Kitgenix Plugin Score

Events Manager – Calendar, Bookings, Tickets, and more!

Slug: events-manager · Marcus (aka @msykes) · 70,000+

Actively maintained
Events Manager – Calendar, Bookings, Tickets, and more! banner image

Overall Score

Scan this plugin to generate a full score report

--
Not Yet Scanned

What this score means

Scores are calculated on a 100-point scale by analysing six weighted categories: Security, WP.org Readiness, Performance, Code Quality, Accessibility, and Vulnerabilities. Open vulnerabilities are weighted by severity, CVSS, and patch availability, and incomplete source data can reduce confidence slightly.

  • Excellent The plugin follows best practices across every measured category. It is well-maintained, low-risk, and recommended for production use.
  • Good Strong overall quality with minor areas for improvement. Generally safe to use on most sites.
  • Needs Review Some areas of concern detected. Review the full issues report and weigh the risks before installing on production.
  • High Risk Significant quality or security problems found. Exercise caution — check the details carefully before using this plugin.
No scan has been completed yet. Vulnerability and issue data will appear after the first scan.
  • Wordfence: June 10, 2026 7:46 am (31 minutes ago)

Actions

View on WordPress.org Download Plugin
After the first scan, this plugin will be automatically re-scanned every 30 days.
Export report: CSV JSON

Score Breakdown

Shield
Security
--
Pending Scan
W
WP.org Readiness
--
Pending Scan
Speed
Performance
--
Pending Scan
Code
Code Quality
--
Pending Scan
A11y
Accessibility
--
Pending Scan
Bug
Vulnerability Status
--
Pending Scan

Plugin Details

Scan Summary

  • Errors: 0
  • Warnings: 0
  • Notices: 0
  • Last Scanned: N/A
No scan results yet. Start the first scan to populate this summary.

Detected Issues

No issues to display yet. Run the first scan to generate findings.

Score History

No history available yet. · All-Time High: N/A

All Past Vulnerabilities

Showing all known historical vulnerabilities for this plugin, including open and closed records.

