WP-Safety

Gravity Forms Booking – Appointment Booking & Scheduling Addon for Gravity Forms Security & Risk Analysis

wordpress.org/plugins/appointment-and-booking-for-gravity-forms

Gravity Forms Booking is a Gravity Forms-powered appointment booking & scheduling plugin. It turns Gravity Forms into a complete appointment booki …

0 active installs v1.3 PHP 7.2+ WP 6.7+ Updated Mar 13, 2026
appointmentsbookinggravitygravity-formsscheduling
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Gravity Forms Booking – Appointment Booking & Scheduling Addon for Gravity Forms Safe to Use in 2026?

Generally Safe

Score 100/100

Gravity Forms Booking – Appointment Booking & Scheduling Addon for Gravity Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 21d ago
Risk Assessment

The plugin "appointment-and-booking-for-gravity-forms" v1.3 exhibits a generally strong security posture, particularly in its handling of entry points and SQL queries. The absence of any known vulnerabilities (CVEs) and a robust implementation of prepared statements for SQL queries are significant strengths. Furthermore, the presence of nonce and capability checks on a substantial portion of its AJAX handlers indicates a conscious effort to implement basic security measures. However, the analysis does reveal potential areas for improvement. The presence of two instances of the dangerous `unserialize` function warrants careful scrutiny, as it can lead to arbitrary code execution if not handled with extreme caution, especially when dealing with user-supplied data. While the taint analysis did not reveal critical or high-severity issues, the four flows with unsanitized paths suggest that there are still opportunities for data to enter the system without sufficient validation, which could be a precursor to vulnerabilities if combined with other factors. The relatively high percentage of improperly escaped output (21%) also presents a moderate risk of Cross-Site Scripting (XSS) vulnerabilities, particularly if critical data is involved in these outputs.

Key Concerns

  • Dangerous function used (unserialize)
  • Flows with unsanitized paths detected
  • Significant percentage of unescaped output
Vulnerabilities
None known

Gravity Forms Booking – Appointment Booking & Scheduling Addon for Gravity Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Gravity Forms Booking – Appointment Booking & Scheduling Addon for Gravity Forms Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
249
934 escaped
Nonce Checks
42
Capability Checks
18
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$value = unserialize($value);includes\gravity-form\apbgf-fields\class-apbgf-appointment-calendar-field.php:454
unserialize$value = unserialize($value);includes\helper\apbgf-functions.php:14

Bundled Libraries

Select2

Output Escaping

79% escaped1183 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

9 flows4 with unsanitized paths
apbgf_show_appointment_data (includes\classes\class-apbgf-appointment.php:306)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Gravity Forms Booking – Appointment Booking & Scheduling Addon for Gravity Forms Attack Surface

