Does Booking Master have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Booking Master compatible with WordPress 6.9.4?

According to WordPress.org data, Booking Master 1.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Booking Master compatible with PHP 7.4+?

Booking Master requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Booking Master updated?

Booking Master was last updated on Mar 31, 2026. Frequent updates are generally a positive security signal.

What is Booking Master's security score?

Booking Master has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Booking Master Security & Risk Analysis

wordpress.org/plugins/booking-master

A clean, lightweight, and event-based booking system for WordPress. Create multiple event types with unique schedules and let your clients book appoin …

0 active installs v1.0.0 PHP 7.4+ WP 5.0+ Updated Mar 31, 2026

appointmentbookingcalendarevent-basedscheduler

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Booking Master Safe to Use in 2026?

Generally Safe

Score 100/100

Booking Master has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The booking-master plugin v1.0.0 demonstrates a strong security posture based on the provided static analysis. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests is highly commendable. Furthermore, the near-perfect output escaping (91%) and the presence of nonce checks indicate good development practices. The total lack of known vulnerabilities and CVEs in its history also suggests a mature and secure codebase.

However, a key area for concern is the complete lack of capability checks. While AJAX handlers have some form of authentication, the absence of explicit capability checks means that any authenticated user, regardless of their role, could potentially interact with these handlers. This could lead to unintended actions if the functionality exposed through these handlers is sensitive. The plugin also has a moderate attack surface with 6 entry points.

In conclusion, booking-master v1.0.0 is generally well-secured. Its strengths lie in its sanitization and avoidance of common dangerous patterns. The primary weakness is the lack of role-based access control through capability checks, which should be addressed to ensure only authorized users can access certain functionalities. Given the clean vulnerability history, this is likely a manageable risk if addressed.

Key Concerns

Missing capability checks on entry points

Vulnerabilities

None known

Booking Master Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Booking Master Release Timeline

v1.0.0Current

Code Analysis

Analyzed Apr 16, 2026

Booking Master Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

51 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

91% escaped56 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<class-booking-master-cpts> (includes/class-booking-master-cpts.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Booking Master Attack Surface

Entry Points6

Unprotected0

AJAX Handlers 4

authwp_ajax_bm_get_slotsincludes/class-booking-master-form.php:16

noprivwp_ajax_bm_get_slotsincludes/class-booking-master-form.php:17

authwp_ajax_bm_confirm_bookingincludes/class-booking-master-form.php:18

noprivwp_ajax_bm_confirm_bookingincludes/class-booking-master-form.php:19

Shortcodes 2

[booking-master] includes/class-booking-master-form.php:14

[booking_master] includes/class-booking-master-form.php:15

WordPress Hooks 10

actionplugins_loadedbooking-master.php:32

actionwp_enqueue_scriptsbooking-master.php:45

actioninitincludes/class-booking-master-cpts.php:14

actionadd_meta_boxesincludes/class-booking-master-cpts.php:15

actionsave_postincludes/class-booking-master-cpts.php:16

actionpre_get_postsincludes/class-booking-master-cpts.php:17

filtermanage_booking_type_posts_columnsincludes/class-booking-master-cpts.php:55

actionmanage_booking_type_posts_custom_columnincludes/class-booking-master-cpts.php:56

filtermanage_booking_entry_posts_columnsincludes/class-booking-master-cpts.php:78

actionmanage_booking_entry_posts_custom_columnincludes/class-booking-master-cpts.php:79

Maintenance & Trust

Booking Master Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 31, 2026

PHP min version7.4

Downloads200

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Booking Master Alternatives

Timetics – Appointment Booking & Scheduling

timetics

Appointment booking and scheduling system with online booking calendar, payments, automated reminders, and calendar sync.

2K 10 CVEs

CodoBookings

codobookings

100

A Lightweight WordPress Booking & Appointment System

0 No CVEs

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

Optimize your appointment scheduling with our plugin. Sync calendars, automate reminders, and keep your bookings organized.

100K 2 unpatched

Online Scheduling and Appointment Booking System – Bookly

bookly-responsive-appointment-booking-tool

Appointment booking system for WordPress — schedule appointments, manage calendars, send reminders, take payments. Start booking today!

70K 10 CVEs

Events Manager – Calendar, Bookings, Tickets, and more!

events-manager

Events calendar with bookings, scheduling, appointments, event registration, tickets, recurring events, and venue management.

70K 34 CVEs

Developer Profile

Booking Master Developer Profile

CodeYatri

54 plugins · 18K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

63 days

View full developer profile

Detection Fingerprints

How We Detect Booking Master

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/booking-master/assets/css/booking-master-style.css/wp-content/plugins/booking-master/assets/js/booking-master-calendar.js

Script Paths

/wp-content/plugins/booking-master/assets/js/booking-master-calendar.js

Version Parameters

booking-master/assets/css/booking-master-style.css?ver=booking-master/assets/js/booking-master-calendar.js?ver=

HTML / DOM Fingerprints

CSS Classes

booking-master-containerbm-error-noticebm-event-headerbm-event-infobm-event-descbm-booking-layoutbm-stepbm-step-date+9 more

HTML Comments

Data Attributes

id="booking-master-app"data-event-idid="bm-step-date"id="bm-step-time"id="bm-step-details"id="bm-booking-form"+6 more

JS Globals

window.bookingMastervar bookingMaster

REST Endpoints

/wp-json/wp/v2/booking_type

Shortcode Output

<div class="bm-error-notice">Booking Master Error: Please provide an Event ID. Example: <code>[booking-master id="123"]</code></div>

<div class="bm-error-notice">Booking Master Error: Invalid Event ID. Please check your Booking Types in the admin.</div><div id="booking-master-app"<div class="bm-event-header">

FAQ