Does Really Simple Calendar have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Really Simple Calendar compatible with WordPress 6.8.5?

According to WordPress.org data, Really Simple Calendar 0.4.13 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Really Simple Calendar compatible with PHP 8.2+?

Really Simple Calendar requires PHP 8.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Really Simple Calendar updated?

Really Simple Calendar was last updated on Aug 23, 2025. Frequent updates are generally a positive security signal.

What is Really Simple Calendar's security score?

Really Simple Calendar has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Really Simple Calendar Security & Risk Analysis

wordpress.org/plugins/really-simple-calendar

The single calendar for multi purpos with multi users. Unlimited events and responsive display.

0 active installs v0.4.13 PHP 8.2+ WP 6.7+ Updated Aug 23, 2025

calendarevent-calendarreally-simple-calendarrs-calendarrsc

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Really Simple Calendar Safe to Use in 2026?

Generally Safe

Score 100/100

Really Simple Calendar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago

Risk Assessment

The "really-simple-calendar" plugin v0.4.13 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and having a high percentage of properly escaped output. The absence of known CVEs and critical taint flows is also a strong indicator of a generally secure codebase. However, there are notable areas of concern that warrant attention.

The primary risk identified is the presence of an unprotected AJAX handler. With one out of five total entry points lacking authentication checks, this creates a potential avenue for attackers to trigger plugin functionality without proper authorization. While no specific critical or high severity taint flows were detected, the two flows with unsanitized paths, even if not immediately exploitable in this version, represent a latent risk that could become critical if combined with other factors or if the plugin evolves.

The plugin's vulnerability history is remarkably clean, with zero recorded CVEs. This suggests a history of secure development and diligent patching. Coupled with the good static analysis results for SQL and output handling, this plugin appears to have a solid foundation. Nevertheless, the unprotected AJAX handler is a significant weakness that should be addressed to further strengthen its security.

Key Concerns

Unprotected AJAX handler
Flows with unsanitized paths

Vulnerabilities

None known

Really Simple Calendar Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Really Simple Calendar Release Timeline

v0.3.12

v0.3.11

Code Analysis

Analyzed Mar 17, 2026

Really Simple Calendar Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

360 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

80% escaped451 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths

echo (includes\admin\panels\event.php:152)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Really Simple Calendar Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 4

authwp_ajax_smjp_rsc_mc_get_calendarextensions\multi-calendar\admin\mc-ajax.php:15

authwp_ajax_smjp_rsc_mc_get_calendar_by_shortcodeextensions\multi-calendar\admin\mc-ajax.php:16

authwp_ajax_smjp_rsc_get_calendarincludes\admin\ajax.php:14

authwp_ajax_smjp_rsc_get_calendar_by_shortcodeincludes\admin\ajax.php:15

Shortcodes 1

[rsc] includes\shortcode.php:16

WordPress Hooks 34

actioncurrent_screenextensions\multi-calendar\admin\mc-setting.php:32

actionedit_form_after_editorextensions\multi-calendar\admin\mc-setting.php:33

actionadmin_enqueue_scriptsextensions\multi-calendar\admin\mc-setting.php:34

actionadmin_footerextensions\multi-calendar\admin\mc-setting.php:35

actionsave_postextensions\multi-calendar\admin\mc-setting.php:37

filtersmjp_rsc_get_admin_settingextensions\multi-calendar\admin\mc-setting.php:52

filtersmjp_rsc_is_disabledextensions\multi-calendar\admin\mc-setting.php:53

filtersmjp_rsc_get_event_serchextensions\multi-calendar\admin\mc-setting.php:54

filtersmjp_rsc_locked_fieldsextensions\multi-calendar\admin\mc-setting.php:55

actionsmjp_rsc_get_default_shortcodeextensions\multi-calendar\admin\mc-setting.php:56

filtersmjp_rsc_get_panel_fieldsextensions\multi-calendar\admin\mc-setting.php:59

filtersmjp_rsc_option_fieldsextensions\multi-calendar\admin\mc-setting.php:60

filtersmjp_rsc_before_style_textextensions\multi-calendar\admin\mc-setting.php:61

actionsmjp_rsc_after_style_textextensions\multi-calendar\admin\mc-setting.php:62

filtersmjp_rsc_capability_sectionextensions\multi-calendar\admin\multi-calendar.php:14

actioninitextensions\multi-calendar\multi-calendar.php:33

filtersmjp_rsc_get_optionextensions\multi-calendar\multi-calendar.php:34

actionsmjp_rsc_before_get_calendarextensions\multi-calendar\multi-calendar.php:35

actionsmjp_rsc_after_get_calendarextensions\multi-calendar\multi-calendar.php:36

filtersmjp_rsc_get_stylesheetextensions\multi-calendar\multi-calendar.php:38

filtersmjp_rsc_locked_fieldsextensions\multi-calendar\multi-calendar.php:39

actionadmin_menuincludes\admin\admin.php:40

actionadmin_enqueue_scriptsincludes\admin\admin.php:41

filterscript_loader_tagincludes\admin\panels\event.php:138

actionsmjp_rsc_before_view_panelincludes\admin\part-settings.php:23

actionsmjp_rsc_before_view_panelincludes\admin\part-settings.php:29

actionadmin_initincludes\admin\setting.php:25

filtersmjp_rsc_get_month_th_valueincludes\calendar\calendar.php:30

filtersmjp_rsc_get_week_th_valueincludes\calendar\calendar.php:32

filtersmjp_rsc_get_day_th_valueincludes\calendar\calendar.php:33

actionwp_enqueue_scriptsincludes\calendar\calendar.php:35

filtersmjp_rsc_after_render_calendar_tablesincludes\calendar\style.php:27

actionplugins_loadedreally-simple-calendar.php:55

actionwidgets_initreally-simple-calendar.php:56

Maintenance & Trust

Really Simple Calendar Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 23, 2025

PHP min version8.2

Downloads408

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Really Simple Calendar Alternatives

My Calendar – Accessible Event Manager

my-calendar

Accessible WordPress event calendar plugin. Manage single or recurring events, event venues, and display your calendar anywhere on your site.

20K 17 CVEs

Events Widgets For Elementor And The Events Calendar

events-widgets-for-elementor-and-the-events-calendar

The Events Calendar Elementor widgets help you manage and display an upcoming events list with date, time, venue and event ticket booking details.

10K 1 CVE

Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform

sugar-calendar-lite

Easily manage events and sell tickets on your WordPress site. Sugar Calendar is easy-to-use, reliable, and exceptionally powerful. See for yourself.

10K 2 CVEs

Events Shortcodes For The Events Calendar

template-events-calendar

Add The Events Calendar shortcode or Gutenberg block to show upcoming events list with event details on any WordPress page using smart event filters.

10K 1 CVE

Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)

wp-event-solution

Events calendar plugin for WordPress to manage events, bookings, registrations, scheduling, virtual events, and tickets sales.

10K 21 CVEs

Developer Profile

Really Simple Calendar Developer Profile

sandman.jp

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Really Simple Calendar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/really-simple-calendar/assets/css/style.css/wp-content/plugins/really-simple-calendar/assets/js/frontend.js

Script Paths

/wp-content/plugins/really-simple-calendar/assets/js/frontend.js

Version Parameters

really-simple-calendar/assets/css/style.css?ver=really-simple-calendar/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

smjp_rsc_calendar

Data Attributes

data-rsc-id

Shortcode Output

[really_simple_calendar][really_simple_calendar id=

FAQ