Does My Calendar – Accessible Event Manager have any unpatched vulnerabilities?

No. All known vulnerabilities in My Calendar – Accessible Event Manager have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is My Calendar – Accessible Event Manager compatible with WordPress 6.9.4?

According to WordPress.org data, My Calendar – Accessible Event Manager 3.7.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is My Calendar – Accessible Event Manager compatible with PHP 7.4+?

My Calendar – Accessible Event Manager requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is My Calendar – Accessible Event Manager updated?

My Calendar – Accessible Event Manager was last updated on Mar 4, 2026. Frequent updates are generally a positive security signal.

What is My Calendar – Accessible Event Manager's security score?

My Calendar – Accessible Event Manager has a WP-Safety security score of 77/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

My Calendar – Accessible Event Manager Security & Risk Analysis

wordpress.org/plugins/my-calendar

Accessible WordPress event calendar plugin. Manage single or recurring events, event venues, and display your calendar anywhere on your site.

20K active installs v3.7.6 PHP 7.4+ WP 6.5+ Updated Mar 4, 2026

accessibilityevent-calendarevent-managerlocationvenue

B · Generally Safe

CVEs total16

Unpatched0

Last CVEMar 3, 2026

Plugin page Download

Safety Verdict

Is My Calendar – Accessible Event Manager Safe to Use in 2026?

Mostly Safe

Score 77/100

My Calendar – Accessible Event Manager is generally safe to use. 16 past CVEs were resolved. Keep it updated.

16 known CVEsLast CVE: Mar 3, 2026Updated 29d ago

Risk Assessment

The 'my-calendar' v3.7.6 plugin exhibits a mixed security posture. While it demonstrates strong adherence to secure coding practices in many areas, such as a high percentage of SQL prepared statements and properly escaped output, significant concerns remain. The presence of two dangerous functions, specifically 'unserialize,' without explicit mention of sanitization for its usage, warrants caution. Furthermore, the static analysis reveals an attack surface with 3 unprotected entry points out of 24 total, including an unprotected REST API route and two AJAX handlers lacking authentication checks, presenting immediate opportunities for unauthorized actions.

Taint analysis indicates a worrying trend, with 38 high-severity flows identified. These flows, coupled with the presence of dangerous functions, suggest a potential for severe vulnerabilities if not adequately addressed. The plugin's history of 16 known CVEs, although currently all patched, includes past critical and high-severity vulnerabilities. The types of past vulnerabilities are also concerning, encompassing Cross-site Scripting, Missing Authorization, SQL Injection, CSRF, Open Redirect, and Path Traversal, indicating recurring areas of weakness.

In conclusion, while 'my-calendar' v3.7.6 shows strengths in output escaping and SQL query sanitization, the identified unprotected entry points, critical taint flows, and the historical pattern of diverse and severe vulnerabilities suggest a moderate to high risk. Vigilance and thorough auditing of the 'unserialize' usage and the identified taint flows are paramount for mitigating potential security threats.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API route
High severity taint flows
Dangerous function: unserialize
Past critical CVEs (historically)
Past high severity CVEs (historically)

Vulnerabilities

My Calendar – Accessible Event Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2012

2012

3 CVEs in 2015

2015

1 CVE in 2018

2018

1 CVE in 2019

2019

1 CVE in 2021

2021

2 CVEs in 2022

2022

3 CVEs in 2023

2023

2 CVEs in 2024

2024

1 CVE in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

16 total CVEs

CVE-2026-2355medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My Calendar – Accessible Event Manager <= 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

Mar 3, 2026 Patched in 3.7.4 (1d)

CVE-2025-67592medium · 4.3Missing Authorization

My Calendar <= 3.6.16 - Missing Authorization

Dec 15, 2025 Patched in 3.6.17 (6d)

CVE-2024-1274medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My Calendar <= 3.4.23 - Authenticated (Admin+) Stored Cross-Site Scripting via Events

Feb 11, 2024 Patched in 3.4.24 (74d)

CVE-2024-25916medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My Calendar <= 3.4.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Feb 11, 2024 Patched in 3.4.24 (10d)

CVE-2023-6360critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

My Calendar <= 3.4.21 - Unauthenticated SQL Injection

Nov 26, 2023 Patched in 3.4.22 (58d)

