runnerplace-calendar Security & Risk Analysis

wordpress.org/plugins/calendario-runnerplace

Utiliza el calendario de carreras populares de RunnerPlace para tenerlo actualizado en tu web.

10 active installs v1.1.2 PHP + WP 4.1.1+ Updated Aug 20, 2015
calendario-carreras-popularesrunnerplace
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is runnerplace-calendar Safe to Use in 2026?

Generally Safe

Score 85/100

runnerplace-calendar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The plugin "calendario-runnerplace" v1.1.2 exhibits a generally positive security posture based on the provided static analysis. The absence of any identified attack surface entry points, dangerous functions, raw SQL queries, or vulnerabilities in its history is a strong indicator of careful development practices. The plugin also avoids external HTTP requests, which can often be a source of attack vectors. However, a significant concern arises from the extremely low percentage of properly escaped outputs (3%). This suggests a high probability of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data that is not properly escaped can be rendered directly in the browser, allowing attackers to inject malicious scripts.

The lack of nonce and capability checks, while not directly flagged as an issue in the absence of an attack surface, would become a critical weakness if any entry points were discovered. The plugin's vulnerability history is clean, which is commendable, but this could also be due to the plugin's limited exposure or the thoroughness of the static analysis. Overall, while the plugin demonstrates good fundamental security by avoiding common pitfalls like SQL injection and exposed functionalities, the prevalent issue with output escaping presents a substantial risk that needs immediate attention.

Key Concerns

  • Low percentage of properly escaped output
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

runnerplace-calendar Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

runnerplace-calendar Release Timeline

v1.1.2Current
v1.1.1
v1.1
Code Analysis
Analyzed Mar 17, 2026

runnerplace-calendar Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
31
1 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

3% escaped32 total outputs
Attack Surface

runnerplace-calendar Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionwidgets_initrunnerplace-calendar.php:40
Maintenance & Trust

runnerplace-calendar Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42
Last updatedAug 20, 2015
PHP min version
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

runnerplace-calendar Alternatives

No alternatives data available yet.

Developer Profile

runnerplace-calendar Developer Profile

julioprotzek

3 plugins · 60 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect runnerplace-calendar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/calendario-runnerplace/css/styles.css/wp-content/plugins/calendario-runnerplace/js/main.js
Script Paths
/wp-content/plugins/calendario-runnerplace/js/main.js
Version Parameters
calendario-runnerplace/css/styles.css?ver=calendario-runnerplace/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
runnerplace_calendar
Shortcode Output
[runnerplace_calendar]
FAQ

Frequently Asked Questions about runnerplace-calendar