Does VentoCalendar have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is VentoCalendar compatible with WordPress 6.9.4?

According to WordPress.org data, VentoCalendar 1.1.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is VentoCalendar compatible with PHP 7.4+?

VentoCalendar requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is VentoCalendar updated?

VentoCalendar was last updated on Feb 8, 2026. Frequent updates are generally a positive security signal.

What is VentoCalendar's security score?

VentoCalendar has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

VentoCalendar Security & Risk Analysis

wordpress.org/plugins/ventocalendar

A lightweight and intuitive events calendar plugin for WordPress.

20 active installs v1.1.4 PHP 7.4+ WP 5.0+ Updated Feb 8, 2026

calendarevent-calendareventsgutenbergschedule

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is VentoCalendar Safe to Use in 2026?

Generally Safe

Score 100/100

VentoCalendar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The Ventocalendar plugin v1.1.4 exhibits a generally strong security posture based on the provided static analysis. It demonstrates excellent practices with 100% proper output escaping and 100% of SQL queries utilizing prepared statements. The absence of dangerous functions, file operations, and external HTTP requests further contributes to its security. The presence of nonce and capability checks on most entry points is also a positive indicator.

However, a significant concern arises from the analysis of the REST API. One REST API route is identified as lacking permission callbacks, presenting a potential attack vector for unauthorized access or manipulation. While the taint analysis shows no unsanitized paths and the vulnerability history is clean, this single unprotected REST API endpoint is a notable weakness that could be exploited if it handles sensitive data or performs critical actions. The plugin's strength lies in its diligent coding practices, but this one unauthenticated entry point represents a clear, albeit isolated, risk.

In conclusion, Ventocalendar v1.1.4 is built with good security principles in mind, with robust escaping and prepared statements. The lack of a vulnerability history is a positive sign of past security maturity. The primary weakness is the single unprotected REST API route, which, despite the otherwise clean analysis, warrants attention and mitigation.

Key Concerns

Unprotected REST API route

Vulnerabilities

None known

VentoCalendar Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

VentoCalendar Release Timeline

v1.1.4Current

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Apr 16, 2026

VentoCalendar Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

281 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped281 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<class-ventocalendar-cpt-event> (includes/cpt/class-ventocalendar-cpt-event.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

VentoCalendar Attack Surface

Entry Points6

Unprotected1

REST API Routes 1

GET/wp-json/ventocalendar/v1/eventsincludes/class-ventocalendar-rest-api.php:37

Shortcodes 5

[ventocalendar-start-date] includes/class-ventocalendar-shortcodes.php:32

[ventocalendar-end-date] includes/class-ventocalendar-shortcodes.php:33

[ventocalendar-start-time] includes/class-ventocalendar-shortcodes.php:34

[ventocalendar-end-time] includes/class-ventocalendar-shortcodes.php:35

[ventocalendar-calendar] includes/class-ventocalendar-shortcodes.php:36

WordPress Hooks 22

actionplugins_loadedincludes/class-ventocalendar.php:160

actionadmin_enqueue_scriptsincludes/class-ventocalendar.php:174

actionadmin_enqueue_scriptsincludes/class-ventocalendar.php:175

actionadmin_menuincludes/class-ventocalendar.php:176

actionadmin_menuincludes/class-ventocalendar.php:177

actionadmin_initincludes/class-ventocalendar.php:178

actionwp_enqueue_scriptsincludes/class-ventocalendar.php:192

actionwp_enqueue_scriptsincludes/class-ventocalendar.php:193

filterthe_contentincludes/class-ventocalendar.php:194

actioninitincludes/class-ventocalendar.php:260

actioninitincludes/class-ventocalendar.php:271

actioninitincludes/class-ventocalendar.php:274

actionrest_api_initincludes/class-ventocalendar.php:285

actioninitincludes/cpt/class-ventocalendar-cpt-event.php:54

actioninitincludes/cpt/class-ventocalendar-cpt-event.php:55

actionadd_meta_boxesincludes/cpt/class-ventocalendar-cpt-event.php:56

actionsave_postincludes/cpt/class-ventocalendar-cpt-event.php:57

filtermanage_ventocalendar_event_posts_columnsincludes/cpt/class-ventocalendar-cpt-event.php:58

actionmanage_ventocalendar_event_posts_custom_columnincludes/cpt/class-ventocalendar-cpt-event.php:59

filtermanage_edit-ventocalendar_event_sortable_columnsincludes/cpt/class-ventocalendar-cpt-event.php:60

actionpre_get_postsincludes/cpt/class-ventocalendar-cpt-event.php:61

actionadmin_noticesincludes/cpt/class-ventocalendar-cpt-event.php:514

Maintenance & Trust

VentoCalendar Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 8, 2026

PHP min version7.4

Downloads486

Community Trust

Rating100/100

Number of ratings2

Active installs20

Alternatives

VentoCalendar Alternatives

Events Calendar by AddEvent – Embeddable Event Calendar Plugin

addevent

100

Easily embed your events calendar on your WordPress site with AddEvent's embeddable calendar plugin.

100 No CVEs

Fair Timetable

fair-timetable

100

A Gutenberg block system for creating beautiful, responsive event timetables.

10 No CVEs

3task Calendar

3task-calendar

100

Professional WordPress Event Calendar with beautiful themes, event categories, and modern design. Create and display events easily.

0 No CVEs

The Events Calendar

the-events-calendar

The Events Calendar: #1 calendar plugin for WordPress. Create/manage events (virtual too!) on your site with the free plugin.

700K 25 CVEs

Timetable and Event Schedule by MotoPress

mp-timetable

Smart event organizer and time-management tool with a clean minimalist design for featuring your timetables and upcoming events.

30K 8 CVEs

Developer Profile

VentoCalendar Developer Profile

Alberto Gato Otero

1 plugin · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect VentoCalendar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ventocalendar/public/css/ventocalendar-public.css/wp-content/plugins/ventocalendar/public/js/ventocalendar-public.js

Script Paths

/wp-content/plugins/ventocalendar/public/js/ventocalendar-public.js

Version Parameters

ventocalendar/public/css/ventocalendar-public.css?ver=ventocalendar/public/js/ventocalendar-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

ventocalendar-event-titleventocalendar-event-dateventocalendar-event-timeventocalendar-event-locationventocalendar-event-description

Data Attributes

data-ventocalendar-event-iddata-ventocalendar-start-datedata-ventocalendar-end-datedata-ventocalendar-titledata-ventocalendar-time

JS Globals

ventocalendar_public_params

REST Endpoints

/wp-json/ventocalendar/v1/events

Shortcode Output

[ventocalendar]

FAQ