Does Simple Calendar – Google Calendar Plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Calendar – Google Calendar Plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Calendar – Google Calendar Plugin compatible with WordPress 6.8.5?

According to WordPress.org data, Simple Calendar – Google Calendar Plugin 3.6.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Simple Calendar – Google Calendar Plugin compatible with PHP 8.1+?

Simple Calendar – Google Calendar Plugin requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Calendar – Google Calendar Plugin updated?

Simple Calendar – Google Calendar Plugin was last updated on Jan 21, 2026. Frequent updates are generally a positive security signal.

What is Simple Calendar – Google Calendar Plugin's security score?

Simple Calendar – Google Calendar Plugin has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Calendar – Google Calendar Plugin Security & Risk Analysis

wordpress.org/plugins/google-calendar-events

Add Google Calendar events to your WordPress site in minutes. Beautiful calendar displays. Mobile responsive.

50K active installs v3.6.2 PHP 8.1+ WP 4.2+ Updated Jan 21, 2026

eventsgoogle-calendarwebsite-calendarwp-calendarwp-calendar-widget

A · Safe

CVEs total7

Unpatched0

Last CVEDec 18, 2025

Plugin page Download

Safety Verdict

Is Simple Calendar – Google Calendar Plugin Safe to Use in 2026?

Generally Safe

Score 95/100

Simple Calendar – Google Calendar Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Dec 18, 2025Updated 2mo ago

Risk Assessment

The 'google-calendar-events' plugin v3.6.2 exhibits a mixed security posture. While it demonstrates a good number of capability checks and nonce checks, indicating an awareness of common WordPress security practices, several areas raise significant concerns. The presence of one unprotected AJAX handler is a critical vulnerability that could allow unauthorized actions. Furthermore, the code analysis reveals the use of the dangerous `unserialize` function, which, if exposed to user-controlled input, can lead to Remote Code Execution (RCE). The fact that all SQL queries are not using prepared statements is another substantial risk, increasing the likelihood of SQL injection vulnerabilities. Taint analysis, while showing no critical or high severity flows, did identify flows with unsanitized paths, suggesting a potential for issues if not handled carefully.

The vulnerability history of this plugin is concerning. With 7 total known CVEs, all categorized as medium severity, it suggests a recurring pattern of security weaknesses, particularly related to Authorization Bypass Through User-Controlled Key, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF). Although there are currently no unpatched CVEs, the consistent discovery of vulnerabilities indicates that the development team may struggle with consistently implementing secure coding practices. The last vulnerability was recorded on 2025-12-18, which is unusual for a historical record and might be a data anomaly. Overall, while some security mechanisms are in place, the identified unprotected entry points, dangerous functions, raw SQL queries, and a history of medium-severity vulnerabilities necessitate caution.

Key Concerns

Unprotected AJAX handler
Dangerous function: unserialize
Raw SQL queries without prepared statements
Unsanitized paths in taint flows
Bundled library: Guzzle
Medium severity CVEs in history (7 total)

Vulnerabilities

Simple Calendar – Google Calendar Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2014

2014

4 CVEs in 2023

2023

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

7 total CVEs

CVE-2025-68979medium · 5.3Authorization Bypass Through User-Controlled Key

Google Calendar Events <= 3.5.9 - Unauthenticated Insecure Direct Object Reference

Dec 18, 2025 Patched in 3.6.0 (27d)

CVE-2024-8549medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Calendar – Google Calendar Plugin <= 3.4.2 - Reflected Cross-Site Scripting

Sep 24, 2024 Patched in 3.4.3 (1d)

CVE-2023-49151medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Google Calendar Events <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Nov 28, 2023 Patched in 3.2.8 (56d)

WF-38adede2-73ca-470c-8ace-4f5bbec51d28-google-calendar-eventsmedium · 4.3Cross-Site Request Forgery (CSRF)

Simple Calendar <= 3.2.4 - Cross-Site Request Forgery via duplicate_feed

Oct 20, 2023 Patched in 3.2.5 (95d)

