Event CLNDR Security & Risk Analysis
wordpress.org/plugins/event-clndrAn uncomplicated event manager with a highly customisable (developer-friendly) front-end calendar utilising CLNDR.js.
Is Event CLNDR Safe to Use in 2026?
Generally Safe
Score 85/100Event CLNDR has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The event-clndr plugin v1.05 exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all its SQL queries and has no known critical or high-severity vulnerabilities in its history. The absence of external HTTP requests and bundled libraries is also a plus. However, there are significant concerns regarding output escaping and potential unsanitized paths.
The static analysis reveals a low attack surface with only one shortcode as an entry point, and importantly, none of these appear to be unprotected. The plugin also correctly implements nonce checks in two instances. The primary weaknesses lie in the handling of output, with only 16% of outputs being properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not sanitized before being displayed.
Furthermore, the taint analysis identified 3 flows with unsanitized paths, although none reached a critical or high severity. This suggests a potential for information disclosure or other vulnerabilities if these paths involve sensitive operations or user inputs. The lack of capability checks is also a notable omission, as it means that the functionality exposed by the shortcode might be accessible to users without the necessary permissions. While the plugin has a clean vulnerability history, the identified code signals and taint flows indicate areas that require immediate attention to mitigate potential risks.
Key Concerns
- Low percentage of properly escaped outputs
- Unsanitized paths found in taint analysis
- No capability checks implemented
Event CLNDR Security Vulnerabilities
Event CLNDR Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Event CLNDR Attack Surface
Shortcodes 1
WordPress Hooks 8
Maintenance & Trust
Event CLNDR Maintenance & Trust
Maintenance Signals
Community Trust
Event CLNDR Alternatives
Calendar
calendar
A simple but effective Calendar plugin for WordPress that allows you to manage your events and appointments and display them to the world.
AM Events
am-events
Manage and display your events. Allows fully customizable layouts and includes a widget for upcoming events.
FT Calendar
ft-calendar
A calendar plugin supporting multiple calendars, recurring events, and several different widgets / shortcodes. More info at http://calendar-plugin.com
Calendar Plus
calendar-plus
A simple Calendar plugin for WordPress that allows 2 seperate calendars. This can be used as a drop-in replacement for the original Calendar plugin.
L Events Calendar
l-events-calendar
A beautiful responsive calendar. Manage events with ease and simplicity.
Event CLNDR Developer Profile
1 plugin · 70 total installs
How We Detect Event CLNDR
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/event-clndr/css/clndr-styles.css/wp-content/plugins/event-clndr/js/clndr.js/wp-content/plugins/event-clndr/js/moment.min.js/wp-content/plugins/event-clndr/js/underscore-min.jsevent-clndr/css/clndr-styles.css?ver=event-clndr/js/clndr.js?ver=event-clndr/js/moment.min.js?ver=event-clndr/js/underscore-min.js?ver=HTML / DOM Fingerprints
clndr-controlscurrent-monthclndr-navclndr-previous-buttonclndr-next-buttonclndr-griddays-of-the-weekheader-day+9 moreid="<%= day.id %>"momentunderscore<div class="clndr-controls"><div class="current-month"><%= month %> <%= year %></div><div class="clndr-nav clndr-clearfix"><div class="clndr-previous-button">‹</div>