Entry Points44
Unprotected0

AJAX Handlers 42

authwp_ajax_apbgf_delete_appointmentincludes\classes\class-apbgf-appointment.php:79
authwp_ajax_apbgf_change_appointment_statusincludes\classes\class-apbgf-appointment.php:80
authwp_ajax_apbgf_show_appointment_dataincludes\classes\class-apbgf-appointment.php:82
authwp_ajax_apbgf_create_booking_adminincludes\classes\class-apbgf-appointment.php:84
authwp_ajax_apbgf_month_changerincludes\classes\class-apbgf-calendar.php:31
noprivwp_ajax_apbgf_month_changerincludes\classes\class-apbgf-calendar.php:32
authwp_ajax_apbgf_show_slots_by_dateincludes\classes\class-apbgf-calendar.php:34
noprivwp_ajax_apbgf_show_slots_by_dateincludes\classes\class-apbgf-calendar.php:35
authwp_ajax_apbgf_check_booked_slots_per_dayincludes\classes\class-apbgf-calendar.php:37
noprivwp_ajax_apbgf_check_booked_slots_per_dayincludes\classes\class-apbgf-calendar.php:38
authwp_ajax_apbgf_add_customerincludes\classes\class-apbgf-customer.php:39
authwp_ajax_apbgf_edit_customerincludes\classes\class-apbgf-customer.php:40
authwp_ajax_apbgf_show_customer_dataincludes\classes\class-apbgf-customer.php:41
authwp_ajax_apbgf_cancel_appointment_by_customerincludes\classes\class-apbgf-customer.php:42
authwp_ajax_apbgf_email_template_settingsincludes\classes\class-apbgf-email.php:266
authwp_ajax_apbgf_add_locationincludes\classes\class-apbgf-location.php:24
authwp_ajax_apbgf_edit_locationincludes\classes\class-apbgf-location.php:25
authwp_ajax_apbgf_delete_locationincludes\classes\class-apbgf-location.php:26
authwp_ajax_apbgf_show_location_dataincludes\classes\class-apbgf-location.php:27
authwp_ajax_apbgf_report_for_appointment_statusincludes\classes\class-apbgf-report.php:31
authwp_ajax_apbgf_report_for_staff_earningincludes\classes\class-apbgf-report.php:33
authwp_ajax_apbgf_report_for_staff_appointmentincludes\classes\class-apbgf-report.php:35
authwp_ajax_apbgf_report_for_service_earningincludes\classes\class-apbgf-report.php:37
authwp_ajax_apbgf_add_serviceincludes\classes\class-apbgf-service.php:43
authwp_ajax_apbgf_edit_serviceincludes\classes\class-apbgf-service.php:44
authwp_ajax_apbgf_delete_serviceincludes\classes\class-apbgf-service.php:45
authwp_ajax_apbgf_show_service_dataincludes\classes\class-apbgf-service.php:46
authwp_ajax_apbgf_get_service_category_by_locationincludes\classes\class-apbgf-service.php:112
noprivwp_ajax_apbgf_get_service_category_by_locationincludes\classes\class-apbgf-service.php:113
authwp_ajax_apbgf_get_service_by_service_categoryincludes\classes\class-apbgf-service.php:115
noprivwp_ajax_apbgf_get_service_by_service_categoryincludes\classes\class-apbgf-service.php:116
authwp_ajax_apbgf_general_settingsincludes\classes\class-apbgf-setting.php:35
authwp_ajax_apbgf_edit_staffincludes\classes\class-apbgf-staff.php:40
authwp_ajax_apbgf_show_staff_dataincludes\classes\class-apbgf-staff.php:41
authwp_ajax_apbgf_add_staff_servicesincludes\classes\class-apbgf-staff.php:42
authwp_ajax_apbgf_add_staff_timingsincludes\classes\class-apbgf-staff.php:43
authwp_ajax_apbgf_get_staff_by_service_and_locationincludes\classes\class-apbgf-staff.php:74
noprivwp_ajax_apbgf_get_staff_by_service_and_locationincludes\classes\class-apbgf-staff.php:75
authwp_ajax_apbgf_open_admin_booking_formincludes\classes\class-apbgf-staff.php:79
authwp_ajax_apbgf_wizard_save_stepincludes\classes\class-apbgf-wizard.php:19
authwp_ajax_apbgf_wizard_completeincludes\classes\class-apbgf-wizard.php:20
authwp_ajax_apbgf_wizard_skip_setupincludes\classes\class-apbgf-wizard.php:21