CVE-2023-23813high · 8.8Cross-Site Request Forgery (CSRF)

My Calendar <= 3.4.3 - Cross-Site Request Forgery

Jan 20, 2023 Patched in 3.4.4 (368d)

CVE-2022-47427high · 7.1Cross-Site Request Forgery (CSRF)

My Calendar <= 3.3.24.1 - Cross-Site Request Forgery

Jan 3, 2023 Patched in 3.3.25 (385d)

CVE-2022-36371medium · 4.7URL Redirection to Untrusted Site ('Open Redirect')

My Calendar <= 3.3.16 - Open Redirect

Aug 2, 2022 Patched in 3.3.17 (539d)

WF-801132f5-e4ea-4d56-8429-9f33896f6dff-my-calendarmedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My Calendar <= 3.3.16 - Administrator+ Stored Cross-Site Scripting

Jul 18, 2022 Patched in 3.3.17 (554d)

CVE-2021-24927medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My Calendar <= 3.2.17 - Subscriber+ Reflected Cross-Site Scripting

Nov 1, 2021 Patched in 3.2.18 (813d)

CVE-2019-15713medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My Calendar <= 3.1.9 - Unauthenticated Cross-Site Scripting

Apr 30, 2019 Patched in 3.1.10 (1729d)

WF-a42dce68-0e64-46a6-926e-b676071744b9-my-calendarmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My Calendar <= 2.5.16 - Authenticated Stored Cross-Site Scripting

Apr 4, 2018 Patched in 2.5.17 (2120d)

WF-8de8a412-af19-4a1e-a131-47815b38517f-my-calendarmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My Calendar < 2.3.30 - Reflected Cross-Site Scripting

May 15, 2015 Patched in 2.3.30 (3175d)

WF-cfffe880-e3f9-4163-a726-e248433e1034-my-calendarcritical · 9.8Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

My Calendar <= 2.3.29 - Path Traversal to Remote Code Execution

May 15, 2015 Patched in 2.3.30 (3175d)

WF-d8a56a1c-6af0-47e6-906c-bb3eb1440eb9-my-calendarmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My Calendar < 2.3.10 - Reflected Cross-Site Scripting

Apr 20, 2015 Patched in 2.3.10 (3200d)

CVE-2012-6527medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My Calendar < 1.10.5 - Cross-Site Scripting

Jan 18, 2012 Patched in 1.10.5 (4388d)

Code Analysis

Analyzed Mar 16, 2026

My Calendar – Accessible Event Manager Code Analysis

Dangerous Functions

Raw SQL Queries

183 prepared

Unescaped Output

1967 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$location_access = ! empty( $post['event_access_hidden'] ) ? unserialize( $post['event_access_hiddmy-calendar-event-editor.php:2424

unserialize$access = ( $location->location_access ) ? unserialize( $location->location_access ) : array();my-calendar-install.php:685

SQL Query Safety

79% prepared233 total queries

Output Escaping

99% escaped1994 total outputs

Data Flows

49 unsanitized

Data Flow Analysis

25 flows49 with unsanitized paths

my_calendar_manage_access_terms (my-calendar-access-terms.php:48)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

