WP-Safety

Bookify – Appointment Booking & Scheduling for WordPress Security & Risk Analysis

wordpress.org/plugins/bookify

🚀 A modern, lightweight appointment booking plugin for WordPress. Let customers book services online, manage schedules easily, and reduce no-shows — n …

10 active installs v1.3.2 PHP 7.0+ WP 6.2+ Updated Feb 4, 2026
appointment-bookingappointmentsbookingbooking-systemscheduling
98
A · Safe
CVEs total1
Unpatched0
Last CVEJul 29, 2025
Plugin page Download
Safety Verdict

Is Bookify – Appointment Booking & Scheduling for WordPress Safe to Use in 2026?

Generally Safe

Score 98/100

Bookify – Appointment Booking & Scheduling for WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 29, 2025Updated 1mo ago
Risk Assessment

The plugin "bookify" v1.3.2 demonstrates strong adherence to many WordPress security best practices. The static analysis reveals a robust implementation with a significant number of nonce and capability checks, a very low percentage of raw SQL queries, and perfect output escaping. The absence of direct file operations and external HTTP requests further strengthens its security posture. The attack surface, though present, is well-protected with all identified entry points seemingly secured by authorization checks. The lack of any identified taint flows is also a positive indicator.

However, the presence of the `unserialize` function is a significant concern. Although not directly flagged by taint analysis in this scan, `unserialize` is notoriously risky if it processes untrusted input, as it can lead to object injection vulnerabilities. The vulnerability history indicates a past high-severity vulnerability, specifically identified as Missing Authorization, which is a critical weakness. While this vulnerability is listed as unpatched, the fact that there are no *currently* unpatched CVEs might suggest it was addressed in a subsequent version or patch. Nevertheless, the past occurrence of such a critical flaw warrants careful consideration.

In conclusion, "bookify" v1.3.2 presents a generally secure profile with excellent coding practices in output escaping and SQL handling. The strong focus on authorization checks is commendable. The primary areas of concern are the potential risks associated with the `unserialize` function and the history of a high-severity Missing Authorization vulnerability. Addressing the `unserialize` risk and ensuring past vulnerabilities are permanently mitigated are crucial for maintaining a strong security posture.

Key Concerns

  • Dangerous function: unserialize detected
  • Past high-severity CVE (Missing Authorization)
Vulnerabilities
1

Bookify – Appointment Booking & Scheduling for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2025-48142high · 8.8Missing Authorization

Bookify <= 1.0.9 - Authenticated (Subscriber+) Privilege Escalation

Jul 29, 2025 Patched in 1.0.10 (7d)
Code Analysis
Analyzed Mar 16, 2026

Bookify – Appointment Booking & Scheduling for WordPress Code Analysis

Dangerous Functions
3
Raw SQL Queries
1
99 prepared
Unescaped Output
0
223 escaped
Nonce Checks
39
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$value = str_replace( '{appointment_gmeet_link}', implode( ' | ', isset( $appointment_data['bookify_Controllers\Admin\Bookify_Emails.php:214
unserialize$apointment_data[$key]['zoom_links'] = unserialize( $zoom_links );Controllers\REST\Bookify_Appointments_Rest_API.php:366
unserialize$apointment_data[$key]['zoom_links'] = unserialize( $zoom_links );Controllers\REST\Bookify_Frontend_Rest_API.php:173