Shortcodes 2

[apbgf_customer_appointments] includes\classes\class-apbgf-customer.php:278
[apbgf_customer_appointment] includes\classes\class-apbgf-customer.php:279
WordPress Hooks 100
actioninitgravity-form-booking-main.php:115
actioninitgravity-form-booking-main.php:116
actioninitgravity-form-booking-main.php:117
actionadmin_noticesgravity-form-booking-main.php:121
actionapbgf_plugin_cron_hook_for_emailgravity-form-booking-main.php:140
actionadmin_menuincludes\classes\class-apbgf-admin.php:17
actionadmin_enqueue_scriptsincludes\classes\class-apbgf-admin.php:18
actionadmin_initincludes\classes\class-apbgf-admin.php:19
actioninitincludes\classes\class-apbgf-appointment.php:28
filtermanage_apbgf-appointment_posts_columnsincludes\classes\class-apbgf-appointment.php:29
actionmanage_apbgf-appointment_posts_custom_columnincludes\classes\class-apbgf-appointment.php:30
filtergform_custom_merge_tagsincludes\classes\class-apbgf-appointment.php:31
filtergform_replace_merge_tagsincludes\classes\class-apbgf-appointment.php:32
actionadmin_footerincludes\classes\class-apbgf-appointment.php:38
filterpost_row_actionsincludes\classes\class-apbgf-appointment.php:40
filtermonths_dropdown_resultsincludes\classes\class-apbgf-appointment.php:42
filterbulk_actions-edit-apbgf-appointmentincludes\classes\class-apbgf-appointment.php:44
actionrestrict_manage_postsincludes\classes\class-apbgf-appointment.php:47
actionpre_get_postsincludes\classes\class-apbgf-appointment.php:50
actionviews_edit-apbgf-appointmentincludes\classes\class-apbgf-appointment.php:52
actiongform_after_submissionincludes\classes\class-apbgf-appointment.php:68
filtergform_confirmationincludes\classes\class-apbgf-appointment.php:70
filtergform_product_infoincludes\classes\class-apbgf-appointment.php:72
filtergform_pre_renderincludes\classes\class-apbgf-appointment.php:74
actiongform_post_payment_statusincludes\classes\class-apbgf-appointment.php:77
filtertemplate_redirectincludes\classes\class-apbgf-appointment.php:86
actionapbgf_after_menu_registerincludes\classes\class-apbgf-calendar.php:27
actionadmin_enqueue_scriptsincludes\classes\class-apbgf-calendar.php:29
actionadmin_footerincludes\classes\class-apbgf-calendar.php:40
actioninitincludes\classes\class-apbgf-customer.php:33
filtermanage_apbgf-customer_posts_columnsincludes\classes\class-apbgf-customer.php:34
actionmanage_apbgf-customer_posts_custom_columnincludes\classes\class-apbgf-customer.php:35
actiondeleted_userincludes\classes\class-apbgf-customer.php:37
actionwp_enqueue_scriptsincludes\classes\class-apbgf-customer.php:44
actioninitincludes\classes\class-apbgf-customer.php:46
actionadmin_footerincludes\classes\class-apbgf-customer.php:50
filterpost_row_actionsincludes\classes\class-apbgf-customer.php:52
actionmanage_posts_extra_tablenavincludes\classes\class-apbgf-customer.php:54
filtermonths_dropdown_resultsincludes\classes\class-apbgf-customer.php:56
filterbulk_actions-edit-apbgf-customerincludes\classes\class-apbgf-customer.php:58
actionrestrict_manage_postsincludes\classes\class-apbgf-customer.php:61
actionviews_edit-apbgf-customerincludes\classes\class-apbgf-customer.php:63
actionpre_get_postsincludes\classes\class-apbgf-customer.php:74
filtershow_admin_barincludes\classes\class-apbgf-customer.php:78
actionapbgf_before_settings_menuincludes\classes\class-apbgf-email.php:256
actioninitincludes\classes\class-apbgf-location.php:17
filtermanage_apbgf-location_posts_columnsincludes\classes\class-apbgf-location.php:19
actionmanage_apbgf-location_posts_custom_columnincludes\classes\class-apbgf-location.php:20
actionadmin_footerincludes\classes\class-apbgf-location.php:21
actionmanage_posts_extra_tablenavincludes\classes\class-apbgf-location.php:22