My Calendar – Accessible Event Manager Attack Surface

Entry Points24

Unprotected3

AJAX Handlers 11

authwp_ajax_mc_core_autocomplete_search_pagesmy-calendar-ajax.php:16

authwp_ajax_mc_core_autocomplete_search_iconsmy-calendar-ajax.php:54

authwp_ajax_mc_core_autocomplete_search_countriesmy-calendar-ajax.php:113

authwp_ajax_add_categorymy-calendar-ajax.php:148

authwp_ajax_mcjs_actionmy-calendar-ajax.php:208

noprivwp_ajax_mcjs_actionmy-calendar-ajax.php:209

authwp_ajax_display_recurrencemy-calendar-ajax.php:257

authwp_ajax_delete_occurrencemy-calendar-ajax.php:290

authwp_ajax_add_datemy-calendar-ajax.php:336

authwp_ajax_mc_core_autocomplete_search_locationsmy-calendar-ajax.php:454

noprivwp_ajax_mc_core_autocomplete_search_locationsmy-calendar-ajax.php:455

REST API Routes 1

GET/wp-json/my-calendar/v1/events/my-calendar-api.php:483

Shortcodes 12

[my_calendar] my-calendar.php:557

[my_calendar_upcoming] my-calendar.php:558

[my_calendar_today] my-calendar.php:559

[my_calendar_locations] my-calendar.php:560

[my_calendar_categories] my-calendar.php:561

[my_calendar_access] my-calendar.php:562

[mc_filters] my-calendar.php:563

[my_calendar_show_locations] my-calendar.php:564

[my_calendar_event] my-calendar.php:565

[my_calendar_search] my-calendar.php:566

[my_calendar_now] my-calendar.php:567

[my_calendar_next] my-calendar.php:568

WordPress Hooks 126

actionadmin_menuincludes\general-utilities.php:74

filterwp_kses_allowed_htmlincludes\kses.php:31

actionload-options-permalink.phpincludes\post-types.php:43

filtermc_event_slugincludes\post-types.php:300

filterthe_postsincludes\post-types.php:302

filterdefault_contentincludes\post-types.php:337

actionwp_after_insert_postincludes\post-types.php:538

filterwp_privacy_personal_data_exportersincludes\privacy.php:16

filterwp_privacy_personal_data_erasersincludes\privacy.php:114

filterscreen_settingsincludes\screen-options.php:53

filterset-screen-optionincludes\screen-options.php:117

actionmc_import_tribeincludes\tribe.php:82

actioninitincludes\tribe.php:92

filtermc_build_urlincludes\urls.php:164

filterpll_translation_urlincludes\urls.php:186

filtermc_upcoming_events_headermy-calendar-ajax.php:217

filtermc_upcoming_events_footermy-calendar-ajax.php:218

actionrest_api_initmy-calendar-api.php:507

actionadmin_initmy-calendar-behaviors.php:37

actiontemplate_redirectmy-calendar-call-template.php:17

filtershow_admin_barmy-calendar-call-template.php:39

actionshow_user_profilemy-calendar-categories.php:977

actionedit_user_profilemy-calendar-categories.php:978

actionprofile_updatemy-calendar-categories.php:979

filtersafe_style_cssmy-calendar-categories.php:1593

actionwp_feed_optionsmy-calendar-core.php:35

filtermc_registered_stylesheetmy-calendar-core.php:160

actionwp_enqueue_scriptsmy-calendar-core.php:267

actionmc_print_view_headmy-calendar-core.php:568

actionin_plugin_update_message-my-calendar/my-calendar.phpmy-calendar-core.php:741

