Does L Events Calendar have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is L Events Calendar compatible with WordPress 4.3.34?

According to WordPress.org data, L Events Calendar 1.0.1 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is L Events Calendar updated?

L Events Calendar was last updated on Sep 8, 2015. Frequent updates are generally a positive security signal.

What is L Events Calendar's security score?

L Events Calendar has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

L Events Calendar Security & Risk Analysis

wordpress.org/plugins/l-events-calendar

A beautiful responsive calendar. Manage events with ease and simplicity.

10 active installs v1.0.1 PHP + WP 3.5.0+ Updated Sep 8, 2015

calendarcustomdateseventsresponsive

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is L Events Calendar Safe to Use in 2026?

Generally Safe

Score 85/100

L Events Calendar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The plugin "l-events-calendar" v1.0.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and having a history free of reported vulnerabilities, indicating a potentially stable codebase. The absence of dangerous functions, file operations, and external HTTP requests further contribute to its safety.

However, a significant concern arises from the substantial attack surface exposed by four AJAX handlers that lack authentication checks. This makes them prime targets for unauthorized actions if an attacker can trigger them. While the static analysis did not reveal any critical taint flows or dangerous functions, the sheer number of unprotected entry points presents a tangible risk. The presence of only two capability checks and one nonce check also suggests a potential for privilege escalation or cross-site request forgery attacks if exploited in conjunction with the unprotected AJAX endpoints.

Overall, the plugin's clean vulnerability history is encouraging, but the lack of authentication on a considerable portion of its AJAX endpoints is a critical weakness that overshadows its strengths. This needs to be addressed to significantly improve its security.

Key Concerns

Unprotected AJAX handlers
Limited nonce checks
Limited capability checks
Unescaped output (25%)

Vulnerabilities

None known

L Events Calendar Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

L Events Calendar Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

L Events Calendar Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

75% escaped16 total outputs

Attack Surface

4 unprotected

L Events Calendar Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 4

authwp_ajax_lec_getmonthcalendarcore\calendar-api.php:2

noprivwp_ajax_lec_getmonthcalendarcore\calendar-api.php:3

authwp_ajax_lec_getMonthImagescore\calendar-api.php:5

noprivwp_ajax_lec_getMonthImagescore\calendar-api.php:6

Shortcodes 1

[l-events-calendar] core\shortcode.php:114

WordPress Hooks 12

actionmedia_buttonscore\custom-media-button.php:7

actionwp_enqueue_mediacore\custom-media-button.php:8

actioninitcore\initial-post-type.php:2

actioninitcore\initial-post-type.php:51

actionadd_meta_boxescore\l-events-custom-fields.php:20

actionsave_postcore\l-events-custom-fields.php:199

actionadmin_menucore\option-page.php:8

actionadmin_initcore\option-page.php:9

actionadmin_enqueue_scriptscore\option-page.php:10

filtermedia_view_stringscore\option-page.php:94

actionadmin_enqueue_scriptsl-events-calendar.php:35

actionwp_enqueue_scriptsl-events-calendar.php:45

Maintenance & Trust

L Events Calendar Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedSep 8, 2015

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

L Events Calendar Alternatives

Calendar

calendar

A simple but effective Calendar plugin for WordPress that allows you to manage your events and appointments and display them to the world.

4K 5 CVEs

FT Calendar

ft-calendar

A calendar plugin supporting multiple calendars, recurring events, and several different widgets / shortcodes. More info at http://calendar-plugin.com

100 No CVEs

AM Events

am-events

Manage and display your events. Allows fully customizable layouts and includes a widget for upcoming events.

90 1 unpatched

Event CLNDR

event-clndr

An uncomplicated event manager with a highly customisable (developer-friendly) front-end calendar utilising CLNDR.js.

70 No CVEs

Calendar Plus

calendar-plus

A simple Calendar plugin for WordPress that allows 2 seperate calendars. This can be used as a drop-in replacement for the original Calendar plugin.

50 1 unpatched

Developer Profile

L Events Calendar Developer Profile

Loi Truong

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect L Events Calendar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/l-events-calendar/css/admin/admin-main-style.css/wp-content/plugins/l-events-calendar/css/admin/jquery-ui.min.css/wp-content/plugins/l-events-calendar/js/admin/wp-media-screen.js/wp-content/plugins/l-events-calendar/js/admin/post-type.js/wp-content/plugins/l-events-calendar/css/calendar.css/wp-content/plugins/l-events-calendar/js/calendar.js/wp-content/plugins/l-events-calendar/js/admin/custom-media-button-plugin.js

Script Paths

/wp-content/plugins/l-events-calendar/js/admin/wp-media-screen.js/wp-content/plugins/l-events-calendar/js/admin/post-type.js/wp-content/plugins/l-events-calendar/js/calendar.js/wp-content/plugins/l-events-calendar/js/admin/custom-media-button-plugin.js

HTML / DOM Fingerprints

CSS Classes

calendar-image-optionyes-pleaseround-blockgallery-coveractivestag-metabox-table-buttongallery-sortablegallery-image+2 more

Data Attributes

id="dispalyImage"id="mycalendarcolor"id="submitcustommedia"attachmentIdid="calendar_image_option"id="calendar_gallery"

JS Globals

window.lec_media_button_file

Shortcode Output

<a href="#TB_inline&inlineId=hiddenModalContent" title="L-events Calendar" class="button thickbox"><span class="dashicons dashicons-calendar-alt" style="position: relative; top: 2px;"></span> L-events</a>

<div id="hiddenModalContent" style="display: none">

FAQ