Does Termin-Kalender have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Termin-Kalender compatible with WordPress 7.0?

According to WordPress.org data, Termin-Kalender 1.2.8 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

Is Termin-Kalender compatible with PHP 8.0+?

Termin-Kalender requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Termin-Kalender updated?

Termin-Kalender was last updated on Apr 16, 2026. Frequent updates are generally a positive security signal.

What is Termin-Kalender's security score?

Termin-Kalender has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Termin-Kalender Security & Risk Analysis

wordpress.org/plugins/termin-kalender

Termin-Kalender: Appointments & Team Organization – without the chaos.

400 active installs v1.2.8 PHP 8.0+ WP 6.0+ Updated Apr 16, 2026

agendaappointmentcalendarplannerschedule

A · Safe

CVEs total1

Unpatched0

Last CVEDec 12, 2024

Plugin page Download

Safety Verdict

Is Termin-Kalender Safe to Use in 2026?

Generally Safe

Score 99/100

Termin-Kalender has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Dec 12, 2024Updated 1mo ago

Risk Assessment

The plugin "termin-kalender" v1.2.5.2 exhibits a mixed security posture. On the positive side, all identified entry points, including AJAX handlers, REST API routes, and shortcodes, have authorization checks in place. The taint analysis did not reveal any critical or high-severity issues with unsanitized paths. Furthermore, there are no unpatched vulnerabilities currently known, and the last reported vulnerability was of medium severity.

However, several significant concerns are present. The plugin uses SQL queries extensively (11 total) without employing prepared statements, which poses a high risk of SQL injection vulnerabilities. While the number of AJAX handlers and REST API routes is not excessively large, the fact that none of them are protected by nonce checks on the AJAX side (implied by 9 nonce checks for 10 handlers) is a notable weakness. Although external HTTP requests are limited, and file operations are absent, the lack of prepared statements for all SQL queries is the most critical area of concern, potentially outweighing the strengths in other areas.

Key Concerns

All SQL queries lack prepared statements
1 AJAX handler may lack nonce check
Medium severity vulnerability history

Vulnerabilities

1 published

Termin-Kalender Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-54354medium · 4.3Missing Authorization

Termin-Kalender <= 0.99.47 - Missing Authorization to Authenticated (Subscriber+)

Dec 12, 2024 Patched in 1.00.04 (8d)

Version History

Termin-Kalender Release Timeline

v1.2.8Current

v1.2.7

v1.2.6

v1.2.5.5

v1.2.5.4

v1.2.5.2

v1.2.5.1

v1.2.5

v1.2.4.4

v1.2.4.3

v1.2.4.2

v1.2.4.1

v1.2.4

v1.2.3.2

v1.2.3.1

v1.2.3

v1.2.2.9

v1.2.2.8

v1.2.2.7

v1.2.2.6

Code Analysis

Analyzed Mar 17, 2026

Termin-Kalender Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

238 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared11 total queries

Output Escaping

73% escaped328 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<class-termin-kalender-event-page-manager> (classes\class-termin-kalender-event-page-manager.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Termin-Kalender Attack Surface

Entry Points16

Unprotected0

AJAX Handlers 10

authwp_ajax_ter_kal_create_event_pageclasses\class-termin-kalender-event-page-manager.php:25

noprivwp_ajax_ter_kal_create_event_pageclasses\class-termin-kalender-event-page-manager.php:26

authwp_ajax_get_calendar_eventsclasses\class-termin-kalender-functions.php:9

authwp_ajax_save_calendar_eventclasses\class-termin-kalender-functions.php:10

authwp_ajax_delete_calendar_eventclasses\class-termin-kalender-functions.php:11

authwp_ajax_get_categoriesclasses\class-termin-kalender-functions.php:12

authwp_ajax_save_categoryclasses\class-termin-kalender-functions.php:13

authwp_ajax_delete_categoryclasses\class-termin-kalender-functions.php:14

authwp_ajax_tk_dismiss_rating_noticeincludes\plugin_rating_request.php:14

authwp_ajax_tk_rate_pluginincludes\plugin_rating_request.php:15

REST API Routes 2

POST/wp-json/termin-kalender-ai/v1/apply-categoriesincludes\admin_page_initial_setup_rest_api.php:12

POST/wp-json/termin-kalender-ai/v1/send-to-serviceincludes\admin_page_initial_setup_rest_api.php:30

