Does MDJM Extension – Google Calendar Sync have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is MDJM Extension – Google Calendar Sync compatible with WordPress 6.9.4?

According to WordPress.org data, MDJM Extension – Google Calendar Sync 2.3.8.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is MDJM Extension – Google Calendar Sync compatible with PHP 8.2+?

MDJM Extension – Google Calendar Sync requires PHP 8.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MDJM Extension – Google Calendar Sync updated?

MDJM Extension – Google Calendar Sync was last updated on Jan 5, 2026. Frequent updates are generally a positive security signal.

What is MDJM Extension – Google Calendar Sync's security score?

MDJM Extension – Google Calendar Sync has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MDJM Extension – Google Calendar Sync Security & Risk Analysis

wordpress.org/plugins/mdjm-google-calendar-sync

Automatically adds your event bookings to your Google calendar and keeps them up to date.

10 active installs v2.3.8.1 PHP 8.2+ WP 6.6+ Updated Jan 5, 2026

calendarevent-managementevent-plannerevent-planninggoogle

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is MDJM Extension – Google Calendar Sync Safe to Use in 2026?

Generally Safe

Score 100/100

MDJM Extension – Google Calendar Sync has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The mdjm-google-calendar-sync plugin v2.3.8.1 exhibits a generally positive security posture with some notable areas of concern. The plugin demonstrates good practices by utilizing prepared statements for most SQL queries, ensuring a high percentage of properly escaped output, and including nonce checks. The absence of file operations and external HTTP requests further strengthens its security. However, the presence of one AJAX handler without authentication checks represents a significant potential entry point for attackers. While no critical or high severity taint flows were identified, the existence of a flow with an unsanitized path warrants attention, even if its severity is currently low.

The plugin benefits from a clean vulnerability history, with zero recorded CVEs. This suggests either a history of robust security development or a lack of targeted exploitation. However, relying solely on past history can be misleading, and the identified unprotected AJAX handler remains a tangible risk that could be exploited regardless of historical CVEs. Overall, the plugin has strengths in its data handling and output sanitization, but the unprotected AJAX endpoint is a critical weakness that needs to be addressed to improve its security.

Key Concerns

Unprotected AJAX handler
Flow with unsanitized path

Vulnerabilities

None known

MDJM Extension – Google Calendar Sync Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

MDJM Extension – Google Calendar Sync Release Timeline

v2.3.8.1Current

v2.3.8

v2.3.6.1

v2.3.6

v2.3.5.1

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3

v2.2.2

v2.2.1

v2.2.0

Code Analysis

Analyzed Mar 17, 2026

MDJM Extension – Google Calendar Sync Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

27 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

SQL Query Safety

67% prepared3 total queries

Output Escaping

90% escaped30 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

gcal_get_auth_token (includes\mdjm-gcal-init.php:173)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

MDJM Extension – Google Calendar Sync Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_gcal_full_syncincludes\mdjm-gcal-init.php:388

REST API Routes 1

GET/wp-json/mdjm/v1/calendar-feedincludes\class-mdjm-ics-feed.php:17

WordPress Hooks 16

actionmdjm-logout_googleincludes\class-mdjm-google.php:87

actionmdjm-delete_event_entryincludes\class-mdjm-google.php:90

actionmdjm_google_delete_all_entriesincludes\class-mdjm-google.php:93

actionmdjm_daily_scheduled_eventsincludes\class-mdjm-google.php:96

actionmdjm_google_calendar_absence_syncincludes\class-mdjm-google.php:99

actionrest_api_initincludes\mdjm-gcal-init.php:49

actionadmin_noticesincludes\mdjm-gcal-init.php:95

actionadmin_noticesincludes\mdjm-gcal-init.php:102

filtermdjm_settings_extensionsincludes\mdjm-gcal-init.php:384

actionmdjm-unauth_gcalincludes\mdjm-gcal-init.php:385

actionmdjm_after_event_saveincludes\mdjm-gcal-init.php:386

actionadmin_enqueue_scriptsincludes\mdjm-gcal-init.php:387

actionadmin_noticesincludes\mdjm-gcal-init.php:508

filtermdjm_settings_sections_extensionsincludes\mdjm-gcal-init.php:1142

actionadmin_initincludes\upgrade-functions.php:47

actionplugins_loadedmdjm-google-calendar-sync.php:91

Scheduled Events 2

mdjm_google_calendar_daily_sync

Maintenance & Trust

MDJM Extension – Google Calendar Sync Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 5, 2026

PHP min version8.2

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

MDJM Extension – Google Calendar Sync Alternatives

Simple Calendar – Google Calendar Plugin

google-calendar-events

Add Google Calendar events to your WordPress site in minutes. Beautiful calendar displays. Mobile responsive.

50K 7 CVEs

ICS Calendar

ics-calendar

Add the calendar you already use to Any WordPress site! Google Calendar, Microsoft 365, iCloud and more… no API keys or complicated setup required.

10K 1 CVE

Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform

sugar-calendar-lite

Easily manage events and sell tickets on your WordPress site. Sugar Calendar is easy-to-use, reliable, and exceptionally powerful. See for yourself.

10K 2 CVEs

Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)

wp-event-solution

Events calendar plugin for WordPress to manage events, bookings, registrations, scheduling, virtual events, and tickets sales.

10K 21 CVEs

EventON – Events Calendar

eventon-lite

Create beautiful, responsive event calendars with unlimited events, repeating schedules, virtual support, and a sleek minimal design!

6K 12 CVEs

Developer Profile

MDJM Extension – Google Calendar Sync Developer Profile

MDJM

2 plugins · 50 total installs

trust score

Avg Security Score

83/100

Avg Patch Time

26 days

View full developer profile

Detection Fingerprints

How We Detect MDJM Extension – Google Calendar Sync

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mdjm-google-calendar-sync/libs/Google/vendor/autoload.php

HTML / DOM Fingerprints

HTML Comments

+6 more

Data Attributes

data-gcal-options

JS Globals

mdjm_gcal_options

REST Endpoints

/wp-json/mdjm-gcal-integration/v1/calendar-feed

FAQ