Does Booking / Appointment have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Booking / Appointment compatible with WordPress 6.9.4?

According to WordPress.org data, Booking / Appointment 1.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Booking / Appointment updated?

Booking / Appointment was last updated on Nov 28, 2025. Frequent updates are generally a positive security signal.

What is Booking / Appointment's security score?

Booking / Appointment has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Booking / Appointment Security — No Known CVEs

Safety Verdict

Is Booking / Appointment Safe to Use in 2026?

Generally Safe

Score 100/100

Booking / Appointment has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The 'booking-appointment' v1.1.0 plugin presents a mixed security posture. On the positive side, it demonstrates strong practices regarding SQL queries, utilizing prepared statements exclusively, and shows a high percentage of properly escaped output. There are no file operations or external HTTP requests, and the plugin's vulnerability history is clean, with no recorded CVEs. This suggests a generally conscientious approach to secure coding in these areas.

However, the plugin has a significant attack surface due to a large number of AJAX handlers that lack authentication checks. With 7 out of 7 AJAX handlers unprotected, this presents a substantial risk for unauthorized actions or data manipulation if these handlers can be triggered by unauthenticated users. While taint analysis shows no critical or high severity unsanitized paths, the sheer number of unprotected entry points is a concern. The presence of 13 nonce checks is positive, but their absence on a majority of AJAX handlers undermines their effectiveness.

In conclusion, while the plugin benefits from secure SQL handling and good output escaping, the unprotected AJAX endpoints are a critical weakness. The lack of any recorded vulnerabilities in its history is encouraging but does not negate the inherent risks posed by the exposed attack surface. Mitigation efforts should prioritize securing these AJAX handlers.

Key Concerns

7 AJAX handlers without auth checks
No capability checks

Vulnerabilities

None known

Booking / Appointment Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Booking / Appointment Release Timeline

v1.0.0

Code Analysis

Analyzed Mar 17, 2026

Booking / Appointment Code Analysis

Dangerous Functions

0

Raw SQL Queries

0

22 prepared

Unescaped Output

43

179 escaped

Nonce Checks

13

Capability Checks

0

File Operations

0

External Requests

0

Bundled Libraries

0

SQL Query Safety

100% prepared22 total queries

Output Escaping

81% escaped222 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

12 flows

holidays (admin\class-booking-appointment-admin.php:162)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

Booking / Appointment Attack Surface

Entry Points8

Unprotected7

AJAX Handlers 7

authwp_ajax_save_emailsettingsincludes\class-booking-appointment.php:162

authwp_ajax_save_settingsincludes\class-booking-appointment.php:163

authwp_ajax_save_configurationincludes\class-booking-appointment.php:164

authwp_ajax_save_payment_settingsincludes\class-booking-appointment.php:165

authwp_ajax_get_eventsincludes\class-booking-appointment.php:185

authwp_ajax_get_event_booking_formincludes\class-booking-appointment.php:186

authwp_ajax_save_bookingsincludes\class-booking-appointment.php:187

Shortcodes 1

[booking_appointment] includes\class-booking-appointment.php:166

WordPress Hooks 7

actionplugins_loadedincludes\class-booking-appointment.php:142

actionadmin_enqueue_scriptsincludes\class-booking-appointment.php:157

actionadmin_enqueue_scriptsincludes\class-booking-appointment.php:158

actionadmin_menuincludes\class-booking-appointment.php:161

filterset-screen-optionincludes\class-booking-appointment.php:167

actionwp_enqueue_scriptsincludes\class-booking-appointment.php:181

actionwp_enqueue_scriptsincludes\class-booking-appointment.php:182

Maintenance & Trust

Booking / Appointment Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 28, 2025

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Booking / Appointment Alternatives

Booking Ultra Pro Appointments Booking Calendar Plugin

booking-ultra-pro

C

50

Powerful Booking Plugin with amazing dashboard to manage all of your appointments & bookings online.

400 1 unpatched

Buk for WordPress

buk-appointments

A

99

Simple and flexible online appointments for your clients. Add a BUK.app apointment shortcode to your WordPress site.

40 1 CVE

Nabooki Booking Widgets

nabooki-booking

A

85

Receive online bookings for your service business with nabooki’s official plugin for Wordpress.

10 No CVEs

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

F

20

Optimize your appointment scheduling with our plugin. Sync calendars, automate reminders, and keep your bookings organized.

100K 2 unpatched

Booking for Appointments and Events Calendar – Amelia

ameliabooking

A

88

Amelia is a powerful booking plugin for appointments and events. Manage scheduling, calendars, and availability with an all-in-one booking system.

90K 30 CVEs

Developer Profile

Booking / Appointment Developer Profile

stridedge

1 plugin · 10 total installs

94

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Booking / Appointment

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/booking-appointment/css/booking-appointment-admin.css/wp-content/plugins/booking-appointment/js/booking-appointment-admin.js

Script Paths

/wp-content/plugins/booking-appointment/js/booking-appointment-admin.js

Version Parameters

booking-appointment-admin.css?ver=booking-appointment-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

booking_appointment_tablebooking-appointment-admin-holidaysbooking-appointment-admin-bookings

HTML Comments

This function is provided for demonstration purposes only.

An instance of this class should be passed to the run() function
         defined in Booking_Appointment_Loader as all of the hooks are defined
         in that particular class.

The Booking_Appointment_Loader will then create the relationship
         between the defined hooks and the functions defined in this
         class.

Data Attributes

data-screendata-slugdata-optiondata-nonce

JS Globals

booking_appointment_holidays_menubooking_appointment_bookings_menubooking_appointment_table

REST Endpoints

/wp-json/booking-appointment/v1/settings/wp-json/booking-appointment/v1/holidays/wp-json/booking-appointment/v1/bookings

Shortcode Output

[booking-appointment-form][booking-appointment-calendar]

FAQ

Booking / Appointment Security & Risk Analysis