WP-Safety

Booktics – Booking Calendar for Appointments and Service Businesses Security & Risk Analysis

wordpress.org/plugins/booktics

Professional booking system for businesses, offering booking calendars, appointments, reservations, service scheduling, and payments.

600 active installs v1.0.18 PHP 7.4+ WP 5.2+ Updated Apr 8, 2026
appointment-bookingbookingbooking-calendarbooking-systemonline-booking
96
A · Safe
CVEs total3
Unpatched0
Last CVEMar 9, 2026
Plugin page Download
Safety Verdict

Is Booktics – Booking Calendar for Appointments and Service Businesses Safe to Use in 2026?

Generally Safe

Score 96/100

Booktics – Booking Calendar for Appointments and Service Businesses has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Mar 9, 2026Updated 1mo ago
Risk Assessment

The "booktics" plugin v1.0.17 exhibits a mixed security posture. It demonstrates strong adherence to secure coding practices in several areas, with a high percentage of SQL queries using prepared statements and outputs being properly escaped. The presence of numerous capability checks also indicates an effort to implement role-based access control. However, there are significant concerns, particularly the presence of an unprotected AJAX handler, which represents a direct entry point for unauthenticated attackers. The use of the `unserialize` function is another red flag, as it can lead to Remote Code Execution if fed untrusted data. The plugin's vulnerability history reveals two known medium severity CVEs, both of which are now patched. The common vulnerability type of "Missing Authentication for Critical Function" aligns with the static analysis finding of an unprotected AJAX handler, suggesting a recurring pattern of security oversight in authentication for critical functionalities. While the current patch status is good, the history indicates a need for vigilance in securing entry points. Overall, "booktics" has good foundations in secure coding but requires immediate attention to address unprotected entry points and potentially dangerous function usage.

Key Concerns

  • Unprotected AJAX handler found
  • Use of potentially dangerous unserialize function
  • Total known CVEs in history (though patched)
Vulnerabilities
3 published

Booktics – Booking Calendar for Appointments and Service Businesses Security Vulnerabilities

CVEs by Year

3 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2026-1919medium · 5.3Missing Authentication for Critical Function

Booktics <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints

Mar 9, 2026 Patched in 1.0.17 (1d)
CVE-2026-1920medium · 5.3Missing Authentication for Critical Function

Booktics <= 1.0.16 - Missing Authorization to Addon Plugin Installation

Mar 9, 2026 Patched in 1.0.17 (1d)
CVE-2026-39585medium · 5.3Missing Authorization

Booktics <= 1.0.16 - Missing Authorization

Feb 2, 2026 Patched in 1.0.17 (73d)
Version History

Booktics – Booking Calendar for Appointments and Service Businesses Release Timeline

v1.0.18Current
v1.0.17
v1.0.163 CVEs
CVE-2026-1920 CVE-2026-1919 CVE-2026-39585
v1.0.153 CVEs
CVE-2026-1920 CVE-2026-1919 CVE-2026-39585
v1.0.143 CVEs
CVE-2026-1920 CVE-2026-1919 CVE-2026-39585
v1.0.133 CVEs
CVE-2026-1920 CVE-2026-1919 CVE-2026-39585
v1.0.123 CVEs
CVE-2026-1920 CVE-2026-1919 CVE-2026-39585
v1.0.113 CVEs
CVE-2026-1920 CVE-2026-1919 CVE-2026-39585
v1.0.103 CVEs
CVE-2026-1920 CVE-2026-1919 CVE-2026-39585
v1.0.93 CVEs
CVE-2026-1920 CVE-2026-1919 CVE-2026-39585
v1.0.83 CVEs
CVE-2026-1920 CVE-2026-1919 CVE-2026-39585
v1.0.73 CVEs
CVE-2026-1920 CVE-2026-1919 CVE-2026-39585
v1.0.63 CVEs
CVE-2026-1920 CVE-2026-1919 CVE-2026-39585
v1.0.53 CVEs
CVE-2026-1920 CVE-2026-1919 CVE-2026-39585
v1.0.43 CVEs
CVE-2026-1920 CVE-2026-1919 CVE-2026-39585
v1.0.33 CVEs
CVE-2026-1920 CVE-2026-1919 CVE-2026-39585
v1.0.23 CVEs
CVE-2026-1920 CVE-2026-1919 CVE-2026-39585
v1.0.13 CVEs
CVE-2026-1920 CVE-2026-1919 CVE-2026-39585
v1.0.03 CVEs
CVE-2026-1920 CVE-2026-1919 CVE-2026-39585
Code Analysis
Analyzed Mar 16, 2026