actionapbgf_after_menu_registerincludes\classes\class-apbgf-report.php:29
actioninitincludes\classes\class-apbgf-service.php:35
actioninitincludes\classes\class-apbgf-service.php:37
filtermanage_apbgf-service_posts_columnsincludes\classes\class-apbgf-service.php:39
actionmanage_apbgf-service_posts_custom_columnincludes\classes\class-apbgf-service.php:40
actionapbgf_after_menu_registerincludes\classes\class-apbgf-service.php:41
actionparent_fileincludes\classes\class-apbgf-service.php:48
actionadmin_footerincludes\classes\class-apbgf-service.php:52
filterpost_row_actionsincludes\classes\class-apbgf-service.php:54
actionmanage_posts_extra_tablenavincludes\classes\class-apbgf-service.php:56
filtermonths_dropdown_resultsincludes\classes\class-apbgf-service.php:58
filterbulk_actions-edit-apbgf-serviceincludes\classes\class-apbgf-service.php:60
actionrestrict_manage_postsincludes\classes\class-apbgf-service.php:63
actionviews_edit-apbgf-serviceincludes\classes\class-apbgf-service.php:65
actionpre_get_postsincludes\classes\class-apbgf-service.php:76
filterapbgf-service-category_row_actionsincludes\classes\class-apbgf-service.php:79
filtermanage_edit-apbgf-service-category_columnsincludes\classes\class-apbgf-service.php:85
actionadmin_enqueue_scriptsincludes\classes\class-apbgf-service.php:92
actionapbgf_after_menu_registerincludes\classes\class-apbgf-setting.php:33
actioninitincludes\classes\class-apbgf-staff.php:31
actioninitincludes\classes\class-apbgf-staff.php:36
filtermanage_apbgf-staff_posts_columnsincludes\classes\class-apbgf-staff.php:37
actionmanage_apbgf-staff_posts_custom_columnincludes\classes\class-apbgf-staff.php:38
actiondeleted_userincludes\classes\class-apbgf-staff.php:46
actionadmin_footerincludes\classes\class-apbgf-staff.php:50
filterpost_row_actionsincludes\classes\class-apbgf-staff.php:52
actionmanage_posts_extra_tablenavincludes\classes\class-apbgf-staff.php:54
filtermonths_dropdown_resultsincludes\classes\class-apbgf-staff.php:56
filterbulk_actions-edit-apbgf-staffincludes\classes\class-apbgf-staff.php:58
actionviews_edit-apbgf-staffincludes\classes\class-apbgf-staff.php:60
actionpre_get_postsincludes\classes\class-apbgf-staff.php:71
actionadmin_menuincludes\classes\class-apbgf-staff.php:77
actionadmin_menuincludes\classes\class-apbgf-wizard.php:17
actionadmin_enqueue_scriptsincludes\classes\class-apbgf-wizard.php:18
filterwcgf_gform_field_valueincludes\compatibility\woocommerce-gravity-form-addon.php:28
filterwoocommerce_gforms_get_item_dataincludes\compatibility\woocommerce-gravity-form-addon.php:30
actionwoocommerce_gravityforms_entry_createdincludes\compatibility\woocommerce-gravity-form-addon.php:32
filterwoocommerce_gforms_strip_meta_htmlincludes\compatibility\woocommerce-gravity-form-addon.php:34
filterwoocommerce_gforms_get_cart_item_totalincludes\compatibility\woocommerce-gravity-form-addon.php:36
filtergform_form_settings_menuincludes\gravity-form\class-apbgf-form-setting.php:24
actiongform_form_settings_page_apbgf_settings_pageincludes\gravity-form\class-apbgf-form-setting.php:26
actionadmin_initincludes\gravity-form\class-apbgf-form-setting.php:28
actiongform_field_standard_settingsincludes\gravity-form\class-apbgf-form-setting.php:30
actionadmin_enqueue_scriptsincludes\gravity-form\class-apbgf-form-setting.php:32
filtergform_get_field_valueincludes\helper\apbgf-functions.php:10
filterapbgf_staff_time_slotincludes\helper\apbgf-functions.php:309
actionwp_loadedincludes\helper\apbgf-functions.php:334
filterapbgf_show_default_capacityincludes\helper\apbgf-functions.php:340
filterapbgf_show_slot_listincludes\helper\apbgf-functions.php:345
filterapbgf_show_default_capacityincludes\helper\apbgf-functions.php:349

