WP-Safety

Bookslots – Simple Booking & Appointment Scheduler Security & Risk Analysis

wordpress.org/plugins/bookslots-simple-booking-form

Easy appointment booking & scheduling plugin. Let clients book time slots directly on your WordPress site. Perfect for consultations, salons, and …

0 active installs v1.0.1 PHP 7.4+ WP 5.0+ Updated Feb 3, 2026
appointmentbookingcalendarreservationscheduling
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Bookslots – Simple Booking & Appointment Scheduler Safe to Use in 2026?

Generally Safe

Score 100/100

Bookslots – Simple Booking & Appointment Scheduler has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The plugin "bookslots-simple-booking-form" v1.0.1 exhibits a generally good security posture due to its diligent use of prepared statements for SQL queries and proper output escaping. The absence of known vulnerabilities in its history further reinforces this positive outlook, suggesting a commitment to security best practices by the developers.

However, a significant concern arises from the substantial attack surface presented by its 16 entry points, with 7 of these lacking authentication checks. Specifically, the 12 AJAX handlers are a notable area of risk, with 7 of them being unprotected. While taint analysis did not reveal any critical or high-severity unsanitized paths, the sheer number of unprotected AJAX endpoints could still be exploited by attackers to trigger unintended actions or access sensitive data if further vulnerabilities exist within those handlers. The presence of 18 nonce checks is positive, but their absence on 7 AJAX handlers is a critical oversight.

In conclusion, the plugin has strong fundamentals in data handling and output sanitization. The primary weakness lies in the lack of authentication on a significant portion of its AJAX endpoints. While no direct exploitable issues were found in the static analysis, this gap represents a potential vector for attack. Addressing the unprotected AJAX handlers should be the immediate priority for enhancing the plugin's security.

Key Concerns

  • Unprotected AJAX handlers
  • Large attack surface without auth
  • Missing capability checks on AJAX
Vulnerabilities
None known

Bookslots – Simple Booking & Appointment Scheduler Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Bookslots – Simple Booking & Appointment Scheduler Release Timeline

v1.0.1Current
v1.0.0
v0.1.8
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Code Analysis
Analyzed Apr 16, 2026

Bookslots – Simple Booking & Appointment Scheduler Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
12 prepared
Unescaped Output
3
526 escaped
Nonce Checks
18
Capability Checks
2
File Operations
12
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared12 total queries

Output Escaping

99% escaped529 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
render_cancellation_page (app/Includes/CancellationHandler.php:337)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

Bookslots – Simple Booking & Appointment Scheduler Attack Surface

Entry Points16
Unprotected7

AJAX Handlers 12

authwp_ajax_bookslots_get_calendarsapp/Admin/Dashboard.php:28
authwp_ajax_bookslots_get_providersapp/Admin/Dashboard.php:32
authwp_ajax_bookslots_search_usersapp/Admin/Dashboard.php:36
authwp_ajax_bookslots_save_calendarapp/Admin/Dashboard.php:40
authwp_ajax_bookslots_save_providerapp/Admin/Dashboard.php:44
authwp_ajax_bookslots_delete_calendarapp/Admin/Dashboard.php:48
authwp_ajax_bookslots_delete_providerapp/Admin/Dashboard.php:52
authwp_ajax_new_calendarapp/Providers/BookSlotsCalendarProvider.php:94
authwp_ajax_new_providerapp/Providers/BookSlotsCalendarProvider.php:109
authwp_ajax_new_bookingapp/Providers/BookSlotsCalendarProvider.php:130
authwp_ajax_ajax_create_booking_initapp/Providers/BookSlotsCalendarProvider.php:176
noprivwp_ajax_ajax_create_booking_initapp/Providers/BookSlotsCalendarProvider.php:182

Shortcodes 4

[bookslots_cancellation] app/Includes/CancellationHandler.php:25
[bookslots] app/Providers/BookSlotsCalendarProvider.php:157
[bookslots-form] app/Providers/BookSlotsCalendarProvider.php:164
[bookslots-calendar] app/Providers/BookSlotsCalendarProvider.php:170
WordPress Hooks 19
actionenqueue_block_editor_assetsapp/Includes/Block.php:111
actiontemplate_redirectapp/Includes/CancellationHandler.php:24
filterrun_wptexturizeapp/Includes/Form.php:133
filterno_texturize_shortcodesapp/Providers/BookSlotsCalendarProvider.php:47
actionplugins_loadedapp/Providers/BookSlotsCalendarProvider.php:63
actionadmin_menuapp/Providers/BookSlotsCalendarProvider.php:73
actionin_admin_headerapp/Providers/BookSlotsCalendarProvider.php:79
actionadmin_enqueue_scriptsapp/Providers/BookSlotsCalendarProvider.php:85
actioninitapp/Providers/BookSlotsCalendarProvider.php:93
actionadmin_initapp/Providers/BookSlotsCalendarProvider.php:100
actioninitapp/Providers/BookSlotsCalendarProvider.php:108
actionadmin_initapp/Providers/BookSlotsCalendarProvider.php:115
actionadmin_initapp/Providers/BookSlotsCalendarProvider.php:121
actioninitapp/Providers/BookSlotsCalendarProvider.php:129
actionadmin_initapp/Providers/BookSlotsCalendarProvider.php:136
actionadmin_initapp/Providers/BookSlotsCalendarProvider.php:142
actionwp_loadedapp/Providers/BookSlotsCalendarProvider.php:150
actioninitapp/Providers/BookSlotsCalendarProvider.php:190
actionadmin_post_bookslots_update_optionsapp/Providers/BookSlotsCalendarProvider.php:193
Maintenance & Trust

