
iCalendrier Security & Risk Analysis
wordpress.org/plugins/icalendrierSimple plugin that displays daily informations like date, name day or moon phase. --- Petit plugin simple qui vous permet d'afficher sur votre si …
Is iCalendrier Safe to Use in 2026?
Generally Safe
Score 85/100iCalendrier has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The iCalendar plugin v1.83 presents a mixed security posture. While the static analysis shows a small attack surface with no immediate unprotected entry points and a complete absence of dangerous functions or raw SQL queries, there are significant concerns regarding output escaping. Only 16% of output points are properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. This is further corroborated by the vulnerability history, which shows a past medium severity XSS vulnerability. The plugin's reliance on unescaped output, combined with a history of XSS, suggests a persistent weakness that could be exploited if input isn't sufficiently sanitized before being displayed to users.
Despite the positive findings of no taint flows and a lack of SQL injection risks, the poor output escaping is a critical flaw. The absence of nonce checks and capability checks on the single shortcode entry point, while not directly flagged as a vulnerability in this static analysis, could become problematic if the shortcode handles user-supplied data that is then rendered unsafely. The history of a medium severity XSS vulnerability, though patched, highlights the plugin's susceptibility to this type of attack. Therefore, while the plugin avoids some common pitfalls, the output escaping issue and past XSS vulnerability warrant careful consideration.
Key Concerns
- Low percentage of properly escaped output
- History of medium severity XSS vulnerability
- No capability checks on entry points
- No nonce checks on entry points
iCalendrier Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
iCalendrier <= 1.80 - Authenticated (Contributor+) Stored Cross-Site Scripting
iCalendrier Release Timeline
iCalendrier Code Analysis
Output Escaping
iCalendrier Attack Surface
Shortcodes 1
WordPress Hooks 3
Maintenance & Trust
iCalendrier Maintenance & Trust
Maintenance Signals
Community Trust
iCalendrier Alternatives
Catholic Liturgy Calendar
catholic-liturgical-calendar
An animation with the current date on the roman catholic liturgical year. It contains links to mass lectures and the saints calendar online.
Calendar.online / Kalender.digital – Plugin
kalender-digital
Plugin for the integration of a free calendar from Calendar.online or Kalender.digital
Moon Calendar Widget
calendrier-lunaire
Display the moon calendar of the day (moon phases, moon rise/set times, ...). Customize the widget (background/border/fonts color) to fit your needs !
Calendario del Perú
calendario-del-peru
Muestra eventos del día del Calendario peruano. Este plugin mostrará 5 titulares del Calendario, todos los días.
runnerplace-calendar
calendario-runnerplace
Utiliza el calendario de carreras populares de RunnerPlace para tenerlo actualizado en tu web.
iCalendrier Developer Profile
1 plugin · 700 total installs
How We Detect iCalendrier
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/icalendrier/css/icalendrier.css/wp-content/plugins/icalendrier/css/themes/icalendrier-alt-1.css/wp-content/plugins/icalendrier/css/icalendrier-admin.cssHTML / DOM Fingerprints
icalendrier-comp175icalendrier-wide300icalendrier-alt-1data-ical-languagedata-ical-timezonedata-ical-showlinkdata-ical-bgcolordata-ical-styledata-ical-widgettitle<div class="icalendrier icalendrier-comp175"><div class="icalendrier icalendrier-wide300">