
runnerplace-calendar Security & Risk Analysis
wordpress.org/plugins/calendario-runnerplaceUtiliza el calendario de carreras populares de RunnerPlace para tenerlo actualizado en tu web.
Is runnerplace-calendar Safe to Use in 2026?
Generally Safe
Score 85/100runnerplace-calendar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin "calendario-runnerplace" v1.1.2 exhibits a generally positive security posture based on the provided static analysis. The absence of any identified attack surface entry points, dangerous functions, raw SQL queries, or vulnerabilities in its history is a strong indicator of careful development practices. The plugin also avoids external HTTP requests, which can often be a source of attack vectors. However, a significant concern arises from the extremely low percentage of properly escaped outputs (3%). This suggests a high probability of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data that is not properly escaped can be rendered directly in the browser, allowing attackers to inject malicious scripts.
The lack of nonce and capability checks, while not directly flagged as an issue in the absence of an attack surface, would become a critical weakness if any entry points were discovered. The plugin's vulnerability history is clean, which is commendable, but this could also be due to the plugin's limited exposure or the thoroughness of the static analysis. Overall, while the plugin demonstrates good fundamental security by avoiding common pitfalls like SQL injection and exposed functionalities, the prevalent issue with output escaping presents a substantial risk that needs immediate attention.
Key Concerns
- Low percentage of properly escaped output
- No nonce checks
- No capability checks
runnerplace-calendar Security Vulnerabilities
runnerplace-calendar Release Timeline
runnerplace-calendar Code Analysis
Output Escaping
runnerplace-calendar Attack Surface
WordPress Hooks 1
Maintenance & Trust
runnerplace-calendar Maintenance & Trust
Maintenance Signals
Community Trust
runnerplace-calendar Alternatives
No alternatives data available yet.
runnerplace-calendar Developer Profile
3 plugins · 60 total installs
How We Detect runnerplace-calendar
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/calendario-runnerplace/css/styles.css/wp-content/plugins/calendario-runnerplace/js/main.js/wp-content/plugins/calendario-runnerplace/js/main.jscalendario-runnerplace/css/styles.css?ver=calendario-runnerplace/js/main.js?ver=HTML / DOM Fingerprints
runnerplace_calendar[runnerplace_calendar]