WP-Safety

Appointments Booking for WPForms Security & Risk Analysis

wordpress.org/plugins/appointment-booking-for-wpforms

Schedule appointments within WPForms.

20 active installs v1.2.0 PHP 5.2+ WP 4.0+ Updated Nov 28, 2025
appointmentsappointments-bookingwpforms-appointmentswpforms-bookingwpforms-time
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Appointments Booking for WPForms Safe to Use in 2026?

Generally Safe

Score 100/100

Appointments Booking for WPForms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "appointment-booking-for-wpforms" plugin exhibits a generally good security posture with a strong emphasis on secure coding practices. The complete absence of SQL queries without prepared statements and a high percentage of properly escaped output are commendable. Furthermore, the lack of recorded vulnerabilities in its history suggests a stable and well-maintained codebase. However, a significant concern arises from the attack surface. With 14 total entry points, 8 of which lack authentication checks, there's a substantial area exposed to potential unauthorized access or manipulation. This is particularly worrying given the plugin's function, which likely handles sensitive booking data.

Key Concerns

  • 8 unprotected AJAX handlers
  • Large attack surface without auth
  • 1 unsanitized path in taint analysis
  • Bundled Select2 library
Vulnerabilities
None known

Appointments Booking for WPForms Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Appointments Booking for WPForms Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
11
297 escaped
Nonce Checks
6
Capability Checks
10
File Operations
0
External Requests
2
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

96% escaped308 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
add_admin_filters (backend\appointments.php:180)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Appointments Booking for WPForms Attack Surface

Entry Points14
Unprotected8

AJAX Handlers 9

authwp_ajax_booknow_load_staffsbackend\appointments.php:10
noprivwp_ajax_booknow_load_staffsbackend\appointments.php:11
authwp_ajax_booknow_load_timebackend\appointments.php:12
noprivwp_ajax_booknow_load_timebackend\appointments.php:13
authwp_ajax_booknow_load_customerbackend\customers.php:12
authwp_ajax_booknow_load_chartbackend\dashboard.php:8
authwp_ajax_boooknow_load_calendarfrontend\shortcode.php:11
noprivwp_ajax_boooknow_load_calendarfrontend\shortcode.php:12
authwp_ajax_yeekit_dismiss_notyyeekit\document.php:13

Shortcodes 5

[booknow_orders] frontend\my_order.php:7
[booknow] frontend\shortcode.php:7
[booknow_sercices] frontend\shortcode.php:8
[booknow_staffs] frontend\shortcode.php:9
[booknow_summary] frontend\shortcode.php:10
WordPress Hooks 59
actionwpforms_loadedappointment-booking-for-wpforms.php:30
actionadd_meta_boxesbackend\appointments.php:8
actionsave_postbackend\appointments.php:9
actionrestrict_manage_postsbackend\appointments.php:16
filterparse_querybackend\appointments.php:17
actionbooknow_create_appointmentbackend\appointments.php:18
filterbooknow_appointment_tagsbackend\appointments.php:19
actionadd_meta_boxesbackend\customers.php:8
actionsave_postbackend\customers.php:9
actionadmin_menubackend\dashboard.php:7
actionadmin_enqueue_scriptsbackend\index.php:7
actioninitbackend\locations.php:7
actionadd_meta_boxesbackend\locations.php:8
actionadd_meta_boxesbackend\notifications.php:8
actionsave_postbackend\notifications.php:9
actionadmin_menubackend\page_informations.php:8
actioninitbackend\post_type.php:7
actionadmin_initbackend\role.php:7
actioninitbackend\role.php:8
actionadd_meta_boxesbackend\services.php:8
actionsave_postbackend\services.php:9
actionbooknow_before_form_settings_tabbackend\settings\customize.php:7
actionbooknow_before_form_settingsbackend\settings\customize.php:8
actionbooknow_before_form_settings_tabbackend\settings\general.php:7
actionbooknow_before_form_settingsbackend\settings\general.php:8
actionbooknow_before_form_settings_tabbackend\settings\holidays.php:7
actionbooknow_before_form_settingsbackend\settings\holidays.php:8
actionbooknow_before_form_settings_tabbackend\settings\install.php:7
actionbooknow_before_form_settingsbackend\settings\install.php:8
actionbooknow_before_form_settings_tabbackend\settings\working-hours.php:7
actionbooknow_before_form_settingsbackend\settings\working-hours.php:8
actionadmin_menubackend\settings.php:8
actionadmin_initbackend\settings.php:12
actionadd_meta_boxesbackend\staffs.php:8
actionsave_postbackend\staffs.php:9
actionwp_enqueue_scriptsfrontend\index.php:7
filterbooknow_exclude_availablefrontend\process.php:7
filterbooknow_exclude_availablefrontend\process.php:8
filterbooknow_time_formatfrontend\process.php:9
filterbooknow_holidaysfrontend\process.php:10
actionactivated_pluginincludes\install.php:7
actionBooknow_install_doneincludes\install.php:8
actionBooknow_install_doneincludes\install.php:9
actionbooknow_appointment_statusincludes\notifications\update_status.php:7
actionbooknow_after_appointmentincludes\notifications\update_status.php:8
actionupgrader_process_completeincludes\update.php:7
actionwpforms_process_entry_savemodules\wpforms\field.php:183
actionbooknow_after_formmodules\wpforms\field.php:184
filterbooknow_price_formatmodules\wpforms\field.php:185
filterwpforms_payment_fieldsmodules\wpforms\field.php:186
actionwpforms_process_completemodules\wpforms\field.php:187
actionadmin_menuyeekit\document.php:10
actionadmin_enqueue_scriptsyeekit\document.php:11
filterfluentform_global_addonsyeekit\document.php:12
actionadmin_noticesyeekit\document.php:14
actionelementor/element/form/section_form_options/after_section_endyeekit\document.php:15
actionadmin_inityeekit\document.php:17
actionelementor/editor/after_enqueue_stylesyeekit\document.php:19
filterhttp_responseyeekit\document.php:208
Maintenance & Trust

