Does Huurkalender WP have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Huurkalender WP compatible with WordPress 6.9.4?

According to WordPress.org data, Huurkalender WP 1.6.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Huurkalender WP compatible with PHP 5.2.4+?

Huurkalender WP requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Huurkalender WP updated?

Huurkalender WP was last updated on Nov 28, 2025. Frequent updates are generally a positive security signal.

What is Huurkalender WP's security score?

Huurkalender WP has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Huurkalender WP Security & Risk Analysis

wordpress.org/plugins/huurkalender-wp

Ontvang boekingen via uw eigen kalender en toon de beschikbaarheid van Huurkalender.nl op uw WordPress website.

800 active installs v1.6.5 PHP 5.2.4+ WP 4.6+ Updated Nov 28, 2025

beschikbaarheidskalenderboekingssysteemhuurkalenderreserveringssysteemverhuurkalender

A · Safe

CVEs total1

Unpatched0

Last CVEJan 7, 2025

Download

Safety Verdict

Is Huurkalender WP Safe to Use in 2026?

Generally Safe

Score 99/100

Huurkalender WP has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 7, 2025Updated 5mo ago

Risk Assessment

The "huurkalender-wp" plugin v1.6.5 exhibits a generally good security posture based on the static analysis. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests are all positive indicators. Furthermore, the high percentage of properly escaped output suggests a good understanding of preventing common web vulnerabilities.

However, a notable concern arises from the vulnerability history. The plugin has a known medium severity Cross-Site Scripting (XSS) vulnerability, and while it is currently patched, the presence of such vulnerabilities in the past warrants caution. The static analysis did not reveal any critical or high-severity taint flows, which is positive, but the lack of explicit nonce checks and capability checks on the identified entry point (shortcode) could be a weakness if the shortcode handles user-supplied data in a sensitive manner.

In conclusion, while the current version demonstrates strong defensive coding practices in many areas, the historical XSS vulnerability and the potential for unauthenticated shortcode execution (if not handled carefully) are points of attention. The plugin's strengths lie in its avoidance of common risky coding patterns, but continuous vigilance and robust testing are recommended.

Key Concerns

Medium severity XSS vulnerability history
No capability checks on shortcode
No nonce checks on entry points

Vulnerabilities

1 published

Huurkalender WP Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-22528medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Huurkalender WP <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 7, 2025 Patched in 1.6.0 (24d)

Version History

Huurkalender WP Release Timeline

v1.0.51 CVE

CVE-2025-22528

Code Analysis

Analyzed Mar 16, 2026

Huurkalender WP Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

10 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

91% escaped11 total outputs

Attack Surface

Huurkalender WP Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[huurkalender] huurkalender-wp.php:43

WordPress Hooks 4

actioninithuurkalender-wp.php:35

actionadmin_inithuurkalender-wp.php:36

actionwp_enqueue_scriptshuurkalender-wp.php:37

actionadmin_menuhuurkalender-wp.php:42

Maintenance & Trust

Huurkalender WP Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 28, 2025

PHP min version5.2.4

Downloads13K

Community Trust

Rating80/100

Number of ratings4

Active installs800

Alternatives

Huurkalender WP Alternatives

OnlineAfspraken Plugin

onlineafspraken-wordpress-plugin

Met deze plugin plaatst u de OnlineAfspraken boekingswidget in uw WordPress site.

10 No CVEs

Developer Profile

Huurkalender WP Developer Profile

Huurkalender.nl

1 plugin · 800 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

24 days

View full developer profile

Detection Fingerprints

How We Detect Huurkalender WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/huurkalender-wp/online/embed/huurkalender.js/wp-content/plugins/huurkalender-wp/online/embed/huurkalender.css

Script Paths

https://www.huurkalender.nl/online/embed/huurkalender.js

Version Parameters

huurkalender-wp/online/embed/huurkalender.js?ver=huurkalender-wp/online/embed/huurkalender.css?ver=

HTML / DOM Fingerprints

CSS Classes

huurkalender-embedhuurkalender-embed-containerhuurkalender-embed-container_overviewcalendar_alert

Data Attributes

id="iframe_huurkalender_id="iframe_huurkalender_booking3_id="iframe_huurkalender_view2_

Shortcode Output

<div class="huurkalender-embed huurkalender-embed-container"><iframe id="iframe_huurkalender_<div class="huurkalender-embed huurkalender-embed-container_overview"><iframe id="iframe_huurkalender_view2_

FAQ