Does 3task Calendar have any unpatched vulnerabilities?

No. All known vulnerabilities in 3task Calendar have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is 3task Calendar compatible with WordPress 6.9.4?

According to WordPress.org data, 3task Calendar 1.2.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is 3task Calendar compatible with PHP 7.4+?

3task Calendar requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is 3task Calendar updated?

3task Calendar was last updated on Feb 7, 2026. Frequent updates are generally a positive security signal.

What is 3task Calendar's security score?

3task Calendar has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

3task Calendar Security & Risk Analysis

wordpress.org/plugins/3task-calendar

Professional WordPress Event Calendar with beautiful themes, event categories, and modern design. Create and display events easily.

0 active installs v1.2.2 PHP 7.4+ WP 5.8+ Updated Feb 7, 2026

calendarevent-calendareventsschedulewordpress-calendar

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is 3task Calendar Safe to Use in 2026?

Generally Safe

Score 100/100

3task Calendar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The '3task-calendar' plugin v1.2.2 exhibits a generally strong security posture, with a high percentage of properly escaped outputs and the absence of dangerous functions. The plugin also demonstrates good practice by largely utilizing prepared statements for its SQL queries and incorporating a significant number of nonce and capability checks. Its vulnerability history is clean, with no recorded CVEs, suggesting a mature and well-maintained codebase.

However, there are specific areas of concern that warrant attention. The presence of two REST API routes without permission callbacks represents a direct attack vector that could potentially be exploited without proper authentication. Additionally, four taint flows with unsanitized paths, although not classified as critical or high severity, indicate potential areas where user-supplied data might not be adequately handled, possibly leading to unexpected behavior or vulnerabilities if combined with other factors. While the overall risk appears low, these unprotected entry points and unsanitized flows should be addressed to further harden the plugin's security.

In conclusion, '3task-calendar' v1.2.2 is a plugin with many security strengths, particularly in its handling of output and SQL. The lack of historical vulnerabilities is a positive indicator. The primary weaknesses lie in specific, unprotected REST API routes and taint flows that require careful review and remediation to ensure the plugin's robust security.

Key Concerns

REST API routes without permission callbacks
Flows with unsanitized paths (4 total)

Vulnerabilities

None known

3task Calendar Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

3task Calendar Code Analysis

Dangerous Functions

Raw SQL Queries

30 prepared

Unescaped Output

481 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

75% prepared40 total queries

Output Escaping

98% escaped492 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

8 flows4 with unsanitized paths

render_calendar (includes\class-calendar-renderer.php:29)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

3task Calendar Attack Surface

Entry Points11

Unprotected2

AJAX Handlers 4

authwp_ajax_threecal_get_events3task-calendar.php:140

noprivwp_ajax_threecal_get_events3task-calendar.php:141

authwp_ajax_threecal_get_event_details3task-calendar.php:142

noprivwp_ajax_threecal_get_event_details3task-calendar.php:143

REST API Routes 2

GET/wp-json/3task-calendar/v1/events3task-calendar.php:288

GET/wp-json/3task-calendar/v1/events/(?P<id>\d+)3task-calendar.php:308

Shortcodes 5

[threecal] includes\class-shortcode.php:24

[threecal_event] includes\class-shortcode.php:25

[threecal_events] includes\class-shortcode.php:26

[threecal_upcoming] includes\class-shortcode.php:27

[threecal_mini] includes\class-shortcode.php:28

WordPress Hooks 13

actionadmin_enqueue_scripts3task-calendar.php:115

actionadmin_enqueue_scripts3task-calendar.php:116

actionadmin_menu3task-calendar.php:117

actionadmin_init3task-calendar.php:118

actionadmin_init3task-calendar.php:119

actionwp_enqueue_scripts3task-calendar.php:124

actionwp_enqueue_scripts3task-calendar.php:125

actioninit3task-calendar.php:131

actionrest_api_init3task-calendar.php:134

actionwp_head3task-calendar.php:137

actionplugins_loaded3task-calendar.php:567

actionthreecal_daily_notificationsincludes\class-email.php:30

actionwp_enqueue_scriptspublic\class-public.php:158

Scheduled Events 1

threecal_daily_notifications

Maintenance & Trust

3task Calendar Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 7, 2026

PHP min version7.4

Downloads150

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

3task Calendar Alternatives

Events Calendar by AddEvent – Embeddable Event Calendar Plugin

addevent

100

Easily embed your events calendar on your WordPress site with AddEvent's embeddable calendar plugin.

100 No CVEs

The Events Calendar

the-events-calendar

The Events Calendar: #1 calendar plugin for WordPress. Create/manage events (virtual too!) on your site with the free plugin.

700K 25 CVEs

Timetable and Event Schedule by MotoPress

mp-timetable

Smart event organizer and time-management tool with a clean minimalist design for featuring your timetables and upcoming events.

30K 8 CVEs

Events Widgets For Elementor And The Events Calendar

events-widgets-for-elementor-and-the-events-calendar

The Events Calendar Elementor widgets help you manage and display an upcoming events list with date, time, venue and event ticket booking details.

10K 1 CVE

Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform

sugar-calendar-lite

Easily manage events and sell tickets on your WordPress site. Sugar Calendar is easy-to-use, reliable, and exceptionally powerful. See for yourself.

10K 1 unpatched

Developer Profile

3task Calendar Developer Profile

3task

4 plugins · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect 3task Calendar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/3task-calendar/public/css/threecal-public.css/wp-content/plugins/3task-calendar/public/css/themes/default.css/wp-content/plugins/3task-calendar/public/css/themes/modern.css/wp-content/plugins/3task-calendar/public/js/threecal-public.js/wp-content/plugins/3task-calendar/blocks/calendar-block/index.js/wp-content/plugins/3task-calendar/blocks/calendar-block/editor.css

Script Paths

/wp-content/plugins/3task-calendar/public/js/threecal-public.js/wp-content/plugins/3task-calendar/blocks/calendar-block/index.js

Version Parameters

ver=1.2.2

HTML / DOM Fingerprints

CSS Classes

threecal-calendar-wrapthreecal-calendarthreecal-event-list-wrapthreecal-event-item

HTML Comments

Data Attributes

data-viewdata-categorydata-theme

JS Globals

threecal_public_params

REST Endpoints

/wp-json/3task-calendar/v1/events/wp-json/3task-calendar/v1/event-details

Shortcode Output

[threecal[threecal_event

FAQ