Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash.
Simple Online Planning Tool version 1.32 suffers from code execution, cross site scripting, remote SQL injection, information disclosure, and path traversal vulnerabilities.