CVE-2023-46189medium · 4.3Cross-Site Request Forgery (CSRF)

Google Calendar Events <= 3.2.5 - Cross-Site Request Forgery via bulk_actions

Oct 18, 2023 Patched in 3.2.6 (97d)

WF-248b74d3-5228-473d-a79a-743566898606-google-calendar-eventsmedium · 4.3Cross-Site Request Forgery (CSRF)

Simple Calendar <= 3.1.42 - Cross-Site Request Forgery to Transient Cache Clearing

May 11, 2023 Patched in 3.1.43 (257d)

CVE-2014-7138medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Calendar – Google Calendar Plugin < 2.0.4 - Reflected Cross-Site Scripting

Oct 8, 2014 Patched in 2.0.4 (3394d)

Code Analysis

Analyzed Mar 16, 2026

Simple Calendar – Google Calendar Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

246

365 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$response = unserialize($response_arr['data']);includes\feeds\google.php:573

unserializereturn unserialize($response_data);includes\oauthhelper\oauth-service-actions.php:235

Bundled Libraries

Guzzle

SQL Query Safety

0% prepared4 total queries

Output Escaping

60% escaped611 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

7 flows4 with unsanitized paths

html (includes\admin\pages.php:176)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Simple Calendar – Google Calendar Plugin Attack Surface

Entry Points13

Unprotected1

AJAX Handlers 10

authwp_ajax_simcal_ratedincludes\admin\ajax.php:28

authwp_ajax_simcal_clear_cacheincludes\admin\ajax.php:31

authwp_ajax_simcal_date_i18n_input_previewincludes\admin\ajax.php:34

authwp_ajax_simcal_manage_add_on_licenseincludes\admin\ajax.php:37

authwp_ajax_simcal_reset_add_ons_licensesincludes\admin\ajax.php:40

authwp_ajax_simcal_default_calendar_draw_gridincludes\calendars\views\default-calendar-grid.php:108

noprivwp_ajax_simcal_default_calendar_draw_gridincludes\calendars\views\default-calendar-grid.php:109

authwp_ajax_simcal_default_calendar_draw_listincludes\calendars\views\default-calendar-list.php:126

noprivwp_ajax_simcal_default_calendar_draw_listincludes\calendars\views\default-calendar-list.php:127

authwp_ajax_oauth_deauthenticate_siteincludes\oauthhelper\oauth-service-actions.php:38

