WP-Safety

Simple calendar for Elementor Security & Risk Analysis

wordpress.org/plugins/simple-calendar-for-elementor

Simple calendar plugin for Elementor to show e.g. availability on different days. You can choose between different layouts, colors, create multiple ca …

500 active installs v1.6.7 PHP 7.2+ WP 5.2+ Updated Jan 22, 2026
availability-calendarbelegungbookingcalendarelementor
96
A · Safe
CVEs total3
Unpatched0
Last CVEJan 27, 2026
Download
Safety Verdict

Is Simple calendar for Elementor Safe to Use in 2026?

Generally Safe

Score 96/100

Simple calendar for Elementor has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Jan 27, 2026Updated 3mo ago
Risk Assessment

The "simple-calendar-for-elementor" v1.6.7 plugin exhibits a mixed security posture. While it demonstrates a lack of dangerous functions, file operations, and external HTTP requests, significant concerns arise from its attack surface. A substantial number of AJAX handlers (10 out of 10) lack authorization checks, presenting a broad entry point for potential abuse. The taint analysis further amplifies these concerns, revealing 4 high-severity flows with unsanitized paths, indicating a risk of data injection or manipulation.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • Low percentage of prepared SQL statements
  • Moderate percentage of properly escaped output
  • Total known CVEs
Vulnerabilities
3 published

Simple calendar for Elementor Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2026-1310medium · 5.3Missing Authorization

Simple calendar for Elementor <= 1.6.6 - Missing Authorization to Unauthenticated Arbitrary Calendar Entry Deletion

Jan 27, 2026 Patched in 1.6.7 (1d)
CVE-2025-47542medium · 4.3Cross-Site Request Forgery (CSRF)

Simple calendar for Elementor <= 1.6.5 - Cross-Site Request Forgery

May 7, 2025 Patched in 1.6.6 (7d)
CVE-2025-46249medium · 4.3Cross-Site Request Forgery (CSRF)

Simple calendar for Elementor <= 1.6.4 - Cross-Site Request Forgery

Apr 22, 2025 Patched in 1.6.5 (9d)
Version History

Simple calendar for Elementor Release Timeline

v1.6.7Current
v1.6.61 CVE
CVE-2026-1310
v1.6.52 CVEs
CVE-2026-1310 CVE-2025-47542
v1.6.43 CVEs
CVE-2025-46249 CVE-2026-1310 CVE-2025-47542
v1.6.33 CVEs
CVE-2025-46249 CVE-2026-1310 CVE-2025-47542
v1.6.23 CVEs
CVE-2025-46249 CVE-2026-1310 CVE-2025-47542
v1.6.13 CVEs
CVE-2025-46249 CVE-2026-1310 CVE-2025-47542
v1.6.03 CVEs
CVE-2025-46249 CVE-2026-1310 CVE-2025-47542
v1.5.13 CVEs
CVE-2025-46249 CVE-2026-1310 CVE-2025-47542
v1.5.03 CVEs
CVE-2025-46249 CVE-2026-1310 CVE-2025-47542
v1.4.03 CVEs
CVE-2025-46249 CVE-2026-1310 CVE-2025-47542
v1.3.03 CVEs
CVE-2025-46249 CVE-2026-1310 CVE-2025-47542
v1.23 CVEs
CVE-2025-46249 CVE-2026-1310 CVE-2025-47542
Code Analysis
Analyzed Mar 16, 2026

Simple calendar for Elementor Code Analysis

Dangerous Functions
0
Raw SQL Queries
22
16 prepared
Unescaped Output
84
110 escaped
Nonce Checks
12
Capability Checks
6
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

42% prepared38 total queries

Output Escaping

57% escaped194 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

8 flows4 with unsanitized paths
miga_ajax_editor_cal (trunk\widget\includes\backend_functions.php:39)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
10 unprotected