Appointments Booking for WPForms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedNov 28, 2025
PHP min version5.2
Downloads845

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

Appointments Booking for WPForms Alternatives

8 Degree Availability Calendar

8 Degree Availability Calendar

8-degree-availability-calendar

A
85

Availability Calendar | Simple Booking Calendar | Appointment Calendar | check availability calendar

200 No CVEs
Saksh appointment booking system

Saksh appointment booking system

saksh-text-to-voice-system

A
100

Discover the easiest way to schedule appointments with the saksh appointments booking system, It used woocommerce to capture payment.

0 No CVEs
LatePoint – Calendar Booking Plugin for Appointments and Events

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

F
20

Optimize your appointment scheduling with our plugin. Sync calendars, automate reminders, and keep your bookings organized.

100K 2 unpatched
Booking for Appointments and Events Calendar – Amelia

Booking for Appointments and Events Calendar – Amelia

ameliabooking

A
88

Amelia is a powerful booking plugin for appointments and events. Manage scheduling, calendars, and availability with an all-in-one booking system.

90K 25 CVEs
Online Scheduling and Appointment Booking System – Bookly

Online Scheduling and Appointment Booking System – Bookly

bookly-responsive-appointment-booking-tool

A
88

Appointment booking system for WordPress — schedule appointments, manage calendars, send reminders, take payments. Start booking today!

70K 9 CVEs
Developer Profile

Appointments Booking for WPForms Developer Profile

add-ons.org

55 plugins · 26K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
50 days
View full developer profile
Detection Fingerprints

How We Detect Appointments Booking for WPForms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/appointment-booking-for-wpforms/backend/libs/select2/css/select2.min.css/wp-content/plugins/appointment-booking-for-wpforms/backend/css/booknow_backend.css/wp-content/plugins/appointment-booking-for-wpforms/backend/libs/select2/js/select2.min.js/wp-content/plugins/appointment-booking-for-wpforms/backend/js/booknow_backend.js/wp-content/plugins/appointment-booking-for-wpforms/frontend/css/booknow_font.css/wp-content/plugins/appointment-booking-for-wpforms/frontend/css/mark-your-calendar.css/wp-content/plugins/appointment-booking-for-wpforms/frontend/js/hooks.js/wp-content/plugins/appointment-booking-for-wpforms/frontend/js/mark-your-calendar.js+1 more
Script Paths
https://cdn.jsdelivr.net/npm/chart.js@4.4.0/dist/chart.umd.min.js
Version Parameters
appointment-booking-for-wpforms/backend/css/booknow_backend.css?ver=appointment-booking-for-wpforms/frontend/css/mark-your-calendar.css?ver=appointment-booking-for-wpforms/frontend/js/booknow.js?ver=

HTML / DOM Fingerprints

CSS Classes
yeekit_addons_listyee-installyee-pro
Data Attributes
data-elementor-typedata-elementor-iddata-elementor-post-type
JS Globals
booknow
REST Endpoints
/wp-json/wpforms/v1/forms/wp-json/wpforms/v1/entries/wp-json/wpforms/v1/providers
FAQ

Frequently Asked Questions about Appointments Booking for WPForms