Scheduled Events 1

apbgf_plugin_cron_hook_for_email
Maintenance & Trust

Gravity Forms Booking – Appointment Booking & Scheduling Addon for Gravity Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 13, 2026
PHP min version7.2
Downloads296

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Gravity Forms Booking – Appointment Booking & Scheduling Addon for Gravity Forms Alternatives

LatePoint – Calendar Booking Plugin for Appointments and Events

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

F
20

Optimize your appointment scheduling with our plugin. Sync calendars, automate reminders, and keep your bookings organized.

100K 2 unpatched
Booking for Appointments and Events Calendar – Amelia

Booking for Appointments and Events Calendar – Amelia

ameliabooking

A
88

Amelia is a powerful booking plugin for appointments and events. Manage scheduling, calendars, and availability with an all-in-one booking system.

90K 23 CVEs
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

simply-schedule-appointments

A
88

Unlimited appointments, booking calendars, and notifications. Powerful appointment booking plugin and booking system. Start scheduling for free today!

60K 21 CVEs
SimplyBook.me – Booking and reservations calendar

SimplyBook.me – Booking and reservations calendar

simplybook

A
100

Simply add a booking calendar to your site to schedule bookings, reservations, appointments and to collect payments.

20K No CVEs
Bookings for WooCommerce – Create Booking Calendar, Start Scheduling, Manage Bookings And Appointments

Bookings for WooCommerce – Create Booking Calendar, Start Scheduling, Manage Bookings And Appointments

mwb-bookings-for-woocommerce

A
100

This WordPress Booking Plugin lets you manage full-day bookings, service appointments, Accept/reject bookings, show booking availability & much more.

4K No CVEs
Developer Profile

Gravity Forms Booking – Appointment Booking & Scheduling Addon for Gravity Forms Developer Profile

Saad Iqbal

84 plugins · 1.4M total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
287 days
View full developer profile
Detection Fingerprints

How We Detect Gravity Forms Booking – Appointment Booking & Scheduling Addon for Gravity Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/appointment-and-booking-for-gravity-forms/assets/css/apbgf-global.css/wp-content/plugins/appointment-and-booking-for-gravity-forms/assets/css/apbgf-admin-style.css/wp-content/plugins/appointment-and-booking-for-gravity-forms/assets/css/apbgf-frontend-style.css/wp-content/plugins/appointment-and-booking-for-gravity-forms/assets/css/apbgf-responsive.css/wp-content/plugins/appointment-and-booking-for-gravity-forms/assets/css/apbgf-table-style.css/wp-content/plugins/appointment-and-booking-for-gravity-forms/assets/js/apbgf-frontend-script.js/wp-content/plugins/appointment-and-booking-for-gravity-forms/assets/js/apbgf-calendar-script.js/wp-content/plugins/appointment-and-booking-for-gravity-forms/assets/js/apbgf-admin-script.js
Version Parameters
appointment-and-booking-for-gravity-forms/assets/css/apbgf-global.css?ver=appointment-and-booking-for-gravity-forms/assets/css/apbgf-admin-style.css?ver=appointment-and-booking-for-gravity-forms/assets/css/apbgf-frontend-style.css?ver=appointment-and-booking-for-gravity-forms/assets/css/apbgf-responsive.css?ver=appointment-and-booking-for-gravity-forms/assets/css/apbgf-table-style.css?ver=appointment-and-booking-for-gravity-forms/assets/js/apbgf-frontend-script.js?ver=appointment-and-booking-for-gravity-forms/assets/js/apbgf-calendar-script.js?ver=appointment-and-booking-for-gravity-forms/assets/js/apbgf-admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
apbgf-admin-wrapperapbgf-wrapperapbgf-frontend-wrapperapbgf-admin-menu-wrapperapbgf-booking-form-wrapperapbgf-calendar-wrapperapbgf-calendar-container
Data Attributes
data-roledata-bookingdata-appointment-iddata-staff-iddata-service-iddata-location-id
JS Globals
apbgf_admin_objectapbgf_frontend_objectapbgf_calendar_object
FAQ

Frequently Asked Questions about Gravity Forms Booking – Appointment Booking & Scheduling Addon for Gravity Forms