WP-Safety

Gigs Calendar Security & Risk Analysis

wordpress.org/plugins/gigs-calendar

Manage and display a calendar of your gigs/shows/performances.

200 active installs v0.4.12.1 PHP + WP 3.8+ Updated Nov 27, 2014
artistcalendargigsmusicianshows
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Gigs Calendar Safe to Use in 2026?

Generally Safe

Score 85/100

Gigs Calendar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "gigs-calendar" plugin version 0.4.12.1 exhibits a mixed security posture. On one hand, the attack surface appears to be minimal, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events. The presence of nonce and capability checks, while limited, is a positive sign. However, significant concerns arise from the static analysis, particularly the presence of the `unserialize` function, which is a known vector for object injection vulnerabilities if not handled with extreme caution and strict validation of input. Furthermore, a substantial portion of SQL queries are not using prepared statements, increasing the risk of SQL injection. The most alarming finding is that 0% of the 467 total output operations are properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities that could be triggered by user-supplied data. The absence of any recorded vulnerabilities in its history is a strength, suggesting that past development may have been secure or that it has not been a target. Nevertheless, the identified code-level risks, especially unescaped output and the use of `unserialize` without clear sanitization, warrant careful attention.

Key Concerns

  • High percentage of unescaped output
  • Use of unserialize function
  • Significant portion of SQL queries not prepared
Vulnerabilities
None known

Gigs Calendar Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Gigs Calendar Code Analysis

Dangerous Functions
3
Raw SQL Queries
11
9 prepared
Unescaped Output
467
0 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserializeupdate_post_meta($g->postID, $_POST['custom-key'][$key], $_POST['custom-value'][$key], unserialize($archive.ajax.php:439
unserialize<?php $values = is_array($value) ? $value : unserialize($value); ?>gigs-classes.php:163
unserializeupdate_post_meta($g->postID, $_POST['custom-key'][$key], $_POST['custom-value'][$key], unserialize($gigs.ajax.php:715

SQL Query Safety

45% prepared20 total queries

Output Escaping

0% escaped467 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

8 flows6 with unsanitized paths
<archive.ajax> (archive.ajax.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Gigs Calendar Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 11
actionfuture_postgigs-calendar.php:849
actioninitgigs-calendar.php:865
actionadmin_menugigs-calendar.php:866
actionplugins_loadedgigs-calendar.php:867
filterposts_wheregigs-calendar.php:869
filterget_next_post_wheregigs-calendar.php:870
filterget_previous_post_wheregigs-calendar.php:871
filtergetarchives_wheregigs-calendar.php:872
filterthe_contentgigs-calendar.php:873
actionadmin_headgigs-calendar.php:888
actionwp_headgigs-calendar.php:896
Maintenance & Trust

Gigs Calendar Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38
Last updatedNov 27, 2014
PHP min version
Downloads75K

Community Trust

Rating66/100
Number of ratings4
Active installs200
Alternatives

Gigs Calendar Alternatives

Musician's Pack for Elementor – Music Website Widgets & Templates

Musician's Pack for Elementor – Music Website Widgets & Templates

music-pack-for-elementor

B
78

Create stunning music websites with Musician's Pack for Elementor! Powerful widgets & ready-made templates for musicians, bands, DJs, and producers.

400 1 unpatched
LabelGrid Tools

LabelGrid Tools

label-grid-tools

A
99

LabelGrid Tools is a plugin for Record Labels, Artists, and Distributors, offering easy music release showcases with advanced promotional tools.

70 1 CVE
Discography

Discography

discography

A
85

Organize your discography; and offer downloads, streams and ways to buy your music.

10 No CVEs
Shubaloo

Shubaloo

shubaloo

A
85

Curate and embed an beautiful and interactive concert calendar.

10 No CVEs
The Events Calendar

The Events Calendar

the-events-calendar

B
82

The Events Calendar: #1 calendar plugin for WordPress. Create/manage events (virtual too!) on your site with the free plugin.

700K 25 CVEs
Developer Profile

Gigs Calendar Developer Profile

DanCoulter

7 plugins · 640 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Gigs Calendar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gigs-calendar/gigs-calendar-admin.css/wp-content/plugins/gigs-calendar/js/jquery.tooltip.css/wp-content/plugins/gigs-calendar/js/ui.datepicker.css/wp-content/plugins/gigs-calendar/templates/basic/style.css/wp-content/plugins/gigs-calendar/images/ajax-loader.gif
Script Paths
/wp-content/plugins/gigs-calendar/gigs-calendar-admin.js
Version Parameters
gigs-calendar/gigs-calendar-admin.css?ver=gigs-calendar/js/jquery.tooltip.css?ver=gigs-calendar/js/ui.datepicker.css?ver=gigs-calendar/templates/basic/style.css?ver=gigs-calendar/gigs-calendar-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
gigs-pagealternate
HTML Comments
stupid non-fix.
Data Attributes
data-gigs-calendar-id
JS Globals
pagesajaxTargetnoncepageTargetgigs_page_loadresetTableColors
REST Endpoints
/wp-json/gigs-calendar/v1
Shortcode Output
[gigs-calendar]
FAQ

Frequently Asked Questions about Gigs Calendar