Calendário Dekatrian Security & Risk Analysis

wordpress.org/plugins/calendario-dekatrian

Altere as datas do seu Wordpress para o Calendário Dekatrian.

0 active installs v0.1.2 PHP 5.1.0+ WP 4.4+ Updated Jan 9, 2018
calendariodekatrian
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Calendário Dekatrian Safe to Use in 2026?

Generally Safe

Score 85/100

Calendário Dekatrian has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "calendario-dekatrian" plugin v0.1.2 exhibits a significant security concern due to its single unprotected AJAX handler. This handler represents a direct entry point into the plugin's functionality that is not protected by any authentication or authorization checks. While the plugin does not appear to use dangerous functions, raw SQL queries, or make external HTTP requests, the lack of access control on its AJAX endpoint is a critical vulnerability. The plugin also shows a concerningly low percentage of properly escaped output, increasing the risk of cross-site scripting (XSS) vulnerabilities, especially when combined with the unprotected AJAX handler.

The absence of any recorded CVEs and taint analysis issues is positive, suggesting a potentially clean codebase in those specific areas. However, the static analysis findings, particularly the unprotected AJAX handler and insufficient output escaping, present a clear and present danger. The vulnerability history is nonexistent, which could indicate a lack of past exploitation or simply a new or infrequently audited plugin. The current version has a clear weakness that could be exploited to execute arbitrary actions or inject malicious content into the site.

In conclusion, while the plugin has some strengths like the absence of dangerous functions and proper SQL handling, the unprotected AJAX endpoint and poor output escaping create a substantial security risk. This requires immediate attention to secure the AJAX handler and improve output sanitization to prevent potential compromises.

Key Concerns

  • Unprotected AJAX handler found
  • Low percentage of properly escaped output
  • No nonce checks on AJAX handler
  • No capability checks on AJAX handler
Vulnerabilities
None known

Calendário Dekatrian Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Calendário Dekatrian Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Calendário Dekatrian Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
3 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

43% escaped7 total outputs
Attack Surface
1 unprotected

Calendário Dekatrian Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_dekatrian_date_formatinclude\Dekatrian.php:22
WordPress Hooks 6
actionplugins_loadedinclude\Dekatrian.php:12
actionadmin_menuinclude\Dekatrian.php:18
actionadmin_initinclude\Dekatrian.php:19
actionadmin_enqueue_scriptsinclude\Dekatrian.php:20
actionadmin_footerinclude\Dekatrian.php:21
actionget_the_dateinclude\Dekatrian.php:25
Maintenance & Trust

Calendário Dekatrian Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedJan 9, 2018
PHP min version5.1.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Calendário Dekatrian Developer Profile

tchabs

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Calendário Dekatrian

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/calendario-dekatrian/admin/js/dekatrian-admin.js/wp-content/plugins/calendario-dekatrian/admin/css/dekatrian-admin.css
Script Paths
/wp-content/plugins/calendario-dekatrian/admin/js/dekatrian-admin.js
Version Parameters
calendario-dekatrian/admin/js/dekatrian-admin.js?ver=calendario-dekatrian/admin/css/dekatrian-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
date-time-textdate-time-doc
Data Attributes
id="date_format-custom"id="date_format-0"id="date_format-1"name="dekatrian_settings[date_format]"name="dekatrian_settings[activate]"
JS Globals
ajaxurlwindow.dekatrian_date_format
REST Endpoints
/wp-json/wp/v2/settings
FAQ

Frequently Asked Questions about Calendário Dekatrian