Bundled Libraries

Freemius1.0

SQL Query Safety

99% prepared100 total queries

Output Escaping

100% escaped223 total outputs
Attack Surface

Bookify – Appointment Booking & Scheduling for WordPress Attack Surface

Entry Points57
Unprotected0

REST API Routes 55

GET/wp-json/bookify/v1/appointmentsControllers\REST\Bookify_Appointments_Rest_API.php:29
POST/wp-json/bookify/v1/add-appointmentControllers\REST\Bookify_Appointments_Rest_API.php:35
POST/wp-json/bookify/v1/delete-appointmentControllers\REST\Bookify_Appointments_Rest_API.php:41
POST/wp-json/bookify/v1/update-appointmentControllers\REST\Bookify_Appointments_Rest_API.php:47
POST/wp-json/bookify/v1/available-slotsControllers\REST\Bookify_Appointments_Rest_API.php:53
GET/wp-json/bookify/v1/calendarControllers\REST\Bookify_Calendar_Rest_API.php:28
POST/wp-json/bookify/v1/staffs-by-serviceControllers\REST\Bookify_Calendar_Rest_API.php:34
POST/wp-json/bookify/v1/dates-by-staffControllers\REST\Bookify_Calendar_Rest_API.php:40
GET/wp-json/bookify/v1/customersControllers\REST\Bookify_Customers_Rest_API.php:25
POST/wp-json/bookify/v1/add-customerControllers\REST\Bookify_Customers_Rest_API.php:31
POST/wp-json/bookify/v1/update-customerControllers\REST\Bookify_Customers_Rest_API.php:37
POST/wp-json/bookify/v1/delete-customerControllers\REST\Bookify_Customers_Rest_API.php:43
GET/wp-json/bookify/v1/dashboardControllers\REST\Bookify_Dashboard_Rest_API.php:29
POST/wp-json/bookify/v1/get-total-revenueControllers\REST\Bookify_Dashboard_Rest_API.php:35
POST/wp-json/bookify/v1/get-total-customerControllers\REST\Bookify_Dashboard_Rest_API.php:41
POST/wp-json/bookify/v1/get-approved-appointmentControllers\REST\Bookify_Dashboard_Rest_API.php:47
POST/wp-json/bookify/v1/service-earningControllers\REST\Bookify_Dashboard_Rest_API.php:53
GET/wp-json/bookify/frontend/v1/get-servicesControllers\REST\Bookify_Frontend_Rest_API.php:29
GET/wp-json/bookify/frontend/v1/get-appointmentsControllers\REST\Bookify_Frontend_Rest_API.php:35
POST/wp-json/bookify/frontend/v1/add-appointmentControllers\REST\Bookify_Frontend_Rest_API.php:41
POST/wp-json/bookify/frontend/v1/appointment-statusControllers\REST\Bookify_Frontend_Rest_API.php:47
POST/wp-json/bookify/frontend/v1/get-services-by-locationControllers\REST\Bookify_Frontend_Rest_API.php:53
POST/wp-json/bookify/frontend/v1/check-validationControllers\REST\Bookify_Frontend_Rest_API.php:59
GET/wp-json/bookify/v1/notificationControllers\REST\Bookify_Notification_Rest_API.php:25
POST/wp-json/bookify/v1/add-notificationControllers\REST\Bookify_Notification_Rest_API.php:31
POST/wp-json/bookify/v1/update-notificationControllers\REST\Bookify_Notification_Rest_API.php:37
POST/wp-json/bookify/v1/update-notification-stateControllers\REST\Bookify_Notification_Rest_API.php:43
POST/wp-json/bookify/v1/delete-notificationControllers\REST\Bookify_Notification_Rest_API.php:49
POST/wp-json/bookify/v1/onboarding/ensure-defaultsControllers\REST\Bookify_Onboarding_Rest_API.php:24
POST/wp-json/bookify/v1/onboarding/completeControllers\REST\Bookify_Onboarding_Rest_API.php:30
POST/wp-json/bookify/v1/onboarding/skip-wizardControllers\REST\Bookify_Onboarding_Rest_API.php:36
GET/wp-json/bookify/v1/paymentControllers\REST\Bookify_Payment_Rest_API.php:26
GET/wp-json/bookify/v1/appointment-paymentControllers\REST\Bookify_Payment_Rest_API.php:32
POST/wp-json/bookify/v1/add-paymentControllers\REST\Bookify_Payment_Rest_API.php:38
POST/wp-json/bookify/v1/update-paymentControllers\REST\Bookify_Payment_Rest_API.php:44
POST/wp-json/bookify/v1/delete-paymentControllers\REST\Bookify_Payment_Rest_API.php:50
GET/wp-json/bookify/v1/servicesControllers\REST\Bookify_Services_Rest_API.php:26
GET/wp-json/bookify/v1/categoriesControllers\REST\Bookify_Services_Rest_API.php:32
POST/wp-json/bookify/v1/update-serviceControllers\REST\Bookify_Services_Rest_API.php:38
POST/wp-json/bookify/v1/add-serviceControllers\REST\Bookify_Services_Rest_API.php:44
POST/wp-json/bookify/v1/delete-serviceControllers\REST\Bookify_Services_Rest_API.php:50
POST/wp-json/bookify/v1/delete-categoryControllers\REST\Bookify_Services_Rest_API.php:56
POST/wp-json/bookify/v1/add-categoryControllers\REST\Bookify_Services_Rest_API.php:62
POST/wp-json/bookify/v1/update-categoryControllers\REST\Bookify_Services_Rest_API.php:68
GET/wp-json/bookify/v1/settingsControllers\REST\Bookify_Settings_Rest_API.php:24
GET/wp-json/bookify/frontend/v1/payment-settingsControllers\REST\Bookify_Settings_Rest_API.php:30
GET/wp-json/bookify/frontend/v1/settingsControllers\REST\Bookify_Settings_Rest_API.php:36
POST/wp-json/bookify/v1/save-general-settingsControllers\REST\Bookify_Settings_Rest_API.php:42
POST/wp-json/bookify/v1/save-company-detailsControllers\REST\Bookify_Settings_Rest_API.php:48
POST/wp-json/bookify/v1/save-payment-settingsControllers\REST\Bookify_Settings_Rest_API.php:54
POST/wp-json/bookify/v1/save-notification-settingsControllers\REST\Bookify_Settings_Rest_API.php:66
GET/wp-json/bookify/v1/staffsControllers\REST\Bookify_Staffs_Rest_API.php:28
POST/wp-json/bookify/v1/add-staffControllers\REST\Bookify_Staffs_Rest_API.php:34
POST/wp-json/bookify/v1/update-staffControllers\REST\Bookify_Staffs_Rest_API.php:40
POST/wp-json/bookify/v1/delete-staffControllers\REST\Bookify_Staffs_Rest_API.php:46