Vulnerability CVE Severity Status Affected Versions Patched Version Updated Source
Events Manager <= 6.4.6.4 - Authenticated(Administator+) Stored Cross-Site Scripting via settings N/A LOW Closed *-6.4.6.4 6.4.7 2024-02-28 00:00:00 Wordfence
Events Manager <= 7.2.2.2 - Unauthenticated Information Exposure N/A LOW Closed *-7.2.2.2 7.2.2.3 2025-12-11 21:39:32 Wordfence
Events Manager < 5.9.7.2 & Events Manager Pro < 2.6.7.2 - Unauthenticated CSV Injection N/A LOW Closed [*, 5.9.7.2) 5.9.7.2 2020-02-06 00:00:00 Wordfence
Events Manager <= 6.4.8 - Reflected Cross-Site Scripting N/A LOW Closed *-6.4.8 6.4.9 2024-06-28 00:00:00 Wordfence
Events Manager <= 5.8.1.3 - Stored Cross-Site Scripting N/A LOW Closed [*, 5.9) 5.9 2018-04-27 00:00:00 Wordfence
Events Manager <= 5.5.1 - Multiple Cross-Site Scripting N/A LOW Closed *-5.5.1 5.5.2 2014-08-01 00:00:00 Wordfence
Events Manager <= 5.8.1.1 - Cross-Site Scripting N/A LOW Closed [*, 5.8.1.2) 5.8.1.2 2018-03-26 00:00:00 Wordfence
Events Manager <= 7.0.3 - Unauthenticated SQL Injection via `orderby` Parameter N/A LOW Closed *-6.6.4.4, 7.0.1-7.0.3 6.6.5 2025-07-09 09:58:32 Wordfence
Events Manager <= 6.4.6.4 - Missing Authorization N/A LOW Closed *-6.4.6.4 6.4.7 2024-03-28 00:00:00 Wordfence
Events Manager <= 6.4.7.1 - Cross-Site Request Forgery N/A LOW Closed *-6.4.7.1 6.4.7.2 2024-03-28 00:00:00 Wordfence
Events Manager < 5.3.9 - Cross-Site Scripting N/A LOW Closed [*, 5.3.9) 5.3.9 2014-08-01 00:00:00 Wordfence
Events Manager <= 5.9.5 - Authenticated Stored Cross-Site Scripting N/A LOW Closed *-5.9.5 5.9.6 2019-10-16 00:00:00 Wordfence
Events Manager < 5.1.7 - Cross-Site Scripting N/A LOW Closed [*, 5.1.7) 5.1.7 2012-05-22 00:00:00 Wordfence
Events Manager <= 7.2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events_list_grouped' Shortcode N/A LOW Closed *-7.2.2.1 7.2.3 2025-12-17 00:00:00 Wordfence
Events Manager <= 5.9.7.1 - CSV Injection N/A LOW Closed *-5.9.7.1 5.9.7.2 2020-02-05 00:00:00 Wordfence
Events Manager – Calendar, Bookings, Tickets, and more! <= 6.6.4.1 - Missing Authorization N/A LOW Closed *-6.6.4.1 6.6.4.2 2025-02-26 00:00:00 Wordfence
Events Manager < 5.3.5 & Events Manager Pro < 2.2.9 - Cross-Site Scripting N/A LOW Closed [*, 5.3.5) 5.3.5 2014-08-01 00:00:00 Wordfence
Events Manager – Calendar, Bookings, Tickets, and more! <= 7.2.2.2 - Cross-Site Request Forgery to Location Deletion N/A LOW Closed *-7.2.2.2 7.2.2.3 2025-12-11 21:40:07 Wordfence
Events Manager <= 5.9.7.3 - Cross-Site Scripting N/A LOW Closed *-5.9.7.3 5.9.8 2020-06-07 00:00:00 Wordfence
Events Manager <= 5.3.6 - Multiple Cross-Site Scripting N/A LOW Closed *-5.3.6 5.3.6.1 2013-02-27 00:00:00 Wordfence
Events Manager <= 5.5.7.1 - Cross-Site Scripting N/A LOW Closed [*, 5.6) 5.6 2015-08-10 00:00:00 Wordfence
Events Manager < 5.5 - Cross-Site Scripting N/A LOW Closed [*, 5.5) 5.5 2013-08-14 00:00:00 Wordfence
Events Manager < 5.5.7.1 - Cross-Site Scripting N/A LOW Closed [*, 5.5.7.1) 5.5.7.1 2015-06-04 00:00:00 Wordfence
Events Manager <= 7.0.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes N/A LOW Closed *-6.6.4.4, 7.0.1-7.0.3 6.6.5 2025-07-09 09:58:49 Wordfence
Events Manager <= 6.4.7.1 - Cross-Site Request Forgery N/A LOW Closed *-6.4.7.1 6.4.7.2 2024-03-27 00:00:00 Wordfence
Event Manager <= 7.0.3 - Reflected Cross-Site Scripting via `calendar_header` Parameter N/A LOW Closed *-6.6.4.4, 7.0.1-7.0.3 6.6.5 2025-07-09 09:58:10 Wordfence
Events Manager <= 5.5.7.1 - Code Injection N/A LOW Closed [*, 5.6) 5.6 2015-08-10 00:00:00 Wordfence
Events Manager – Calendar, Bookings, Tickets, and more! <= 6.4.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via event, location, and event_category Shortcodes N/A LOW Closed *-6.4.7.3 6.4.8 2024-06-11 00:00:00 Wordfence
Events Manager < 5.5.7 - Cross-Site Scripting N/A LOW Closed [*, 5.5.7) 5.5.7 2015-05-23 00:00:00 Wordfence
Events Manager <= 5.9.7.3 - Admin+ SQL Injection N/A LOW Closed *-5.9.7.3 5.9.8 2020-06-07 00:00:00 Wordfence
Events Manager <= 6.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting N/A LOW Closed *-6.4.7.1 6.4.7.2 2024-03-27 00:00:00 Wordfence
Events Manager <= 5.9.4 - Cross-Site Scripting N/A LOW Closed *-5.9.4 5.9.5 2018-07-18 00:00:00 Wordfence
Events Manager – Calendar, Bookings, Tickets, and more! <= 6.6.3 - Unauthenticated SQL Injection via Event Status Parameter N/A LOW Closed *-6.6.3 6.6.4 2025-02-20 16:21:48 Wordfence
Events Manager <= 6.4.5 - Reflected Cross-Site Scripting N/A LOW Closed *-6.4.5 6.4.6 2023-11-23 00:00:00 Wordfence