Pretty Google Calendar Security & Risk Analysis
wordpress.org/plugins/pretty-google-calendarEmbedded Google Calendars that don't suck.
Is Pretty Google Calendar Safe to Use in 2026?
Generally Safe
Score 96/100Pretty Google Calendar has a strong security track record. Known vulnerabilities have been patched promptly.
The 'pretty-google-calendar' v2.2.1 plugin exhibits a generally good security posture with strong adherence to secure coding practices. The static analysis reveals no critical or high severity taint flows, and all SQL queries are properly prepared. Furthermore, the plugin demonstrates robust implementation of nonce and capability checks, with a high percentage of output escaping, and a minimal attack surface. Notably, there are no unpatched CVEs, indicating that past vulnerabilities have been addressed by the developers.
Despite these strengths, the plugin's history reveals three past medium severity vulnerabilities, specifically related to Missing Authorization and Cross-Site Scripting (XSS). While these are currently patched, this pattern suggests a historical susceptibility to input validation and authorization issues. The lack of reported taint flows in this analysis doesn't entirely negate the possibility of subtle vulnerabilities, especially considering past XSS and authorization flaws which can sometimes be complex to detect with static analysis alone. However, the current version's static analysis is promising.
In conclusion, the current version of 'pretty-google-calendar' appears to be significantly more secure than its past iterations, with strong preventative measures in place. The historical context, however, warrants a degree of caution, as it indicates the need for ongoing vigilance and thorough testing for potential authorization and input sanitization issues.
Key Concerns
- Past medium severity CVEs (3 total)
Pretty Google Calendar Security Vulnerabilities
CVEs by Year
Severity Breakdown
3 total CVEs
Pretty Google Calendar <= 2.0.0 - Missing Authorization to Unauthenticated Google API Key Exposure
Pretty Google Calendar <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Pretty Google Calendar <= 1.5.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via pretty_google_calendar shortcode
Pretty Google Calendar Code Analysis
SQL Query Safety
Output Escaping
Pretty Google Calendar Attack Surface
AJAX Handlers 1
Shortcodes 1
WordPress Hooks 6
Maintenance & Trust
Pretty Google Calendar Maintenance & Trust
Maintenance Signals
Community Trust
Pretty Google Calendar Alternatives
Legacy Google Calendar Events 2.4
legacy-google-calendar-events
Fork of the Google Calendar Events 2.4 WordPress plugin. Intended for backwards compatibility only.
Google Calendar Widget & Short Code
wpgcal
Adds a widget and shortcode to display or embed Google Calendars in WordPress.
Simple Calendar – Google Calendar Plugin
google-calendar-events
Add Google Calendar events to your WordPress site in minutes. Beautiful calendar displays. Mobile responsive.
ICS Calendar
ics-calendar
Add the calendar you already use to Any WordPress site! Google Calendar, Microsoft 365, iCloud and more… no API keys or complicated setup required.
Booking Manager – Sync WP Booking Calendar – Import Events, Export Bookings to ICS Calendar
booking-manager
Showing events listing from .ics feeds or sync bookings from different sources to your website
Pretty Google Calendar Developer Profile
5 plugins · 6K total installs
How We Detect Pretty Google Calendar
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/pretty-google-calendar/public/css/pgcal.css/wp-content/plugins/pretty-google-calendar/public/css/tippy.css/wp-content/plugins/pretty-google-calendar/public/lib/fullcalendar/main.min.css/wp-content/plugins/pretty-google-calendar/public/lib/tippy/light.css/wp-content/plugins/pretty-google-calendar/public/lib/fullcalendar/index.global.min.js/wp-content/plugins/pretty-google-calendar/public/lib/fullcalendar/google-calendar/index.global.min.js/wp-content/plugins/pretty-google-calendar/public/lib/fullcalendar/locales/locales-all.global.min.js/wp-content/plugins/pretty-google-calendar/public/lib/popper/popper.min.js+5 more/wp-content/plugins/pretty-google-calendar/public/js/helpers.js/wp-content/plugins/pretty-google-calendar/public/js/pgcal.js/wp-content/plugins/pretty-google-calendar/public/js/tippy.jspretty-google-calendar/public/css/pgcal.css?ver=pretty-google-calendar/public/css/tippy.css?ver=pretty-google-calendar/public/lib/fullcalendar/main.min.css?ver=pretty-google-calendar/public/lib/tippy/light.css?ver=pretty-google-calendar/public/lib/fullcalendar/index.global.min.js?ver=pretty-google-calendar/public/lib/fullcalendar/google-calendar/index.global.min.js?ver=pretty-google-calendar/public/lib/fullcalendar/locales/locales-all.global.min.js?ver=pretty-google-calendar/public/lib/popper/popper.min.js?ver=pretty-google-calendar/public/lib/tippy/tippy.min.js?ver=pretty-google-calendar/public/js/helpers.js?ver=pretty-google-calendar/public/js/pgcal.js?ver=pretty-google-calendar/public/js/tippy.js?ver=pretty-google-calendar/public/css/pgcal-admin.css?ver=HTML / DOM Fingerprints
pgcal-containerpgcal-list-viewpgcal-today-button<!-- BEGIN PRETTY GOOGLE CALENDAR SHORTCODE --><!-- END PRETTY GOOGLE CALENDAR SHORTCODE -->data-gcaldata-cal-idsdata-localedata-list-typedata-custom-list-buttondata-custom-days+10 morepgcal_render_calendarpgcal_helperspgcal_loaderpgcal_tippy/wp-json/pgcal/v1/settings<div class="pgcal-container" id="pgcal-{{id_hash}}" <div class="pgcal-list-view" <button class="pgcal-today-button"