postincludes\entities\class-emd-entity.php:96
actionsave_postincludes\entities\class-emd-entity.php:133
actioninitincludes\entities\class-emd-event-attendee.php:27
actionadmin_initincludes\entities\class-emd-event-attendee.php:31
actionsave_postincludes\entities\class-emd-event-attendee.php:35
filterpost_updated_messagesincludes\entities\class-emd-event-attendee.php:39
actionadmin_menuincludes\entities\class-emd-event-attendee.php:43
actionadmin_head-edit.phpincludes\entities\class-emd-event-attendee.php:47
actionadmin_menuincludes\entities\class-emd-event-attendee.php:51
actionmanage_emd_event_attendee_posts_custom_columnincludes\entities\class-emd-event-attendee.php:57
filtermanage_emd_event_attendee_posts_columnsincludes\entities\class-emd-event-attendee.php:61
filterpost_row_actionsincludes\entities\class-emd-event-attendee.php:66
actionadmin_action_emd_duplicate_entityincludes\entities\class-emd-event-attendee.php:70
actionadmin_noticesincludes\entities\class-emd-event-attendee.php:347
filterthe_titleincludes\entities\class-emd-event-attendee.php:378
actioninitincludes\entities\class-emd-event-organizer.php:27
actionadmin_initincludes\entities\class-emd-event-organizer.php:31
filterpost_updated_messagesincludes\entities\class-emd-event-organizer.php:35
actionadmin_menuincludes\entities\class-emd-event-organizer.php:39
actionadmin_head-edit.phpincludes\entities\class-emd-event-organizer.php:43
actionadmin_menuincludes\entities\class-emd-event-organizer.php:47
actionmanage_emd_event_organizer_posts_custom_columnincludes\entities\class-emd-event-organizer.php:53
filtermanage_emd_event_organizer_posts_columnsincludes\entities\class-emd-event-organizer.php:57
filterpost_row_actionsincludes\entities\class-emd-event-organizer.php:62
actionadmin_action_emd_duplicate_entityincludes\entities\class-emd-event-organizer.php:66
actionadmin_noticesincludes\entities\class-emd-event-organizer.php:372
filterthe_titleincludes\entities\class-emd-event-organizer.php:403
actioninitincludes\entities\class-emd-event-venues.php:27
actionadmin_initincludes\entities\class-emd-event-venues.php:31
filterpost_updated_messagesincludes\entities\class-emd-event-venues.php:35
actionadmin_menuincludes\entities\class-emd-event-venues.php:39
actionadmin_head-edit.phpincludes\entities\class-emd-event-venues.php:43
actionadmin_menuincludes\entities\class-emd-event-venues.php:47
actionmanage_emd_event_venues_posts_custom_columnincludes\entities\class-emd-event-venues.php:53
filtermanage_emd_event_venues_posts_columnsincludes\entities\class-emd-event-venues.php:57
filterpost_row_actionsincludes\entities\class-emd-event-venues.php:62
actionadmin_action_emd_duplicate_entityincludes\entities\class-emd-event-venues.php:66
actionadmin_noticesincludes\entities\class-emd-event-venues.php:379
filterthe_titleincludes\entities\class-emd-event-venues.php:450
actioninitincludes\entities\class-emd-wpe-event.php:27
actionadmin_initincludes\entities\class-emd-wpe-event.php:31
filterpost_updated_messagesincludes\entities\class-emd-wpe-event.php:35
actionadmin_menuincludes\entities\class-emd-wpe-event.php:39
actionadmin_head-edit.phpincludes\entities\class-emd-wpe-event.php:43
actionmanage_emd_wpe_event_posts_custom_columnincludes\entities\class-emd-wpe-event.php:49
filtermanage_emd_wpe_event_posts_columnsincludes\entities\class-emd-wpe-event.php:53
actionadmin_initincludes\entities\class-emd-wpe-event.php:58
filterpost_row_actionsincludes\entities\class-emd-wpe-event.php:62
actionadmin_action_emd_duplicate_entityincludes\entities\class-emd-wpe-event.php:66
actionadmin_noticesincludes\entities\class-emd-wpe-event.php:494
filterthe_titleincludes\entities\class-emd-wpe-event.php:598
actionwp_footerincludes\entities\emd-event-venues-shortcodes.php:62
filterwidget_textincludes\entities\emd-event-venues-shortcodes.php:71
filterwidget_textincludes\entities\emd-event-venues-shortcodes.php:72
actionwp_footerincludes\entities\emd-wpe-event-shortcodes.php:63
filterwidget_textincludes\entities\emd-wpe-event-shortcodes.php:72
filterwidget_textincludes\entities\emd-wpe-event-shortcodes.php:73
actionwp_footerincludes\integration-shortcodes.php:23
filteremd_show_temp_sidebarincludes\layout-functions.php:166
actionemd_sidebarincludes\layout-functions.php:196
actionwidgets_initincludes\layout-functions.php:213
filteremd_show_temp_navigationincludes\layout-functions.php:290
filteremd_show_single_edit_linkincludes\layout-functions.php:320
filteremd_change_containerincludes\layout-functions.php:332
filteremd_get_login_register_option_for_viewsincludes\login-register-functions.php:8
filtersafe_style_cssincludes\login-register-functions.php:26
actionemd_show_login_register_formsincludes\login-register-functions.php:28
actionwp_easy_events_upgradeincludes\plugin-app-functions.php:8
actionedd_complete_purchaseincludes\plugin-app-functions.php:46
actionwoocommerce_order_status_completedincludes\plugin-app-functions.php:93
filterplugin_row_metaincludes\plugin-feedback-functions.php:9
filterplugin_action_linksincludes\plugin-feedback-functions.php:10
actionadmin_footerincludes\plugin-feedback-functions.php:14
actionadmin_noticesincludes\plugin-feedback-functions.php:17
actionadmin_post_wp-easy-events_check_optinincludes\plugin-feedback-functions.php:18
actionadmin_enqueue_scriptsincludes\scripts.php:9
actionwp_enqueue_scriptsincludes\scripts.php:180
actionadmin_print_footer_scriptsincludes\scripts.php:274
filterthe_contentwp-easy-events.php:60
actionadmin_menuwp-easy-events.php:64
filtertemplate_includewp-easy-events.php:68
actionwidgets_initwp-easy-events.php:72
Maintenance & Trust

