Plugin inspection:

The Events Calendar

Use with caution

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

Before using this plugin, you should carefully consider these findings. Read more about this recommendation.

Findings

This is a large codebase including vendor libraries that mean it is difficult to review fully.

No issues were found.

There is use of database locking and asynchronous functionality, so it is recommended to test how this works on the specific infrastructure in use in case of any incompatibilities here.

The plugin can be extended with add-ons, and these should be reviewed separately if used.

 

 

Reason for the 'Use with caution' result

The plugin has been given this recommendation at the tester's discretion:

No issues were found. The reason for the ‘use with caution’ rating is to highlight that any plugin add-ons used should be reviewed separately. There is also the recommendation to test against the target infrastructure to ensure that database functions such as locking do not cause any issues for the target setup.

Note that an older version did have XSS security concerns raised ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15109 ), so as per general best practice, it is advised to use the latest, up to date version.

Failure criteria

  • Very large codebase

Read more about our failure criteria.