Shortcodes 2

[bookify_bookings] Controllers\Frontend\Bookify_Shortcodes.php:18
[bookify_appointments] Controllers\Frontend\Bookify_Shortcodes.php:19
WordPress Hooks 22
actionwp_initialize_sitebookify.php:113
actioninitbookify.php:115
actionadmin_footerbookify.php:117
actionadmin_initbookify.php:119
actionbookify_appointment_requested_emailControllers\Admin\Bookify_Emails.php:36
actionbookify_appointment_status_changed_emailControllers\Admin\Bookify_Emails.php:37
actionbookify_staff_created_emailControllers\Admin\Bookify_Emails.php:38
actionadmin_menuControllers\Admin\Bookify_Menu.php:15
filterlogin_redirectControllers\Admin\Bookify_Menu.php:16
actionadmin_enqueue_scriptsControllers\Admin\Bookify_Menu.php:17
actionrest_api_initControllers\REST\Bookify_Appointments_Rest_API.php:24
actionrest_api_initControllers\REST\Bookify_Calendar_Rest_API.php:23
actionrest_api_initControllers\REST\Bookify_Customers_Rest_API.php:20
actionrest_api_initControllers\REST\Bookify_Dashboard_Rest_API.php:24
actionrest_api_initControllers\REST\Bookify_Frontend_Rest_API.php:24
actionrest_api_initControllers\REST\Bookify_Notification_Rest_API.php:20
actionrest_api_initControllers\REST\Bookify_Onboarding_Rest_API.php:20
actionrest_api_initControllers\REST\Bookify_Payment_Rest_API.php:21
actionrest_api_initControllers\REST\Bookify_Services_Rest_API.php:21
actionrest_api_initControllers\REST\Bookify_Settings_Rest_API.php:19
actionrest_api_initControllers\REST\Bookify_Staffs_Rest_API.php:22
actionuser_registerControllers\REST\Bookify_Staffs_Rest_API.php:23
Maintenance & Trust

Bookify – Appointment Booking & Scheduling for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 4, 2026
PHP min version7.0
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Bookify – Appointment Booking & Scheduling for WordPress Alternatives

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

simply-schedule-appointments

A
88

Unlimited appointments, booking calendars, and notifications. Powerful appointment booking plugin and booking system. Start scheduling for free today!

