Does BizCalendar Web have any unpatched vulnerabilities?

No. All known vulnerabilities in BizCalendar Web have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BizCalendar Web compatible with WordPress 6.8.5?

According to WordPress.org data, BizCalendar Web 1.1.0.62 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is BizCalendar Web compatible with PHP 5.3.0+?

BizCalendar Web requires PHP 5.3.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BizCalendar Web updated?

BizCalendar Web was last updated on Unknown. Frequent updates are generally a positive security signal.

What is BizCalendar Web's security score?

BizCalendar Web has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BizCalendar Web Security & Risk Analysis

wordpress.org/plugins/bizcalendar-web

Modul de programări online pentru clinicile medicale care folosesc BizMedica / Online appointments form for medical clinics using BizMedica software

20 active installs v1.1.0.62 PHP 5.3.0+ WP 3.3+ Updated Unknown

setrio-bizmedica-bizcalendar-online-appointments-programari

A · Safe

CVEs total3

Unpatched0

Last CVEAug 14, 2025

Plugin page Download

Safety Verdict

Is BizCalendar Web Safe to Use in 2026?

Generally Safe

Score 96/100

BizCalendar Web has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Aug 14, 2025

Risk Assessment

The bizcalendar-web plugin, version 1.1.0.62, exhibits a mixed security posture. While it demonstrates good practices in output escaping (99% properly escaped) and a high percentage of SQL queries using prepared statements (83%), significant concerns arise from its attack surface. A substantial 27 out of 34 identified entry points, primarily AJAX handlers, lack proper authentication checks, leaving them vulnerable to unauthorized access and potential exploitation. The presence of 3 unsanitized taint flows, although not rated as critical or high severity in the static analysis, warrants attention as they could potentially lead to security issues if exploited under specific conditions. The plugin's vulnerability history is also a notable concern, with 3 known CVEs, including one high-severity vulnerability, indicating a past susceptibility to common attack vectors like Remote File Inclusion, SQL Injection, and Cross-site Scripting. Although currently no unpatched vulnerabilities exist, this history suggests a recurring need for vigilance and prompt patching by users. The plugin's strengths lie in its code hygiene regarding output and prepared SQL statements, but the exposed attack surface and historical vulnerability patterns necessitate a cautious approach.

Key Concerns

Significant attack surface without auth checks (AJAX)
Taint flows with unsanitized paths
History of 1 high severity CVE
History of 2 medium severity CVEs
Bundled library (Select2) - potential for outdatedness

Vulnerabilities

BizCalendar Web Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2025-7650high · 7.5Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

BizCalendar Web <= 1.1.0.53 - Authenticated (Contributor+) Local File Inclusion

Aug 14, 2025 Patched in 1.1.0.54 (61d)

CVE-2025-30843medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

bizcalendar-web <= 1.1.0.34 - Authenticated (Administrator+) SQL Injection

Mar 27, 2025 Patched in 1.1.0.35 (8d)

CVE-2024-1780medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BizCalendar Web <= 1.1.0.25 - Reflected Cross-Site Scripting via 'tab'

Apr 9, 2024 Patched in 1.1.0.26 (121d)

Code Analysis

Analyzed Mar 16, 2026

BizCalendar Web Code Analysis

Dangerous Functions

Raw SQL Queries

15 prepared

Unescaped Output

736 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

83% prepared18 total queries

Output Escaping

99% escaped740 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

7 flows3 with unsanitized paths

save (admin\bizcalendar-admin.php:1895)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

