Does Multi Days Events and Multi Events in One Day Calendar have any unpatched vulnerabilities?

Yes — Multi Days Events and Multi Events in One Day Calendar currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Multi Days Events and Multi Events in One Day Calendar compatible with WordPress 6.8.5?

According to WordPress.org data, Multi Days Events and Multi Events in One Day Calendar 1.1.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Multi Days Events and Multi Events in One Day Calendar Security & Risk Analysis

wordpress.org/plugins/dragon-calendar-free-version

Every company needs a calendar on the WordPress website. This plugin shows a calendar to website visitors. This plugin is very easy to use.

0 active installs v1.1.3 PHP + WP 4.0+ Updated May 16, 2025

calendarelementorpluginshortcodewordpress

B · Generally Safe

CVEs total1

Unpatched1

Last CVEMar 31, 2025

Download

Safety Verdict

Is Multi Days Events and Multi Events in One Day Calendar Safe to Use in 2026?

Mostly Safe

Score 79/100

Multi Days Events and Multi Events in One Day Calendar is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Mar 31, 2025Updated 10mo ago

Risk Assessment

The dragon-calendar-free-version plugin, v1.1.3, exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all its SQL queries and has a limited attack surface with no direct REST API routes or cron events. The plugin also correctly implements a nonce check for its AJAX handlers, which is a fundamental security control. However, significant concerns arise from the taint analysis, which identified a flow with unsanitized paths, indicating a potential for directory traversal or similar vulnerabilities, even though no critical or high severity issues were flagged in this specific analysis. Furthermore, the plugin has a history of known vulnerabilities, including a currently unpatched medium severity CVE, which points to a recurring pattern of security weaknesses. The static analysis also reveals that a substantial portion (44%) of its output is not properly escaped, increasing the risk of Cross-Site Scripting (XSS) attacks. The absence of capability checks on its entry points is another notable concern, potentially allowing unauthorized users to trigger plugin functionalities.

Key Concerns

Unpatched medium severity CVE exists
Flow with unsanitized paths found
Significant percentage of unescaped output
No capability checks on entry points

Vulnerabilities

Multi Days Events and Multi Events in One Day Calendar Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-31572medium · 4.3Cross-Site Request Forgery (CSRF)

Multi Days Events and Multi Events in One Day Calendar <= 1.1.3 - Cross-Site Request Forgery

Mar 31, 2025Unpatched

Code Analysis

Analyzed Mar 17, 2026

Multi Days Events and Multi Events in One Day Calendar Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

120 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared12 total queries

Output Escaping

56% escaped214 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<dragoncalendarfreezyx987_admin> (dragoncalendarfreezyx987_admin.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Multi Days Events and Multi Events in One Day Calendar Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 2

authwp_ajax_my_action_free_versiondragoncalendarfreezyx987_importer.php:216

noprivwp_ajax_my_action_free_versiondragoncalendarfreezyx987_importer.php:217

Shortcodes 1

[showcalendar] dragoncalendarfreezyx987_importer.php:144

WordPress Hooks 3

actionadmin_menudragoncalendarfreezyx987_importer.php:85

actioninitdragoncalendarfreezyx987_importer.php:103

actionwp_enqueue_scriptsdragoncalendarfreezyx987_importer.php:865

Maintenance & Trust

Multi Days Events and Multi Events in One Day Calendar Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 16, 2025

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

Multi Days Events and Multi Events in One Day Calendar Alternatives

Shortcodes for Elementor

shortcode-elementor

"Shortcodes for Elementor"lets you effortlessly insert Elementor pages and sections templates anywhere using shortcodes.Create global elements easily!

5K 1 CVE

Event Booking Manager for WooCommerce

mage-eventpress

Flexible WooCommerce plugin for event booking, attendee management, and responsive ticketing with a modern event calendar.

7K 21 CVEs

Classified Listing Toolkits

classified-listing-toolkits

100

Enhance your Classified Listing plugin with Elementor, Divi support. Seamlessly create and manage listings using intuitive widgets, and elements.

4K No CVEs

$Math Captcha for Elementor Forms$

Math Captcha for Elementor Forms

math-captcha-for-elementor-forms

Wordpress Plugin that will add a simple match captcha to your Elementor Forms.

3K No CVEs

Custom Search by BestWebSoft – WordPress Custom Search Plugin

custom-search-plugin

100

Add advanced custom search to your WordPress site. Search custom post types, taxonomies, and custom fields with full control over results.

1K 1 CVE

Developer Profile

Multi Days Events and Multi Events in One Day Calendar Developer Profile

v20202020

4 plugins · 10 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Multi Days Events and Multi Events in One Day Calendar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dragon-calendar-free-version/css/dragoncalendar.css/wp-content/plugins/dragon-calendar-free-version/fullcalendar/packages/core/main.css/wp-content/plugins/dragon-calendar-free-version/fullcalendar/packages/daygrid/main.css/wp-content/plugins/dragon-calendar-free-version/fullcalendar/packages/list/main.css/wp-content/plugins/dragon-calendar-free-version/fullcalendar/packages/timegrid/main.css/wp-content/plugins/dragon-calendar-free-version/fullcalendar/packages-premium/timeline/main.css

Script Paths

/wp-content/plugins/dragon-calendar-free-version/fullcalendar/packages/core/main.js/wp-content/plugins/dragon-calendar-free-version/fullcalendar/packages/daygrid/main.js/wp-content/plugins/dragon-calendar-free-version/fullcalendar/packages/list/main.js/wp-content/plugins/dragon-calendar-free-version/fullcalendar/packages/timegrid/main.js/wp-content/plugins/dragon-calendar-free-version/fullcalendar/packages-premium/timeline/main.js/wp-content/plugins/dragon-calendar-free-version/js/popper.min.js+1 more

Version Parameters

dragon-calendar-free-version/css/dragoncalendar.css?ver=dragon-calendar-free-version/fullcalendar/packages/core/main.css?ver=dragon-calendar-free-version/fullcalendar/packages/daygrid/main.css?ver=dragon-calendar-free-version/fullcalendar/packages/list/main.css?ver=dragon-calendar-free-version/fullcalendar/packages/timegrid/main.css?ver=dragon-calendar-free-version/fullcalendar/packages-premium/timeline/main.css?ver=dragon-calendar-free-version/fullcalendar/packages/core/main.js?ver=dragon-calendar-free-version/fullcalendar/packages/daygrid/main.js?ver=dragon-calendar-free-version/fullcalendar/packages/list/main.js?ver=dragon-calendar-free-version/fullcalendar/packages/timegrid/main.js?ver=dragon-calendar-free-version/fullcalendar/packages-premium/timeline/main.js?ver=dragon-calendar-free-version/js/popper.min.js?ver=dragon-calendar-free-version/js/tooltip.min.js?ver=

HTML / DOM Fingerprints

Shortcode Output

[showcalendar]

FAQ