Shortcodes 3

[simple_calendar] includes\shortcodes.php:51

[calendar] includes\shortcodes.php:52

[gcal] includes\shortcodes.php:54

WordPress Hooks 75

actionadmin_enqueue_scriptsincludes\admin\assets.php:37

actionadmin_footer-edit.phpincludes\admin\bulk-actions.php:80

actionload-edit.phpincludes\admin\bulk-actions.php:81

actionadmin_noticesincludes\admin\bulk-actions.php:82

actionadmin_menuincludes\admin\menus.php:47

filterplugin_row_metaincludes\admin\menus.php:55

filteradmin_footer_textincludes\admin\menus.php:57

actionadd_meta_boxesincludes\admin\meta-boxes.php:61

actionsimcal_save_settings_metaincludes\admin\meta-boxes.php:64

actionsimcal_save_attach_calendar_metaincludes\admin\meta-boxes.php:65

actionsave_postincludes\admin\meta-boxes.php:68

actionadmin_initincludes\admin\notices.php:29

actionadmin_initincludes\admin\notices.php:30

actionadmin_noticesincludes\admin\notices.php:96

filtermanage_calendar_posts_columnsincludes\admin\post-types.php:35

actionmanage_calendar_posts_custom_columnincludes\admin\post-types.php:37

filterpost_row_actionsincludes\admin\post-types.php:40

actionadmin_initincludes\admin\post-types.php:42

actionadmin_initincludes\admin\post-types.php:44

actionload-edit.phpincludes\admin\post-types.php:46

filterdefault_contentincludes\admin\post-types.php:49

actionpost_submitbox_misc_actionsincludes\admin\post-types.php:52

actionmedia_buttonsincludes\admin\post-types.php:55

actionedit_form_after_editorincludes\admin\post-types.php:56

actionin_admin_footerincludes\admin\post-types.php:252

actionadmin_initincludes\admin\updater.php:75

filterpre_set_site_transient_update_pluginsincludes\admin\updater.php:87

filterplugins_apiincludes\admin\updater.php:88

filterpre_set_site_transient_update_pluginsincludes\admin\updater.php:193

actionadmin_menuincludes\admin\welcome.php:41

actionadmin_headincludes\admin\welcome.php:42

actioninitincludes\ajax.php:29

actioninitincludes\assets.php:81

actioninitincludes\assets.php:82

actionwpincludes\assets.php:108

actiontemplate_redirectincludes\assets.php:111

actionwp_enqueue_scriptsincludes\assets.php:174

actionwp_enqueue_scriptsincludes\assets.php:179

filtersimcal_front_end_scriptsincludes\assets.php:446

filtersimcal_front_end_stylesincludes\assets.php:458

actionsimcal_settings_meta_calendar_panelincludes\calendars\admin\default-calendar-admin.php:28

actionsimcal_process_settings_metaincludes\calendars\admin\default-calendar-admin.php:30

filtersimcal_calendar_classincludes\calendars\default-calendar.php:125

filtersimcal_settings_meta_tabs_liincludes\feeds\admin\google-admin.php:69

actionsimcal_settings_meta_panelsincludes\feeds\admin\google-admin.php:70

actionsimcal_process_settings_metaincludes\feeds\admin\google-admin.php:73

filtersimcal_settings_meta_tabs_liincludes\feeds\admin\grouped-calendars-admin.php:42

actionsimcal_settings_meta_panelsincludes\feeds\admin\grouped-calendars-admin.php:43

actionsimcal_process_settings_metaincludes\feeds\admin\grouped-calendars-admin.php:45

actionadmin_initincludes\functions\admin.php:469

actionadmin_initincludes\main.php:114

actioninitincludes\main.php:117

actionadmin_initincludes\main.php:118

actioninitincludes\main.php:121

actionplugins_loadedincludes\main.php:203

actionadmin_noticesincludes\main.php:251

actionsimple_calendar_auth_via_google_buttonincludes\oauthhelper\class-oauth-service.php:24

actionsimple_calendar_auth_via_xtendify_buttonincludes\oauthhelper\class-oauth-service.php:25

filtersimple_calendar_oauth_list_eventsincludes\oauthhelper\class-oauth-service.php:27

filtersimple_calendar_oauth_get_calendarsincludes\oauthhelper\class-oauth-service.php:29

filtersimple_calendar_oauth_schedule_eventsincludes\oauthhelper\class-oauth-service.php:31

filtersimple_calendar_oauth_get_events_cover_base64imageincludes\oauthhelper\class-oauth-service.php:33

actionadmin_initincludes\oauthhelper\oauth-service-actions.php:49

filtersimcal_get_feed_typesincludes\objects.php:34

filtersimcal_get_calendar_typesincludes\objects.php:44

filtersimcal_get_admin_pagesincludes\objects.php:57

actioninitincludes\post-types.php:30

actioninitincludes\post-types.php:32

filterthe_contentincludes\post-types.php:34

actionbefore_delete_postincludes\post-types.php:36

actioninitincludes\shortcodes.php:40

actionwp_enqueue_scriptsincludes\shortcodes.php:113

actionwidgets_initincludes\widgets.php:39

actionadmin_noticesincludes\wp-requirements.php:245

actionadmin_initincludes\wp-requirements.php:246

Maintenance & Trust

Simple Calendar – Google Calendar Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 21, 2026

PHP min version8.1

Downloads3.6M

Community Trust

Rating76/100

Number of ratings395

Active installs50K

Alternatives

Simple Calendar – Google Calendar Plugin Alternatives

ICS Calendar

ics-calendar

Add the calendar you already use to Any WordPress site! Google Calendar, Microsoft 365, iCloud and more… no API keys or complicated setup required.

