Up till now, I've loved this component. Have used it on our entertainment news website for our city, and one of the big advantages was allowing users to be able to add events to the calendar for approval.
Previously, users could upload their images by simply uploading a file via a Submit button. However, when we recently upgraded to the new version of this component, it defaults to a WYSIWYG editor.
And, the problem arises.
It came to our attention from one of our members that when they tried to upload their picture, they are actually using the same editor that we use on the backend, and they are able to directly access ALL of our website's image files with full editing capabilities.
All it would take is for one idiot to access our Media manager via this Calender and delete every single one of our images!
I've written to the developer's forum with no response, as of yet. However, based on comments from other users with this same dilemma, the developer states clearly they do not have any plans whatsoever to address this issue. And, all I can say is, "WHAT???"
To me, this is a HUGE security issue! Sure, we can remove the ability for users to Add Events to the calendar, but that completely defeats the purpose of why we liked this calendar till now.
Again, I used to love this component, but this security issue (and the apparent lack of concern from the developer) has led me to start looking for another option. I hope something gets done about this from the developer's side, because I can't believe they'd leave this issue unresolved.