WP-Safety

CP Multi View Events Calendar Security & Risk Analysis

wordpress.org/plugins/cp-multi-view-calendar

A powerful and flexible WordPress event calendar plugin that lets you display your events in multiple calendar views, just like Google Calendar.

1K active installs v1.4.34 PHP + WP 3.0.5+ Updated Dec 11, 2025
calendarcalendarseventevent-calendarevent-manager
63
C · Use Caution
CVEs total6
Unpatched1
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is CP Multi View Events Calendar Safe to Use in 2026?

Use With Caution

Score 63/100

CP Multi View Events Calendar has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

6 known CVEs 1 unpatched Last CVE: Sep 22, 2025Updated 3mo ago
Risk Assessment

The "cp-multi-view-calendar" plugin v1.4.34 exhibits a mixed security posture. While it demonstrates good practices like a high percentage of prepared SQL statements and properly escaped output, several significant concerns exist. The presence of `unserialize` in its code signals a potential for deserialization vulnerabilities, especially if user-controlled data is involved. Furthermore, the taint analysis reveals a concerning five high-severity flows with unsanitized paths, indicating potential for various injection attacks if these flows are not properly handled.

The plugin's vulnerability history is particularly alarming, with six known CVEs, including one critical and one high severity, and one critical vulnerability remaining unpatched. The common vulnerability types such as Missing Authorization, Improper Authorization, Cross-site Scripting (XSS), and SQL Injection are deeply concerning and suggest recurring weaknesses in how user input is validated and access is controlled. The recent nature of the last vulnerability (2025-09-22) also suggests ongoing security challenges.

In conclusion, despite some positive aspects in its static analysis regarding SQL and output handling, the presence of dangerous functions like `unserialize`, high-severity taint flows, and a history of multiple, severe, and unpatched vulnerabilities make this plugin a significant risk. Users should exercise extreme caution.

Key Concerns

  • 1 Unpatched CVE (Critical)
  • 5 High severity taint flows
  • 1 Known CVE (High)
  • Dangerous function: unserialize
  • 2 Known CVEs (Medium)
  • 2 Known CVEs (Low)
Vulnerabilities
6

CP Multi View Events Calendar Security Vulnerabilities

CVEs by Year

1 CVE in 2014
2014
1 CVE in 2021
2021
1 CVE in 2022
2022
2 CVEs in 2023
2023
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
2
Low
2

6 total CVEs

CVE-2025-58009low · 3.8Missing Authorization

CP Multi View Event Calendar <= 1.4.32 - Missing Authorization

Sep 22, 2025Unpatched
CVE-2023-28492medium · 4.3Missing Authorization

CP Multi View Event Calendar <= 1.4.10 - Missing Authentication leading to Authenticated (Subscriber+) Private Form Submission

Mar 16, 2023 Patched in 1.4.11 (313d)
CVE-2023-23814low · 3.8Improper Authorization

CP Multi View Event Calendar <= 1.4.13 - Insufficient Authorization

Feb 20, 2023 Patched in 1.4.15 (337d)
CVE-2022-2846high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Calendar Event Multi View <= 1.4.06 - Missing Authorization to Stored Cross-Site Scripting

Aug 16, 2022 Patched in 1.4.07 (525d)
CVE-2021-24498medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Calendar Event Multi View <= 1.3.99 - Reflected Cross-Site Scripting

Jul 5, 2021 Patched in 1.4.01 (932d)
CVE-2014-8586critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Calendar Event Multi View < 1.0.2 - SQL Injection

Oct 23, 2014 Patched in 1.0.2 (3379d)
Code Analysis
Analyzed Mar 16, 2026

CP Multi View Events Calendar Code Analysis

Dangerous Functions
1
Raw SQL Queries
22
49 prepared
Unescaped Output
15
731 escaped
Nonce Checks
14
Capability Checks
5
File Operations
0
External Requests
1
Bundled Libraries
2

Dangerous Functions Found

unserialize$palettes = unserialize($row["palettes"]);php\edit.php:43

Bundled Libraries

Select2TinyMCE

SQL Query Safety

69% prepared71 total queries

Output Escaping

98% escaped746 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths
<cp-admin-int-list.inc> (cp-admin-int-list.inc.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

CP Multi View Events Calendar Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_cpmvec_feedbackcp-feedback.php:6
WordPress Hooks 10
actionadmin_bar_menubanner.php:105
actionadmin_enqueue_scriptscp-feedback.php:5
actionadmin_footercp-feedback.php:22
actioncpmvc_data_hookcp-main-class.inc.php:31
actioninitcp-multi-view-calendar.php:24
actionwp_loadedcp-multi-view-calendar.php:25
actionadmin_enqueue_scriptscp-multi-view-calendar.php:59
actionadmin_enqueue_scriptscp-multi-view-calendar.php:60
actionadmin_menucp-multi-view-calendar.php:62
actionwp_enqueue_scriptscp-multi-view-calendar.php:65

Scheduled Events 1

cpmvc_data_hook
Maintenance & Trust

CP Multi View Events Calendar Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 11, 2025
PHP min version
Downloads307K

Community Trust

Rating86/100
Number of ratings46
Active installs1K
Alternatives

CP Multi View Events Calendar Alternatives

My Calendar – Accessible Event Manager

My Calendar – Accessible Event Manager

my-calendar

B
77

Accessible WordPress event calendar plugin. Manage single or recurring events, event venues, and display your calendar anywhere on your site.

20K 16 CVEs
Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered)

Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered)

wp-event-solution

B
82

Create and manage events with a flexible WordPress events calendar plugin. Add recurring events, RSVP, ticket booking, and WooCommerce ticket selling &hellip;

10K 19 CVEs
WP FullCalendar

WP FullCalendar

wp-fullcalendar

C
52

Uses the FullCalendar library to create a stunning calendar view of events, posts and other custom post types

9K 2 unpatched
EventPrime – Events Calendar, Bookings and Tickets

EventPrime – Events Calendar, Bookings and Tickets

eventprime-event-calendar-management

A
92

Modern Events Calendar plugin ❤️ for creating free or paid events. Supports Event Types, Bookings, Tickets, Venues, Performers, and a lot more.

7K 36 CVEs
Quick Event Manager

Quick Event Manager

quick-event-manager

A
98

Simple event manager. No messing about, just add events and a shortcode and the plugin does the rest for you.

2K 5 CVEs
Developer Profile

CP Multi View Events Calendar Developer Profile

codepeople

34 plugins · 89K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
964 days
View full developer profile
Detection Fingerprints

How We Detect CP Multi View Events Calendar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cp-multi-view-calendar/cp-main-class.inc.php/wp-content/plugins/cp-multi-view-calendar/classes/cp-base-class.inc.php
Script Paths
/wp-content/plugins/cp-multi-view-calendar/cp-feedback.php/wp-content/plugins/cp-multi-view-calendar/banner.php

HTML / DOM Fingerprints

CSS Classes
abcreasonblock
HTML Comments
START: activation redirectionEND: activation redirection
Data Attributes
data-slug="cp-multi-view-calendar"
JS Globals
cpmvc_ajax_object
FAQ

Frequently Asked Questions about CP Multi View Events Calendar