Does Add to Calendar Button have any unpatched vulnerabilities?

No. All known vulnerabilities in Add to Calendar Button have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Add to Calendar Button compatible with WordPress 6.9.4?

According to WordPress.org data, Add to Calendar Button 2.9.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Add to Calendar Button compatible with PHP 7.4+?

Add to Calendar Button requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Add to Calendar Button updated?

Add to Calendar Button was last updated on Feb 21, 2026. Frequent updates are generally a positive security signal.

What is Add to Calendar Button's security score?

Add to Calendar Button has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Add to Calendar Button Security & Risk Analysis

wordpress.org/plugins/add-to-calendar-button

Create beautiful buttons, where people can add events to their calendars. Highly customizable. As shortcode or via a convenient block.

3K active installs v2.9.4 PHP 7.4+ WP 5.7+ Updated Feb 21, 2026

buttoncalendareventrsvpwidget

A · Safe

CVEs total1

Unpatched0

Last CVEOct 10, 2023

Plugin page Download

Safety Verdict

Is Add to Calendar Button Safe to Use in 2026?

Generally Safe

Score 100/100

Add to Calendar Button has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 10, 2023Updated 1mo ago

Risk Assessment

The 'add-to-calendar-button' plugin v2.9.4 exhibits a generally good security posture, with a minimal attack surface and no direct SQL queries or file operations. The absence of critical or high-severity taint flows is also a positive sign. However, the analysis reveals significant weaknesses in output sanitization, with only 25% of outputs being properly escaped. This presents a notable risk for cross-site scripting (XSS) vulnerabilities, especially considering the plugin's past vulnerability history which includes a medium-severity XSS flaw.

Key Concerns

Low percentage of properly escaped output
Past medium XSS vulnerability

Vulnerabilities

Add to Calendar Button Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-46613medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Add to Calendar Button <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Oct 10, 2023 Patched in 1.5.1 (105d)

Code Analysis

Analyzed Mar 16, 2026

Add to Calendar Button Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

25% escaped20 total outputs

Attack Surface

Add to Calendar Button Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[add-to-calendar-button] add-to-calendar-button.php:324

WordPress Hooks 10

actionadmin_enqueue_scriptsadd-to-calendar-button.php:129

actionadmin_enqueue_scriptsadd-to-calendar-button.php:160

filterplugin_row_metaadd-to-calendar-button.php:170

actionadmin_enqueue_scriptsadd-to-calendar-button.php:199

actionwp_enqueue_scriptsadd-to-calendar-button.php:203

actioninitadd-to-calendar-button.php:392

actionadmin_menuatcb-options.php:38

actionadmin_initatcb-options.php:39

actionin_admin_headeratcb-options.php:40

actionadmin_footer_textatcb-options.php:41

Maintenance & Trust

Add to Calendar Button Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 21, 2026

PHP min version7.4

Downloads88K

Community Trust

Rating100/100

Number of ratings11

Active installs3K

Alternatives

Add to Calendar Button Alternatives

RSVPMaker Widget

rsvpmaker-widget

Fetch and display event listings managed via the RSVPMaker plugin on a remote site.

0 No CVEs

Simple Calendar – Google Calendar Plugin

google-calendar-events

Add Google Calendar events to your WordPress site in minutes. Beautiful calendar displays. Mobile responsive.

50K 7 CVEs

Events Widgets For Elementor And The Events Calendar

events-widgets-for-elementor-and-the-events-calendar

The Events Calendar Elementor widgets help you manage and display an upcoming events list with date, time, venue and event ticket booking details.

10K 1 CVE

Registrations for the Events Calendar – Event Registration Plugin

registrations-for-the-events-calendar

Collect and manage event registrations with a customizable form and email template. The best event registration plugin for The Events Calendar.

8K 7 CVEs

RSVP and Event Management

rsvp

Simple Event Registration & RSVP Management for WordPress

3K 5 CVEs

Developer Profile

Add to Calendar Button Developer Profile

Add to Calendar

1 plugin · 3K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

105 days

View full developer profile

Detection Fingerprints

How We Detect Add to Calendar Button

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/add-to-calendar-button/lib/atcba.js/wp-content/plugins/add-to-calendar-button/atcb-options.css/wp-content/plugins/add-to-calendar-button/lib/atcb.min.js/wp-content/plugins/add-to-calendar-button/lib/atcb-unstyle.min.js

Script Paths

lib/atcba.jsatcb-options.csslib/atcb.min.jslib/atcb-unstyle.min.js

Version Parameters

add-to-calendar-button/lib/atcb.min.js?ver=add-to-calendar-button/lib/atcb-unstyle.min.js?ver=add-to-calendar-button/lib/atcba.js?ver=

HTML / DOM Fingerprints

CSS Classes

atcb-button

Data Attributes

add-to-calendar-button

JS Globals

add_to_calendar_button

Shortcode Output

<add-to-calendar-button

FAQ