Plugin inspection:

The Events Calendar

No issues found

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

We didn't find anything worrying in this plugin. It's probably safe. Read more about this recommendation.


This recommendation applies to version 2.0.11 of this plugin, but the most recent version is 6.3.6. These findings may no longer be correct.


This plugin contains some issues:

  • Some SQL statements are correctly escaped, some are not. No injections were found, but line 2555 of lib/the-events-calendar.class.php needs investigation.
  • Not all HTML output is escaped. No obvious XSS vulnerabilities were located.

Failure criteria

  • Execution of unprepared SQL statements
  • Lack of proper output escaping

Read more about our failure criteria.