10K 1 CVE

Booking Manager – Sync WP Booking Calendar – Import Events, Export Bookings to ICS Calendar

booking-manager

Showing events listing from .ics feeds or sync bookings from different sources to your website

5K 4 CVEs

Event Calendar – Calendar

calendar-event

Event Calendar plugin created for showing your events. Event Calendar is the best if you want to be original on your website.

2K 2 CVEs

Events Calendar for Google

events-calendar-for-google

Events Calendar for Google implements google calender to your wordpress website using different style and layouts. Get connected to your audience usin …

2K 1 CVE

Simple Google Calendar Outlook Events Widget

simple-google-icalendar-widget

Block widget that displays events from a public google calendar or iCal file.

1K 1 CVE

Developer Profile

Simple Calendar – Google Calendar Plugin Developer Profile

SimpleCalendar

4 plugins · 51K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

561 days

View full developer profile

Detection Fingerprints

How We Detect Simple Calendar – Google Calendar Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/google-calendar-events/assets/generated/admin.min.css/wp-content/plugins/google-calendar-events/assets/generated/admin.min.js/wp-content/plugins/google-calendar-events/assets/generated/admin-add-calendar.min.css/wp-content/plugins/google-calendar-events/assets/generated/admin-add-calendar.min.js/wp-content/plugins/google-calendar-events/assets/generated/oauth-helper-admin.min.css/wp-content/plugins/google-calendar-events/assets/generated/oauth-helper-admin.min.js/wp-content/plugins/google-calendar-events/assets/generated/admin-sett-style.min.css/wp-content/plugins/google-calendar-events/assets/generated/tailwind.min.css+5 more

Script Paths

/wp-content/plugins/google-calendar-events/assets/generated/admin.min.js/wp-content/plugins/google-calendar-events/assets/generated/admin-add-calendar.min.js/wp-content/plugins/google-calendar-events/assets/generated/oauth-helper-admin.min.js/wp-content/plugins/google-calendar-events/assets/generated/vendor/jquery.tipTip.minified.js/wp-content/plugins/google-calendar-events/assets/generated/vendor/select2.min.js

Version Parameters

simple-calendar.ioSIMPLE_CALENDAR_VERSION

HTML / DOM Fingerprints

CSS Classes

simcal-tipTipsimcal-select2simcal-adminsimcal-admin-add-calendarsimcal-oauth-helper-adminsc-admin-stylesc-tail-stylesc-welcome-style+2 more

HTML Comments

Data Attributes

data-simple-calendar-iddata-simple-calendar-formatdata-simple-calendar-timezonedata-simple-calendar-view

JS Globals

oauth_adminsimcal_adminSIMPLE_CALENDAR_VERSIONSIMPLE_CALENDAR_URLSIMPLE_CALENDAR_ASSETSSIMPLE_CALENDAR_PATH+2 more

Shortcode Output

[simple-calendar][simple-calendar id="%d"][simple-calendar calendar="%s"][simple-calendar view="%s"]

FAQ

Simple Calendar – Google Calendar Plugin Security & Risk Analysis

Is Simple Calendar – Google Calendar Plugin Safe to Use in 2026?

Generally Safe

Key Concerns

Simple Calendar – Google Calendar Plugin Security Vulnerabilities

CVEs by Year

Severity Breakdown

Simple Calendar – Google Calendar Plugin Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Simple Calendar – Google Calendar Plugin Attack Surface

AJAX Handlers 10

Shortcodes 3

Simple Calendar – Google Calendar Plugin Maintenance & Trust

Maintenance Signals

Community Trust

Simple Calendar – Google Calendar Plugin Alternatives

ICS Calendar

Booking Manager – Sync WP Booking Calendar – Import Events, Export Bookings to ICS Calendar

Event Calendar – Calendar

Events Calendar for Google

Simple Google Calendar Outlook Events Widget

Simple Calendar – Google Calendar Plugin Developer Profile

How We Detect Simple Calendar – Google Calendar Plugin

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Simple Calendar – Google Calendar Plugin