Shortcodes 4

[termin-kalender-calendar] classes\class-termin-kalender-block-list.php:36

[my-termin-kalender] classes\class-termin-kalender-block-list.php:37

[termin-kalender-fullpage] classes\class-termin-kalender-block-list.php:38

[termin-kalender-simple-list] classes\class-termin-kalender-block-list.php:39

WordPress Hooks 27

actionadmin_menuclasses\class-termin-kalender-admin-page.php:7

actioninitclasses\class-termin-kalender-block-list.php:9

actionplugins_loadedclasses\class-termin-kalender-block-list.php:195

actionelementor/widgets/registerclasses\class-termin-kalender-block-list.php:197

actioninitclasses\class-termin-kalender-event-cpt.php:25

actioninitclasses\class-termin-kalender-event-cpt.php:26

actionwp_headclasses\class-termin-kalender-event-cpt.php:29

actionadmin_menuclasses\class-termin-kalender-event-cpt.php:70

actionwp_headclasses\class-termin-kalender-event-page-manager.php:29

filterthe_contentclasses\class-termin-kalender-event-page-manager.php:32

actionter_kal_cleanup_old_event_pagesclasses\class-termin-kalender-event-page-manager.php:34

actionadmin_menuincludes\admin_page_block_calendar.php:21

actionrest_api_initincludes\admin_page_initial_setup_rest_api.php:10

actionadmin_menuincludes\admin_tabs_lists.php:24

actionadmin_menuincludes\admin_tabs_settings.php:24

actionadmin_noticesincludes\first_run_cleanup_old_versions.php:419

actionadmin_noticesincludes\first_run_cleanup_old_versions.php:429

actionadmin_noticesincludes\first_run_legacy_check.php:8

actionadmin_noticesincludes\first_run_legacy_check.php:41

actionwp_enqueue_scriptsincludes\first_run_legacy_check.php:60

actionadmin_initincludes\plugin_rating_request.php:12

actionadmin_noticesincludes\plugin_rating_request.php:13

actioninittermin-kalender.php:45

actioninittermin-kalender.php:46

actionadmin_enqueue_scriptstermin-kalender.php:47

filterload_script_translation_filetermin-kalender.php:94

actionplugins_loadedtermin-kalender.php:274

Scheduled Events 1

ter_kal_cleanup_old_event_pages

Maintenance & Trust

Termin-Kalender Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedApr 16, 2026

PHP min version8.0

Downloads20K

Community Trust

Rating84/100

Number of ratings9

Active installs400

Alternatives

Termin-Kalender Alternatives

Easy!Appointments

easyappointments

Integrate the booking form of Easy!Appointments directly into your WordPress pages.

600 4 CVEs

Mormat Scheduler

mormat-scheduler

Add a Google-like scheduler to your WordPress site

0 No CVEs

Appointment Hour Booking – Booking Calendar

appointment-hour-booking

Appointment Hour Booking is a plugin for creating booking forms for appointments with a start time and a defined duration within a schedule.

10K 11 CVEs

MotoPress Appointment Booking

motopress-appointment-lite

100

MotoPress Appointment Booking makes it easy for time and service-based businesses to accept bookings and appointments online.

2K No CVEs

Timetics – Appointment Booking & Scheduling

timetics

Appointment booking and scheduling system with online booking calendar, payments, automated reminders, and calendar sync.

2K 10 CVEs

Developer Profile

Termin-Kalender Developer Profile

beat.k

1 plugin · 400 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect Termin-Kalender

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/termin-kalender/js/termin_kalender_namespace.js/wp-content/plugins/termin-kalender/js/gutenberg_block_simple_list.js/wp-content/plugins/termin-kalender/js/gutenberg_block_calendar.js/wp-content/plugins/termin-kalender/js/gutenberg_block_list_pro.js/wp-content/plugins/termin-kalender/js/gutenberg_block_reservation_pro.js/wp-content/plugins/termin-kalender/js/gutenberg_block_ical_block.js/wp-content/plugins/termin-kalender/js/gutenberg_block_todo_list.js/wp-content/plugins/termin-kalender/js/termin_kalender_admin.js+1 more

Script Paths

Version Parameters

termin-kalender/js/termin_kalender_namespace.js?ver=termin-kalender/js/gutenberg_block_simple_list.js?ver=termin-kalender/js/gutenberg_block_calendar.js?ver=termin-kalender/js/gutenberg_block_list_pro.js?ver=termin-kalender/js/gutenberg_block_reservation_pro.js?ver=termin-kalender/js/gutenberg_block_ical_block.js?ver=termin-kalender/js/gutenberg_block_todo_list.js?ver=termin-kalender/js/termin_kalender_admin.js?ver=termin-kalender/js/termin_kalender_public.js?ver=

HTML / DOM Fingerprints

CSS Classes

termin-kalender-calendar-container

HTML Comments

Data Attributes

data-termin-kalender

JS Globals

window.termin_kalender_data

REST Endpoints

/wp-json/termin-kalender/v1/get-events/wp-json/termin-kalender/v1/save-event

Shortcode Output

[termin-kalender-calendar][my-termin-kalender][termin-kalender-simple-list][termin-kalender-pro-list]

FAQ