
Calendar.online / Kalender.digital – Plugin Security & Risk Analysis
wordpress.org/plugins/kalender-digitalPlugin for the integration of a free calendar from Calendar.online or Kalender.digital
Is Calendar.online / Kalender.digital – Plugin Safe to Use in 2026?
Generally Safe
Score 98/100Calendar.online / Kalender.digital – Plugin has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The kalender-digital v1.0.14 plugin exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and having no external HTTP requests, it raises significant concerns regarding output escaping and a lack of robust security checks. The static analysis reveals that only 21% of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the absence of nonce checks, capability checks, and any authentication checks on its entry points (AJAX handlers, REST API routes, shortcodes) is a critical oversight that leaves the plugin highly susceptible to various attacks. The vulnerability history, while showing no currently unpatched CVEs, reveals two medium-severity XSS vulnerabilities in the past, which aligns with the findings of insufficient output escaping. This pattern suggests a recurring weakness that, if not addressed, could lead to future exploitable flaws. In conclusion, despite a clean slate regarding SQL injection and external requests, the severe deficiency in output escaping and the lack of essential security controls on its entry points present a substantial risk. The plugin requires immediate attention to address these critical security gaps.
Key Concerns
- Low output escaping percentage (21%)
- No nonce checks implemented
- No capability checks implemented
- 0 unprotected AJAX handlers, but overall attack surface has no auth checks
- Two medium severity CVEs historically, common XSS
Calendar.online / Kalender.digital – Plugin Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
Calendar.online / Kalender.digital <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
Calendar.online / Kalender.digital <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Calendar.online / Kalender.digital – Plugin Release Timeline
Calendar.online / Kalender.digital – Plugin Code Analysis
Output Escaping
Calendar.online / Kalender.digital – Plugin Attack Surface
Shortcodes 3
WordPress Hooks 7
Maintenance & Trust
Calendar.online / Kalender.digital – Plugin Maintenance & Trust
Maintenance Signals
Community Trust
Calendar.online / Kalender.digital – Plugin Alternatives
Next Event Calendar
next-event-calendar
Easily add Events to WordPress and display them in a beautiful layout Responsive. Organize Events in category and filter them with ajax.
Event Calendar / Scheduler
event-calendar-scheduler
Event calendar plugin that allows you to add a nice-looking scheduler/planner with drag-n-drop interface, recurring events, Google Map integration.
Event Scheduler
event-scheduler
Event scheduler can be used for planning of recurring events.
MDJM Extension – Google Calendar Sync
mdjm-google-calendar-sync
Automatically adds your event bookings to your Google calendar and keeps them up to date.
Evangelische Termine für The Events Calendar
evangelische-termine-for-the-events-calendar
Importiere einfach deine Evangelische Termine in das The Events Calendar Plugin.
Calendar.online / Kalender.digital – Plugin Developer Profile
1 plugin · 2K total installs
How We Detect Calendar.online / Kalender.digital – Plugin
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/kalender-digital/admin/css/kalender-digital-admin.css/wp-content/plugins/kalender-digital/public/css/kalender-digital-public.css/wp-content/plugins/kalender-digital/public/js/kalender-digital-public.js/wp-content/plugins/kalender-digital/admin/js/kalender-digital-admin.jskalender-digital/admin/css/kalender-digital-admin.css?ver=kalender-digital/public/css/kalender-digital-public.css?ver=kalender-digital/public/js/kalender-digital-public.js?ver=kalender-digital/admin/js/kalender-digital-admin.js?ver=HTML / DOM Fingerprints
kalender-digital-containerkalender-digital-shortcode[calendar_online[kalender_digital