actionwp_enqueue_scriptsmy-calendar-core.php:857

actionadmin_enqueue_scriptsmy-calendar-core.php:858

actionadmin_headmy-calendar-core.php:1012

actionadmin_bar_menumy-calendar-core.php:1414

filterbody_classmy-calendar-core.php:1430

filterdisplay_post_statesmy-calendar-core.php:1550

filterwp_mail_content_typemy-calendar-core.php:1574

actionadmin_enqueue_scriptsmy-calendar-core.php:1775

actionadmin_enqueue_scriptsmy-calendar-core.php:1889

actioninitmy-calendar-core.php:2298

filtermc_event_registrationmy-calendar-core.php:2303

filtermc_datetime_inputsmy-calendar-core.php:2304

actionmc_transition_eventmy-calendar-core.php:2305

actionmc_delete_eventmy-calendar-core.php:2306

actionmc_mass_delete_eventsmy-calendar-core.php:2307

actionparse_requestmy-calendar-core.php:2308

actiondelete_postmy-calendar-core.php:2309

filterpost_updated_messagesmy-calendar-core.php:2313

filternext_post_linkmy-calendar-core.php:2314

filterprevious_post_linkmy-calendar-core.php:2315

filterthe_titlemy-calendar-core.php:2316

filterbody_classmy-calendar-core.php:2317

actioninitmy-calendar-core.php:2320

actioninitmy-calendar-core.php:2321

filterthe_titlemy-calendar-core.php:2357

filterthe_titlemy-calendar-core.php:2388

filterget_edit_post_linkmy-calendar-core.php:2416

actionadmin_noticesmy-calendar-core.php:2508

actionsend_headersmy-calendar-core.php:2555

actioninitmy-calendar-core.php:2587

actionmc_schedule_promotion_actionmy-calendar-core.php:2605

actionadmin_noticesmy-calendar-core.php:2615

actionadmin_noticesmy-calendar-core.php:2632

actionadmin_initmy-calendar-event-editor.php:455

actionsave_postmy-calendar-event-editor.php:3088

filtermc_instance_datamy-calendar-event-editor.php:3348

filtermc_instance_formatmy-calendar-event-editor.php:3369

actionmc_save_eventmy-calendar-event-editor.php:3858

actionadmin_enqueue_scriptsmy-calendar-help.php:220

actionadmin_enqueue_scriptsmy-calendar-help.php:253

actiontemplate_redirectmy-calendar-iframe.php:16

actionmc_event_access_migrationmy-calendar-install.php:636

actionadmin_initmy-calendar-install.php:649

actionmc_location_access_migrationmy-calendar-install.php:706

filtermc_modify_locationmy-calendar-locations.php:68

filtermc_save_locationmy-calendar-locations.php:121

actionmc_update_location_postmy-calendar-locations.php:163

actionmc_create_location_postmy-calendar-locations.php:164

actionmc_delete_locationmy-calendar-locations.php:190

filtermc_filter_shortcodesmy-calendar-locations.php:1194

filterthe_contentmy-calendar-locations.php:1894

filtermc_disable_linkmy-calendar-output.php:853

filtermc_after_eventmy-calendar-output.php:974

actiontemplate_redirectmy-calendar-output.php:1179

actiontemplate_redirectmy-calendar-output.php:1245

filterthe_contentmy-calendar-output.php:1325

filterthe_contentmy-calendar-output.php:1447

filtermc_display_formatmy-calendar-output.php:2478

filtermy_calendar_bodymy-calendar-output.php:2605

actiontemplate_redirectmy-calendar-print.php:16

filterthe_titlemy-calendar-search.php:187

filterthe_contentmy-calendar-search.php:206

filtermc_search_exportlinksmy-calendar-search.php:237

filtermc_searched_eventsmy-calendar-search.php:283

actionadmin_initmy-calendar-settings.php:533

actionadd_meta_boxesmy-calendar-shortcodes.php:426

actionsave_postmy-calendar-shortcodes.php:865

actionadmin_initmy-calendar-styles.php:131

filtermc_insert_author_datamy-calendar-templates.php:1558

filtermc_filter_shortcodesmy-calendar-templates.php:1614

filtermc_filter_image_datamy-calendar-templates.php:1767

actionadmin_initmy-calendar-templating.php:66

actioninitmy-calendar-templating.php:198

actionadmin_noticesmy-calendar-templating.php:248

actionadmin_enqueue_scriptsmy-calendar-templating.php:819

actionadmin_initmy-calendar.php:111

actionadmin_menumy-calendar.php:202

actionwp_headmy-calendar.php:203

filterwpseo_schema_graphmy-calendar.php:204

actiondelete_usermy-calendar.php:205

actionwidgets_initmy-calendar.php:206

actioninitmy-calendar.php:207

actionwp_footermy-calendar.php:208

actioninitmy-calendar.php:209

filterwidget_textmy-calendar.php:211

filterplugin_action_linksmy-calendar.php:212

filterpre_get_document_titlemy-calendar.php:213

actiontemplate_redirectmy-calendar.php:262

actionwp_headmy-calendar.php:269

filterwpseo_canonicalmy-calendar.php:271

actiontemplate_redirectmy-calendar.php:274

actioninitmy-calendar.php:287

actionadmin_headmy-calendar.php:484

actionadmin_enqueue_scriptsmy-calendar.php:485

actionadmin_headmy-calendar.php:547

actionadmin_headmy-calendar.php:548

Scheduled Events 2

mc_schedule_promotion_action

Maintenance & Trust

My Calendar – Accessible Event Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 4, 2026

PHP min version7.4

Downloads3.0M

Community Trust

Rating94/100

Number of ratings154

Active installs20K

Alternatives

My Calendar – Accessible Event Manager Alternatives

Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered)

wp-event-solution

Create and manage events with a flexible WordPress events calendar plugin. Add recurring events, RSVP, ticket booking, and WooCommerce ticket selling …

10K 19 CVEs