Filter Calendar Admin Security & Risk Analysis

wordpress.org/plugins/filter-calendar-admin

Agrega un calendario al dashboard de wordpress para filtrar por día los post Add a calendar wordpress dashboard to filter daily posts

10 active installs v0.1 PHP + WP 1.0+ Updated Mar 27, 2013
calendar-admincalendario
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Filter Calendar Admin Safe to Use in 2026?

Generally Safe

Score 85/100

Filter Calendar Admin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago
Risk Assessment

The 'filter-calendar-admin' plugin version 0.1 presents a mixed security profile. On the positive side, the plugin exhibits an extremely small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, it demonstrates good practices by exclusively using prepared statements for its SQL queries and avoiding file operations and external HTTP requests. The complete absence of known vulnerabilities and CVEs in its history is also a strong indicator of a secure development process to date.

However, there are significant concerns regarding output escaping. With one total output and 0% properly escaped, this indicates a high likelihood of cross-site scripting (XSS) vulnerabilities. Any data displayed to users without proper sanitization could be exploited. Additionally, the complete lack of nonce checks and capability checks across all identified entry points (though there are currently none) means that if new entry points are introduced without these security measures, they would be immediately vulnerable to various attacks. While the current attack surface is zero, the lack of these fundamental security mechanisms in the code itself is a significant weakness.

In conclusion, the plugin's current state shows strengths in avoiding direct vulnerabilities and employing secure SQL practices. Nevertheless, the almost complete absence of output escaping and the fundamental lack of authorization and integrity checks represent critical potential weaknesses that could be easily exploited if the plugin evolves or if attackers find a way to inject unsanitized data. The lack of any recorded vulnerabilities so far is positive, but it doesn't mitigate the identified coding flaws.

Key Concerns

  • Output escaping is not used
  • No nonce checks found
  • No capability checks found
Vulnerabilities
None known

Filter Calendar Admin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Filter Calendar Admin Release Timeline

v1.0
Code Analysis
Analyzed Mar 17, 2026

Filter Calendar Admin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped1 total outputs
Attack Surface

Filter Calendar Admin Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actioninitdashboard-calendar.php:25
actioninitdashboard-calendar.php:32
actionrestrict_manage_postsdashboard-calendar.php:35
Maintenance & Trust

Filter Calendar Admin Maintenance & Trust

Maintenance Signals

WordPress version tested1.0
Last updatedMar 27, 2013
PHP min version
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Filter Calendar Admin Developer Profile

oscaruh

2 plugins · 40 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Filter Calendar Admin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/filter-calendar-admin/admin-calendario/calendar.js/wp-content/plugins/filter-calendar-admin/admin-calendario/calendario.css/wp-content/plugins/filter-calendar-admin/admin-calendario/calendar.gif
Script Paths
/wp-content/plugins/filter-calendar-admin/admin-calendario/calendar.js

HTML / DOM Fingerprints

CSS Classes
datepicker
Data Attributes
id="fechadia"name="fechadia"id="cal_img"
JS Globals
Calendar.setup
FAQ

Frequently Asked Questions about Filter Calendar Admin