Event RSVP and Simple Event Management Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 21, 2025
PHP min version
Downloads19K

Community Trust

Rating100/100
Number of ratings6
Active installs30
Alternatives

Event RSVP and Simple Event Management Plugin Alternatives

Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform

Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform

sugar-calendar-lite

B
76

Easily manage events and sell tickets on your WordPress site. Sugar Calendar is easy-to-use, reliable, and exceptionally powerful. See for yourself.

10K 1 unpatched
Registrations for the Events Calendar – Event Registration Plugin

Registrations for the Events Calendar – Event Registration Plugin

registrations-for-the-events-calendar

A
89

Collect and manage event registrations with a customizable form and email template. The best event registration plugin for The Events Calendar.

8K 7 CVEs
RSVP and Event Management

RSVP and Event Management

rsvp

A
97

Simple Event Registration & RSVP Management for WordPress

3K 5 CVEs
Event Genius – Event Management, Registration, RSVP, and Tickets

Event Genius – Event Management, Registration, RSVP, and Tickets

event-genius

A
100

WordPress event management plugin built to be reliable and complete. Supports event registration, recurring events, tickets, and calendars.

100 No CVEs
Events Calendar

Events Calendar

manags-events

A
85

Event management system using jquery -ui datepicker,timepicker addon,provides short-code,widget support.

90 No CVEs
Developer Profile

Event RSVP and Simple Event Management Plugin Developer Profile

emarket-design

10 plugins · 4K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
251 days
View full developer profile
Detection Fingerprints

How We Detect Event RSVP and Simple Event Management Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-easy-events/assets/css/emd-calendar.css/wp-content/plugins/wp-easy-events/assets/css/event-styles.css/wp-content/plugins/wp-easy-events/assets/js/event-scripts.js/wp-content/plugins/wp-easy-events/assets/js/emd-calendar.js
Script Paths
/wp-content/plugins/wp-easy-events/assets/js/event-scripts.js/wp-content/plugins/wp-easy-events/assets/js/emd-calendar.js
Version Parameters
wp-easy-events/assets/css/event-styles.css?ver=wp-easy-events/assets/js/event-scripts.js?ver=wp-easy-events/assets/css/emd-calendar.css?ver=wp-easy-events/assets/js/emd-calendar.js?ver=

HTML / DOM Fingerprints

CSS Classes
emd-calnavemd-calendar-wrapperevent-detail-wrapwp-easy-events-wrapevent-location-wrapevent-organizer-wrapevent-attendee-wrapemd-calendar-event+2 more
HTML Comments
<!-- BEGIN WP EASY EVENTS LIST --><!-- END WP EASY EVENTS LIST --><!-- BEGIN WP EASY EVENTS DETAIL --><!-- END WP EASY EVENTS DETAIL -->+2 more
Data Attributes
data-eventiddata-viewdata-event-datedata-event-title
JS Globals
emd_calendar_optionsemd_event_dataWP_Easy_Events_Vars
REST Endpoints
/wp-json/wp-easy-events/v1/events/wp-json/wp-easy-events/v1/organizers/wp-json/wp-easy-events/v1/venues
Shortcode Output
[wp_easy_events_list][wp_easy_events_detail][wp_easy_events_calendar][wp_easy_events_my_events]
FAQ

Frequently Asked Questions about Event RSVP and Simple Event Management Plugin