WP-Safety

Super Advent Calendar Security & Risk Analysis

wordpress.org/plugins/super-advent-calendar

Add a super flexible advent calendar to your website for festive giveaways or counting down the holidays.

400 active installs v1.20.2 PHP 7.4+ WP 6.6+ Updated Dec 3, 2025
adventadvent-calendarcalendarchristmasholidays
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Super Advent Calendar Safe to Use in 2026?

Generally Safe

Score 100/100

Super Advent Calendar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The 'super-advent-calendar' plugin v1.20.2 exhibits a generally strong security posture based on the provided static analysis. All identified SQL queries utilize prepared statements, and output is consistently and properly escaped, mitigating common injection and Cross-Site Scripting (XSS) vulnerabilities. The absence of dangerous functions, file operations, and external HTTP requests further reduces the attack surface. Crucially, the plugin has no recorded vulnerability history (CVEs), indicating a commitment to secure development or a lack of past exploitable issues.

However, there are areas that warrant attention. The plugin lacks capability checks on its entry points, meaning any authenticated user, regardless of their role, could potentially interact with the shortcodes. While the attack surface is small and there are no AJAX handlers or REST API routes without checks, the absence of capability checks on shortcodes is a notable oversight. Furthermore, the use of a bundled Freemius library, if not kept up-to-date with its own security patches, could introduce risks, though no specific version vulnerabilities were flagged in this analysis. The zero taint analysis flows are positive, but this often relies on comprehensive taint analysis coverage which may not always be absolute.

Key Concerns

  • Shortcodes lack capability checks
  • Bundled Freemius library (potential risk if outdated)
Vulnerabilities
None known

Super Advent Calendar Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Super Advent Calendar Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
24 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

Output Escaping

100% escaped24 total outputs
Attack Surface

Super Advent Calendar Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[super-advent-calendar] src\Controllers\ShortcodeController.php:56
[super-advent-calendar-link] src\Controllers\ShortcodeController.php:57
WordPress Hooks 7
actionrest_api_initsrc\Controllers\ApiController.php:60
actioninitsrc\Controllers\ShortcodeController.php:44
filterscript_loader_tagsrc\Controllers\ShortcodeController.php:75
filterconnect_message_on_updatesrc\Providers\AppServiceProvider.php:49
filterconnect_messagesrc\Providers\AppServiceProvider.php:50
actionafter_uninstallsrc\Services\LifeCycleService.php:48
actioninitsrc\Services\ResourceService.php:29
Maintenance & Trust

Super Advent Calendar Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 3, 2025
PHP min version7.4
Downloads9K

Community Trust

Rating100/100
Number of ratings5
Active installs400
Alternatives

Super Advent Calendar Alternatives

Advent Calendar

Advent Calendar

advent-calender

A
85

A simple calendar plugin to show a list of 24 days before christmas. Each day can be viewed automatically on the current date after it got published.

100 No CVEs
Adventi – Lead Generator Advent Calendar

Adventi – Lead Generator Advent Calendar

adventi

A
100

A beautiful and engaging 12-day Advent Calendar to increase engagement, generate leads, and share holiday gifts with your users.

0 No CVEs
WP Responsive Holiday/Events Calendar

WP Responsive Holiday/Events Calendar

wp-responsive-holiday-events-calendar

A
85

Beautiful way to show your upcoming Holiday and Events in WordPress.

100 No CVEs
Christmas Calendar by CMobile

Christmas Calendar by CMobile

cmobile-christmas-calendar

A
85

CMobile Christmas Calendar is an innovative idea to market your website or blog

10 No CVEs
Simply Snow

Simply Snow

simply-snow

A
85

A WordPress plugin that, when activated, will add a snowing effect on your site.

10 No CVEs
Developer Profile

Super Advent Calendar Developer Profile

Verdant Studio

4 plugins · 630 total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Super Advent Calendar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/super-advent-calendar/build/index.js/wp-content/plugins/super-advent-calendar/build/index.css
Script Paths
/wp-content/plugins/super-advent-calendar/build/index.js
Version Parameters
super-advent-calendar/build/index.js?ver=super-advent-calendar/build/index.css?ver=

HTML / DOM Fingerprints

CSS Classes
wp-block-super-advent-calendar-advent-calendarwp-block-super-advent-calendar-advent-calendar-daysac-calendar-containersac-day-opensac-day-locked
Data Attributes
data-sac-post-iddata-sac-block-iddata-sac-schedule-startdata-sac-schedule-enddata-sac-tooltip-text
JS Globals
window.SuperAdventCalendar
REST Endpoints
/wp-json/superac/v1/block-attributes/
Shortcode Output
[super_advent_calendar
FAQ

Frequently Asked Questions about Super Advent Calendar