Does WP Calameo have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Calameo have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Calameo compatible with WordPress 6.4.8?

According to WordPress.org data, WP Calameo 2.1.8 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

How often is WP Calameo updated?

WP Calameo was last updated on Mar 7, 2024. Frequent updates are generally a positive security signal.

What is WP Calameo's security score?

WP Calameo has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Calameo Security & Risk Analysis

wordpress.org/plugins/wp-calameo

This plugin allows to embed Calaméo publications in blog posts. Copy the WordPress embed code and paste it into your post.

3K active installs v2.1.8 PHP + WP 2.1+ Updated Mar 7, 2024

calameodocumentembedpublicationwidget

A · Safe

CVEs total1

Unpatched0

Last CVEMar 15, 2024

Download

Safety Verdict

Is WP Calameo Safe to Use in 2026?

Generally Safe

Score 85/100

WP Calameo has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 15, 2024Updated 2yr ago

Risk Assessment

The static analysis of wp-calameo v2.1.8 reveals a generally strong security posture with good coding practices. All identified SQL queries use prepared statements, and all output is properly escaped, indicating a proactive approach to preventing common web vulnerabilities. The limited attack surface, consisting of a single shortcode and no unprotected entry points, is also a positive sign. There are no identified dangerous functions, file operations, external HTTP requests, or bundled libraries that could pose a risk. The taint analysis showing zero flows with unsanitized paths further reinforces this positive assessment.

Key Concerns

Medium severity CVE in vulnerability history
Vulnerability history indicates XSS as a common type
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

WP Calameo Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-29098medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Calameo <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 15, 2024 Patched in 2.1.8 (6d)

Code Analysis

Analyzed Mar 16, 2026

WP Calameo Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped11 total outputs

Attack Surface

WP Calameo Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[calameo] wp-calameo.php:29

WordPress Hooks 1

actionplugins_loadedwp-calameo.php:222

Maintenance & Trust

WP Calameo Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedMar 7, 2024

PHP min version

Downloads76K

Community Trust

Rating40/100

Number of ratings4

Active installs3K

Alternatives

WP Calameo Alternatives

Manage Calameo Publications by Athlon

athlon-manage-calameo-publications

This plugin allows managing Calameo account(s) through WordPress.

10 1 CVE

YouScribe

youscribe

This plugin allows to embed YouScribe publications in blog posts using Open Embed.

10 No CVEs

PDF Embedder

pdf-embedder

100

Seamlessly embed PDFs into your content, with customizations and intelligent responsive resizing, and no third-party services or iframes.

300K 1 CVE

Spotlight Social Feeds – Block, Shortcode, and Widget

spotlight-social-photo-feeds

Instagram feeds made easy. Responsive, customizable, accessible, and SEO-friendly out of the box. Includes Instagram blocks & oEmbed support.

60K 3 CVEs

Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files

embed-any-document

Embed PDF, DOC, PPT and XLS documents easily on your WordPress website with the help of Google Docs Viewer or Microsoft Office Online.

50K 4 CVEs

Developer Profile

WP Calameo Developer Profile

calameo

1 plugin · 3K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

6 days

View full developer profile

Detection Fingerprints

How We Detect WP Calameo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes

calameoallowminiskinauthidapikeyclicktoclicktarget+23 more

Shortcode Output

<div style="text-align: center; width:<a href="http://calameo.com/books/<iframe src="//v.calameo.com/?bkcode=

<a rel="nofollow" href="http://calameo.com/upload">Publish</a> at <a href="http://calameo.com">Calaméo</a> or <a href="http://calameo.com/browse/weekly/?o=7&w=DESC">browse</a> the library.

FAQ