Bookslots – Simple Booking & Appointment Scheduler Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedFeb 3, 2026
PHP min version7.4
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

Bookslots – Simple Booking & Appointment Scheduler Alternatives

SimplyBook.me – Booking and reservations calendar

SimplyBook.me – Booking and reservations calendar

simplybook

A
100

Simply add a booking calendar to your site to schedule bookings, reservations, appointments and to collect payments.

20K No CVEs
Salon Booking System – Free Version

Salon Booking System – Free Version

salon-booking-system

D
39

Appointment scheduling plugin for salons, spas, and wellness centers to streamline bookings and improve customer satisfaction.

3K 1 unpatched
SuperSaaS – online appointment scheduling

SuperSaaS – online appointment scheduling

supersaas-appointment-scheduling

A
99

SuperSaaS is a flexible appointment scheduling system that works with many different businesses. The basic version is free.

1K 2 CVEs
Booking Ultra Pro Appointments Booking Calendar Plugin

Booking Ultra Pro Appointments Booking Calendar Plugin

booking-ultra-pro

C
50

Powerful Booking Plugin with amazing dashboard to manage all of your appointments & bookings online.

400 1 unpatched
Reservation.Studio widget

Reservation.Studio widget

reservation-studio-widget

A
99

Reservation.Studio WordPress booking widget

10 2 CVEs
Developer Profile

Bookslots – Simple Booking & Appointment Scheduler Developer Profile

David Towoju

5 plugins · 570 total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Bookslots – Simple Booking & Appointment Scheduler

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bookslots-simple-booking-form/assets/css/admin-style.css/wp-content/plugins/bookslots-simple-booking-form/assets/js/admin-script.js/wp-content/plugins/bookslots-simple-booking-form/assets/css/booking.css/wp-content/plugins/bookslots-simple-booking-form/assets/js/booking.js/wp-content/plugins/bookslots-simple-booking-form/assets/css/booking-grid.css/wp-content/plugins/bookslots-simple-booking-form/assets/js/booking-grid.js/wp-content/plugins/bookslots-simple-booking-form/assets/css/date-picker.css/wp-content/plugins/bookslots-simple-booking-form/assets/js/date-picker.js+2 more
Script Paths
/wp-content/plugins/bookslots-simple-booking-form/assets/js/admin-script.js/wp-content/plugins/bookslots-simple-booking-form/assets/js/booking.js/wp-content/plugins/bookslots-simple-booking-form/assets/js/booking-grid.js/wp-content/plugins/bookslots-simple-booking-form/assets/js/date-picker.js/wp-content/plugins/bookslots-simple-booking-form/assets/js/time-picker.js
Version Parameters
bookslots-simple-booking-form/assets/css/admin-style.css?ver=bookslots-simple-booking-form/assets/js/admin-script.js?ver=bookslots-simple-booking-form/assets/css/booking.css?ver=bookslots-simple-booking-form/assets/js/booking.js?ver=bookslots-simple-booking-form/assets/css/booking-grid.css?ver=bookslots-simple-booking-form/assets/js/booking-grid.js?ver=bookslots-simple-booking-form/assets/css/date-picker.css?ver=bookslots-simple-booking-form/assets/js/date-picker.js?ver=bookslots-simple-booking-form/assets/css/time-picker.css?ver=bookslots-simple-booking-form/assets/js/time-picker.js?ver=

HTML / DOM Fingerprints

CSS Classes
bookslots-admin-menubookslots-booking-formbookslots-booking-gridbookslots-date-pickerbookslots-time-picker
HTML Comments
<!-- Prevent direct access --><!-- Define plugin constants --><!-- Autoloader --><!-- Load helper functions -->+3 more
Data Attributes
data-bs-toggle="modal"data-bs-target="#bookslotsBookingModal"
JS Globals
bookslots_app
FAQ

Frequently Asked Questions about Bookslots – Simple Booking & Appointment Scheduler