27 unprotected

BizCalendar Web Attack Surface

Entry Points34

Unprotected27

AJAX Handlers 27

authwp_ajax_setrio_bizcal_post_select_lookupadmin\bizcalendar-admin.php:3414

authwp_ajax_setrio_bizcal_get_post_titlesadmin\bizcalendar-admin.php:3415

authwp_ajax_get_medical_specialitiesbizcalendar.php:49

noprivwp_ajax_get_medical_specialitiesbizcalendar.php:50

authwp_ajax_get_locationsbizcalendar.php:52

noprivwp_ajax_get_locationsbizcalendar.php:53

authwp_ajax_get_medical_servicesbizcalendar.php:55

noprivwp_ajax_get_medical_servicesbizcalendar.php:56

authwp_ajax_get_physiciansbizcalendar.php:58

noprivwp_ajax_get_physiciansbizcalendar.php:59

authwp_ajax_get_pricesbizcalendar.php:61

noprivwp_ajax_get_pricesbizcalendar.php:62

authwp_ajax_get_payment_typesbizcalendar.php:64

noprivwp_ajax_get_payment_typesbizcalendar.php:65

authwp_ajax_get_allowed_payment_typesbizcalendar.php:67

noprivwp_ajax_get_allowed_payment_typesbizcalendar.php:68

authwp_ajax_get_date_availabilitiesbizcalendar.php:70

noprivwp_ajax_get_date_availabilitiesbizcalendar.php:71

authwp_ajax_get_availabilitybizcalendar.php:73

noprivwp_ajax_get_availabilitybizcalendar.php:74

authwp_ajax_register_appointmentbizcalendar.php:76

noprivwp_ajax_register_appointmentbizcalendar.php:77

authwp_ajax_get_price_for_servicebizcalendar.php:79

noprivwp_ajax_get_price_for_servicebizcalendar.php:80

noprivwp_ajax_setrio_testmailbizcalendar.php:81

authwp_ajax_setrio_date_rel_absbizcalendar.php:83

noprivwp_ajax_setrio_date_rel_absbizcalendar.php:84

Shortcodes 7

[bizcal_detalii_programare] main.php:217

[bizcal] main.php:218

[bizcal_popup] main.php:219

[bizcal_hidden] main.php:220

[bizcalv] main.php:221

[bizcalv_popup] main.php:222

[bizcalv_hidden] main.php:223

WordPress Hooks 16

actionadmin_menuadmin\bizcalendar-admin.php:10

actionplugins_loadedadmin\bizcalendar-admin.php:11

actionadmin_print_scriptsadmin\bizcalendar-admin.php:26

actionadmin_postadmin\bizcalendar-admin.php:1892

actionsave_postadmin\bizcalendar-admin.php:3416

filterposts_whereadmin\bizcalendar-admin.php:3456

actioninitbizcalendar.php:36

actionplugins_loadedbizcalendar.php:37

actionwp_footerbizcalendar.php:38

filterbody_classbizcalendar.php:40

filterclean_urlbizcalendar.php:41

filterscript_loader_tagbizcalendar.php:43

actionwp_loadedbizcalendar.php:166

actioninitbizcalendar.php:170

actionadmin_noticesbizcalendar.php:173

filterwp_mail_content_typemain.php:3698

Maintenance & Trust

BizCalendar Web Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedUnknown

PHP min version5.3.0

Downloads7K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

BizCalendar Web Alternatives

No alternatives data available yet.

Developer Profile

BizCalendar Web Developer Profile

setriosoft

1 plugin · 20 total installs

trust score

Avg Security Score

96/100

Avg Patch Time

63 days

View full developer profile

Detection Fingerprints

How We Detect BizCalendar Web

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bizcalendar-web/js/main.js/wp-content/plugins/bizcalendar-web/js/admin.js/wp-content/plugins/bizcalendar-web/css/style.css/wp-content/plugins/bizcalendar-web/css/bootstrap.min.css/wp-content/plugins/bizcalendar-web/css/bootstrap-datetimepicker.min.css/wp-content/plugins/bizcalendar-web/css/font-awesome.min.css/wp-content/plugins/bizcalendar-web/css/daterangepicker.css/wp-content/plugins/bizcalendar-web/js/moment.min.js+13 more

Script Paths

/wp-content/plugins/bizcalendar-web/js/main.js/wp-content/plugins/bizcalendar-web/js/admin.js

Version Parameters

bizcalendar-web/style.css?ver=bizcalendar-web/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

setrio-bizcal-booking-formbizcal-calendar-wrap

HTML Comments

Data Attributes

data-bizcal-actiondata-bizcal-postid

JS Globals

bizcal_ajax_objectsetrio_bizcal_config

REST Endpoints

/wp-json/bizcalendar-web/v1/specialities/wp-json/bizcalendar-web/v1/locations/wp-json/bizcalendar-web/v1/services/wp-json/bizcalendar-web/v1/physicians/wp-json/bizcalendar-web/v1/prices/wp-json/bizcalendar-web/v1/payment-types/wp-json/bizcalendar-web/v1/allowed-payment-types/wp-json/bizcalendar-web/v1/availability/wp-json/bizcalendar-web/v1/register-appointment/wp-json/bizcalendar-web/v1/price-for-service

Shortcode Output

[bizcal_booking_form[bizcal_calendar

FAQ