All-in-One Events Calendar Vulnerabilities
The All-in-One Events Calendar WordPress plugin has 3 known security vulnerabilities, including 1 critical. The most recent was disclosed on May 4, 2019. Check whether your site runs an affected version below.
View All-in-One Events Calendar on WordPress.orgSummary
Latest vulnerability disclosed on May 4, 2019.
Recommendation
WPSentry recommends extreme caution
Only run All-in-One Events Calendar if it is updated to the latest patched release. This plugin has a history of 1 critical, potentially exploitable vulnerability. If you already use it, update immediately — or consider a safer alternative.
Is your site affected?
Run a free external scan to detect All-in-One Events Calendar and 35+ other WordPress security checks — no login or plugin required.
Known All-in-One Events Calendar vulnerabilities
- medium
Timely All-in-One Events Calendar <= 2.5.38 - Cross-Site Scripting
Affected versions: <=2.5.38Disclosed May 4, 2019 - high
Timely All-in-One Events Calendar < 1.10 - Cross-Site Scripting
Affected versions: <1.10Disclosed November 14, 2013 - critical
All-in-One Events Calendar < 1.10 - SQL Injection
Affected versions: <1.10Disclosed March 7, 2013
How to stay protected
Update promptly
Keep All-in-One Events Calendar on its latest release — most vulnerabilities are fixed in newer versions.
Scan regularly
Run an external scan after every update to catch outdated or vulnerable software early.
Monitor continuously
Enable monitoring to get alerted the moment a new issue affects your stack.