Does Advent Calendar have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Advent Calendar compatible with WordPress 6.1.10?

According to WordPress.org data, Advent Calendar 1.0.4 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

How often is Advent Calendar updated?

Advent Calendar was last updated on Nov 29, 2022. Frequent updates are generally a positive security signal.

What is Advent Calendar's security score?

Advent Calendar has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Advent Calendar Security & Risk Analysis

wordpress.org/plugins/advent-calender

A simple calendar plugin to show a list of 24 days before christmas. Each day can be viewed automatically on the current date after it got published.

100 active installs v1.0.4 PHP + WP 3.7.1+ Updated Nov 29, 2022

adventcalendarchristmasflexible

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Advent Calendar Safe to Use in 2026?

Generally Safe

Score 85/100

Advent Calendar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "advent-calender" plugin v1.0.4 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any known CVEs and the lack of critical or high severity taint flows are positive indicators. The code also demonstrates good practices by using prepared statements for all its SQL queries, which mitigates the risk of SQL injection. However, there are areas for improvement. The plugin has a moderate concern regarding output escaping, with 50% of outputs not being properly escaped. This could lead to cross-site scripting (XSS) vulnerabilities if user-controlled data is not handled carefully when displayed. Additionally, the complete absence of nonce checks and capability checks across its entry points, including the shortcode, leaves it open to potential CSRF attacks or unauthorized actions, especially if the shortcode's functionality involves sensitive operations. The plugin's small attack surface is a strength, but the lack of robust authentication and authorization mechanisms on its sole entry point is a notable weakness.

Key Concerns

Unescaped output detected
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

Advent Calendar Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Advent Calendar Release Timeline

v1.0.5

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

Advent Calendar Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

50% escaped10 total outputs

Attack Surface

Advent Calendar Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[advent-calendar] public\class-advent-calendar.php:78

WordPress Hooks 9

actionadmin_menuadmin\class-advent-calendar-admin.php:62

actionadmin_menuadmin\class-advent-calendar-admin.php:63

actionplugins_loadedadvent-calendar.php:42

actionplugins_loadedadvent-calendar.php:62

actioninitpublic\class-advent-calendar.php:65

actionwpmu_new_blogpublic\class-advent-calendar.php:68

actionwp_enqueue_scriptspublic\class-advent-calendar.php:71

actioninitpublic\class-advent-calendar.php:76

filtersingle_templatepublic\class-advent-calendar.php:77

Maintenance & Trust

Advent Calendar Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedNov 29, 2022

PHP min version

Downloads14K

Community Trust

Rating84/100

Number of ratings5

Active installs100

Alternatives

Advent Calendar Alternatives

Super Advent Calendar

super-advent-calendar

100

Add a super flexible advent calendar to your website for festive giveaways or counting down the holidays.

300 No CVEs

Christmas Calendar by CMobile

cmobile-christmas-calendar

CMobile Christmas Calendar is an innovative idea to market your website or blog

10 No CVEs

Adventi – Lead Generator Advent Calendar

adventi

100

A beautiful and engaging 12-day Advent Calendar to increase engagement, generate leads, and share holiday gifts with your users.

0 No CVEs

Calendareto Christmas Countdown

calendareto-christmas-countdown

100

A lightweight and clean countdown timer to Christmas Day (December 25). Use [calendareto christmas countdown] anywhere to display the timer.

0 No CVEs

The Events Calendar

the-events-calendar

The Events Calendar: #1 calendar plugin for WordPress. Create/manage events (virtual too!) on your site with the free plugin.

700K 25 CVEs

Developer Profile

Advent Calendar Developer Profile

Paul Vincent Beigang

1 plugin · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Advent Calendar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/advent-calender/public/css/advent-calendar-public.css/wp-content/plugins/advent-calender/public/js/advent-calendar-public.js

Script Paths

/wp-content/plugins/advent-calender/public/js/advent-calendar-public.js

Version Parameters

advent-calender/public/css/advent-calendar-public.css?ver=advent-calender/public/js/advent-calendar-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

advent-calendar

Data Attributes

data-ac-active-textdata-ac-inactive-textdata-ac-start-datedata-ac-end-datedata-ac-countdown-format

JS Globals

AdventCalendar

Shortcode Output

[advent-calendar]

FAQ