60K 21 CVEs
Bookings for WooCommerce – Create Booking Calendar, Start Scheduling, Manage Bookings And Appointments

Bookings for WooCommerce – Create Booking Calendar, Start Scheduling, Manage Bookings And Appointments

mwb-bookings-for-woocommerce

A
100

This WordPress Booking Plugin lets you manage full-day bookings, service appointments, Accept/reject bookings, show booking availability & much more.

4K No CVEs
Advanced Appointment Booking & Scheduling

Advanced Appointment Booking & Scheduling

advanced-appointment-booking-scheduling

B
78

Advanced Appointment Booking & Scheduling: Effortlessly manage appointments with a simple, user-friendly scheduling system.

3K 1 unpatched
Easy Appointment Booking & Scheduling System – Webba Booking Calendar

Easy Appointment Booking & Scheduling System – Webba Booking Calendar

webba-booking-lite

A
95

Free Appointment Booking Plugin 📅 Unlimited appointments, booking management, calendar sync, notifications, 5* support = powerful booking system!

3K 7 CVEs
Booking for Appointments and Events Calendar – Amelia

Booking for Appointments and Events Calendar – Amelia

ameliabooking

A
88

Amelia is a powerful booking plugin for appointments and events. Manage scheduling, calendars, and availability with an all-in-one booking system.

90K 23 CVEs
Developer Profile

Bookify – Appointment Booking & Scheduling for WordPress Developer Profile

Saad Iqbal

84 plugins · 1.4M total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
287 days
View full developer profile
Detection Fingerprints

How We Detect Bookify – Appointment Booking & Scheduling for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bookify/assets/css/bookify-frontend.css/wp-content/plugins/bookify/assets/css/bookify-admin.css/wp-content/plugins/bookify/assets/js/bookify-frontend.js/wp-content/plugins/bookify/assets/js/bookify-admin.js/wp-content/plugins/bookify/assets/js/bookify-vendors.js/wp-content/plugins/bookify/assets/js/bookify-vendors.min.js/wp-content/plugins/bookify/assets/js/bookify-frontend.min.js/wp-content/plugins/bookify/assets/js/bookify-admin.min.js+1 more
Script Paths
/wp-content/plugins/bookify/assets/js/bookify-frontend.js/wp-content/plugins/bookify/assets/js/bookify-admin.js/wp-content/plugins/bookify/assets/js/bookify-vendors.js
Version Parameters
bookify-frontend.css?ver=bookify-admin.css?ver=bookify-frontend.js?ver=bookify-admin.js?ver=bookify-vendors.js?ver=

HTML / DOM Fingerprints

CSS Classes
bookify-frontendbookify-appointment-formbookify-calendarbookify-staff-cardbookify-service-item
HTML Comments
<!-- Bookify Appointment Form Start --><!-- Bookify Appointment Form End -->
Data Attributes
data-bookify-service-iddata-bookify-staff-iddata-bookify-appointment-datedata-bookify-appointment-time
JS Globals
bookifyFrontend
REST Endpoints
/wp-json/bookify/v1/services/wp-json/bookify/v1/staff/wp-json/bookify/v1/appointments/wp-json/bookify/v1/settings/wp-json/bookify/v1/notification/wp-json/bookify/v1/payment/wp-json/bookify/v1/calendar/wp-json/bookify/v1/dashboard/wp-json/bookify/v1/frontend/wp-json/bookify/v1/onboarding
Shortcode Output
[bookify_appointments][bookify_booking_form][bookify_calendar]
FAQ

Frequently Asked Questions about Bookify – Appointment Booking & Scheduling for WordPress