Simple calendar for Elementor Attack Surface

Entry Points12
Unprotected10

AJAX Handlers 10

authwp_ajax_miga_custom_post_filter_calmiga_simple_calendar.php:112
noprivwp_ajax_miga_custom_post_filter_calmiga_simple_calendar.php:113
authwp_ajax_miga_editor_calmiga_simple_calendar.php:114
authwp_ajax_miga_editor_cal_deletemiga_simple_calendar.php:115
authwp_ajax_miga_editor_cal_updatemiga_simple_calendar.php:116
authwp_ajax_miga_custom_post_filter_caltrunk\miga_simple_calendar.php:112
noprivwp_ajax_miga_custom_post_filter_caltrunk\miga_simple_calendar.php:113
authwp_ajax_miga_editor_caltrunk\miga_simple_calendar.php:114
authwp_ajax_miga_editor_cal_deletetrunk\miga_simple_calendar.php:115
authwp_ajax_miga_editor_cal_updatetrunk\miga_simple_calendar.php:116

Shortcodes 2

[simple-calendar-for-elementor] miga_simple_calendar.php:117
[simple-calendar-for-elementor] trunk\miga_simple_calendar.php:117
WordPress Hooks 10
actioninitmiga_simple_calendar.php:36
actionwp_enqueue_scriptsmiga_simple_calendar.php:143
actionadmin_enqueue_scriptsmiga_simple_calendar.php:227
actionadmin_menumiga_simple_calendar.php:228
actionadmin_initmiga_simple_calendar.php:229
actioninittrunk\miga_simple_calendar.php:36
actionwp_enqueue_scriptstrunk\miga_simple_calendar.php:143
actionadmin_enqueue_scriptstrunk\miga_simple_calendar.php:227
actionadmin_menutrunk\miga_simple_calendar.php:228
actionadmin_inittrunk\miga_simple_calendar.php:229
Maintenance & Trust

Simple calendar for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 22, 2026
PHP min version7.2
Downloads7K

Community Trust

Rating100/100
Number of ratings3
Active installs500
Alternatives

Simple calendar for Elementor Alternatives

WP Simple Booking Calendar

WP Simple Booking Calendar

wp-simple-booking-calendar

A
96

This booking calendar shows when something is booked or available. Use it to show when your holiday home is available for rent, for example.

10K 4 CVEs
WP Booking System – Booking Calendar

WP Booking System – Booking Calendar

wp-booking-system

A
89

The booking calendar plugin for WordPress. Get easy online booking with this lightweight and powerful booking calendar.

20K 7 CVEs
Pinpoint Booking System – Version 2

Pinpoint Booking System – Version 2

booking-system

C
60

Book anything, anytime, anywhere.

3K 1 unpatched
Booking System Trafft

Booking System Trafft

booking-system-trafft

A
98

Trafft is a next-level booking system offering limitless opportunities for scheduling appointments and managing your calendar & all of your bookings.

500 2 CVEs
Redforts Hotel Booking Engine

Redforts Hotel Booking Engine

oscar-hotel-booking-engine

A
100

This plugin integrates with Redforts Hotel Software, the all-in-one solution for hotels, hostels, apartments, villas, campings, and more.

300 No CVEs
Developer Profile

Simple calendar for Elementor Developer Profile

Michael

9 plugins · 10K total installs

92
trust score
Avg Security Score
97/100
Avg Patch Time
11 days
View full developer profile
Detection Fingerprints

How We Detect Simple calendar for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/simple-calendar-for-elementor/styles/main.css/wp-content/plugins/simple-calendar-for-elementor/scripts/main.js/wp-content/plugins/simple-calendar-for-elementor/widget/includes/backend_events.php/wp-content/plugins/simple-calendar-for-elementor/widget/includes/backend_status.php/wp-content/plugins/simple-calendar-for-elementor/widget/includes/backend_calendars.php/wp-content/plugins/simple-calendar-for-elementor/styles/edit
Script Paths
simple-calendar-for-elementor/scripts/main.js
Version Parameters
simple-calendar-for-elementor/scripts/main.js?ver=1.0.1

HTML / DOM Fingerprints

CSS Classes
miga_calendarmiga_calendar_boxloading_spinnermiga_calendar_backendnav-tab-wrappernav-tabnav-tab-active
Data Attributes
data-calendardata-yeardata-month
JS Globals
miga_calendar
Shortcode Output
[simple-calendar-for-elementor]
FAQ

Frequently Asked Questions about Simple calendar for Elementor