Does XT Event Widget for Social Events have any unpatched vulnerabilities?

No. All known vulnerabilities in XT Event Widget for Social Events have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is XT Event Widget for Social Events compatible with WordPress 6.9.4?

According to WordPress.org data, XT Event Widget for Social Events 1.1.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is XT Event Widget for Social Events updated?

XT Event Widget for Social Events was last updated on Nov 29, 2025. Frequent updates are generally a positive security signal.

What is XT Event Widget for Social Events's security score?

XT Event Widget for Social Events has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

XT Event Widget for Social Events Security & Risk Analysis

wordpress.org/plugins/xt-facebook-events

Easiest way to display Facebook events from your Facebook page to your website using widget or shortcode.

900 active installs v1.1.8 PHP + WP 4.0+ Updated Nov 29, 2025

eventfacebookfacebook-eventfacebook-eventsfacebook-widget

A · Safe

CVEs total1

Unpatched0

Last CVEMay 7, 2025

Plugin page Download

Safety Verdict

Is XT Event Widget for Social Events Safe to Use in 2026?

Generally Safe

Score 98/100

XT Event Widget for Social Events has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 7, 2025Updated 4mo ago

Risk Assessment

The "xt-facebook-events" v1.1.8 plugin exhibits a mixed security posture. While static analysis reveals a generally good practice regarding output escaping and a limited attack surface with no identified unprotected entry points, there are significant concerns related to database interactions and past security issues. The plugin performs SQL queries without prepared statements, which is a common vector for SQL injection vulnerabilities. Although no current vulnerabilities are reported, a past high-severity vulnerability related to Remote File Inclusion is a serious red flag, suggesting a history of critical security flaws that may indicate a lack of robust security development practices or diligent code review. The presence of external HTTP requests also warrants attention as they can be a source of further attack vectors or data leakage if not handled securely.

Key Concerns

SQL queries not using prepared statements
History of high severity RFI vulnerability
External HTTP requests present

Vulnerabilities

XT Event Widget for Social Events Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-47531high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

XT Event Widget for Social Events <= 1.1.7 - Authenticated (Contributor+) Local File Inclusion

May 7, 2025 Patched in 1.1.8 (7d)

Code Analysis

Analyzed Mar 16, 2026

XT Event Widget for Social Events Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

248 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

98% escaped252 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths

xtfe_facebook_authorize_user_callback (includes\class-xt-facebook-events-fb-authorize.php:59)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

XT Event Widget for Social Events Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[wpfb_events] includes\class-xt-facebook-events-facebook.php:50

WordPress Hooks 21

actioninitblocks\facebook-events\index.php:83

actionwidgets_initincludes\class-xt-facebook-events-admin.php:34

actionadmin_menuincludes\class-xt-facebook-events-admin.php:37

actionadmin_enqueue_scriptsincludes\class-xt-facebook-events-admin.php:38

actionadmin_enqueue_scriptsincludes\class-xt-facebook-events-admin.php:39

actionadmin_noticesincludes\class-xt-facebook-events-admin.php:40

filteradmin_footer_textincludes\class-xt-facebook-events-admin.php:41

filtersubmenu_fileincludes\class-xt-facebook-events-admin.php:42

actionadmin_initincludes\class-xt-facebook-events-common.php:22

actionadmin_initincludes\class-xt-facebook-events-common.php:23

actionxtfe_render_pro_noticeincludes\class-xt-facebook-events-common.php:24

actionadmin_footerincludes\class-xt-facebook-events-deactivation.php:41

actionadmin_post_xtfe_clear_cacheincludes\class-xt-facebook-events-facebook.php:51

actionadmin_post_xtfe_facebook_authorize_actionincludes\class-xt-facebook-events-fb-authorize.php:22

actionadmin_post_xtfe_facebook_authorize_callbackincludes\class-xt-facebook-events-fb-authorize.php:23

actionadmin_post_xtfe_deauthorize_actionincludes\class-xt-facebook-events-fb-authorize.php:24

actionadmin_post_xtfe_fb_login_actionincludes\class-xt-facebook-events-fb-authorize.php:25

actionplugins_loadedxt-facebook-events.php:54

actionplugins_loadedxt-facebook-events.php:55

actionwp_enqueue_scriptsxt-facebook-events.php:56

actionwp_enqueue_scriptsxt-facebook-events.php:57

Maintenance & Trust

XT Event Widget for Social Events Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 29, 2025

PHP min version

Downloads45K

Community Trust

Rating90/100

Number of ratings15

Active installs900

Alternatives

XT Event Widget for Social Events Alternatives

Import Social Events

import-facebook-events

Import Facebook events into your WordPress website and/or Event Calendar. Nice Display with shortcode & Event widget.

3K 1 CVE

WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into Event Calendar

wp-event-aggregator

Xylus WP Event Aggregator: Easy way to import Eventbrite events, MeetUp events, Social site Events into your WordPress Event Calendar.

1K 4 CVEs

Traking Goals

traking-goals

Description: This plugin allows you to create a goals for Google analytics, and Facebook of predetermined lead type events for telephone links, direc …

10 No CVEs

Tracking Pixel for Gravity Forms

gf-facebook-pixel-tracking

This plugin provides an easy way to add Facebook event tracking to your Gravity Forms using Facebook’s Tracking Pixel. This flexible plugin works for …

400 No CVEs

My Agile Pixel – The GDPR Analytics and Tracking Pixel Solution

myagilepixel

Avoid legal issues with Google Analytics, Facebook Pixel, and TikTok Pixel. Boost marketing with custom user properties in Google Analytics 4.

300 No CVEs

Developer Profile

XT Event Widget for Social Events Developer Profile

Xylus Themes

13 plugins · 110K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

105 days

View full developer profile

Detection Fingerprints

How We Detect XT Event Widget for Social Events

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/xt-facebook-events/assets/css/font-awesome.min.css/wp-content/plugins/xt-facebook-events/assets/css/xt-facebook-events.css/wp-content/plugins/xt-facebook-events/assets/css/grid_style2.css

Version Parameters

xt-facebook-events/assets/css/font-awesome.min.css?ver=xt-facebook-events/assets/css/xt-facebook-events.css?ver=xt-facebook-events/assets/css/grid_style2.css?ver=

HTML / DOM Fingerprints

CSS Classes

xt-facebook-events-wrapper

Data Attributes

data-fbpageiddata-eventlimitdata-eventdaysdata-showmapdata-showimgdata-showdesc+3 more

JS Globals

xt_facebook_events_params

Shortcode Output

[xt_facebook_events]

FAQ