Booktics – Booking Calendar for Appointments and Service Businesses Code Analysis

Dangerous Functions
2
Raw SQL Queries
8
41 prepared
Unescaped Output
4
212 escaped
Nonce Checks
1
Capability Checks
54
File Operations
3
External Requests
12
Bundled Libraries
1

Dangerous Functions Found

unserialize$result = @unserialize( $data );base\abstracts\post-model.php:594
unserializereturn is_string( $data ) && @unserialize( $data ) !== false;base\abstracts\user-model.php:593

Bundled Libraries

Stripe PHP

SQL Query Safety

84% prepared49 total queries

Output Escaping

98% escaped216 total outputs
Attack Surface
1 unprotected

Booktics – Booking Calendar for Appointments and Service Businesses Attack Surface

Entry Points6
Unprotected1

AJAX Handlers 1

authwp_ajax_booktics_stripe_callbackcore\module\stripe-addon\hook\stripe-hook.php:32

REST API Routes 1

GET/wp-json/booktics/v1/dashboardcore\dashboard\controllers\dashboard-controller.php:51

Shortcodes 4

[booktics_booking_form] core\shortcode\booking-shortcode.php:14
[booktics_category_form] core\shortcode\category-shortcode.php:14
[booktics_customer_panel] core\shortcode\customer-shortcode.php:15
[booktics_service_view] core\shortcode\service-shortcode.php:15
WordPress Hooks 35
actionrest_api_initbase\abstracts\base-rest-controller.php:25
actioninitbase\booktics.php:92
actionadmin_initbooktics.php:122
actionadmin_noticesbooktics.php:123
actionbooktics_menucore\admin\menu-permission-hook.php:19
actionadmin_menucore\admin\menu.php:21
filternotification_sdk_email_bodycore\admin\notification.php:19
filterens_bt_available_actionscore\admin\notification.php:42
filterrest_request_after_callbackscore\admin\rest-permission-message.php:21
actionpassword_resetcore\admin\team-member-password-reset.php:23
filterbooktics_appointment_argscore\appointment\appointment-hooks.php:17
actionclear_auth_cookiecore\cart\cart-service-provider.php:31
actionbooktics_category_createdcore\category\category-hooks.php:18
actionbooktics_category_updatedcore\category\category-hooks.php:24
filternotification_sdk_email_bodycore\customer\handlers\customer-event-handler.php:24
actionbooktics_order_createdcore\module\fluentcrm\fluentcrm-service.php:19
actiontemplate_redirectcore\module\google-calendar\Controller\calendar-auth-controller.php:55
filterbooktics_team_member_datacore\module\google-calendar\Controller\calendar-auth-controller.php:58
filterbooktics_appointments_for_calendar_viewcore\module\google-calendar\Controller\calendar-sync-controller.php:64
filterbooktics_appointment_scheduled_notification_flow_datacore\module\google-calendar\Controller\calendar-sync-controller.php:65
filterbooktics_order_created_notification_flow_datacore\module\google-calendar\Controller\calendar-sync-controller.php:66
filterbooktics_booking_calendar_urlscore\module\google-calendar\Controller\calendar-sync-controller.php:67
actionbooktics_after_appointment_createdcore\module\google-calendar\Controller\calendar-sync-controller.php:69
actionbooktics_after_appointment_updatedcore\module\google-calendar\Controller\calendar-sync-controller.php:70
actionbefore_delete_postcore\module\google-calendar\Controller\calendar-sync-controller.php:71
actionbooktics_after_appointment_deletedcore\module\google-calendar\Controller\calendar-sync-controller.php:72
actionbooktics_calendars_registercore\module\google-calendar\Service\calendar.php:646
filterbooktics_payment_methodscore\module\stripe-addon\hook\stripe-hook.php:37
filterbooktics_format_setting_responsecore\module\stripe-addon\hook\stripe-hook.php:43
actionadmin_initcore\onboard\init-onboard.php:22
actionbooktics_order_filterscore\order\order-hooks.php:18
filterbooktics_service_argscore\service\service-hooks.php:17
actionbooktics_service_createdcore\service\service-hooks.php:23
actionbooktics_service_updatedcore\service\service-hooks.php:30
filtertemplate_includecore\service\templates\single-service-template.php:22

Scheduled Events 1

booktics_booking_clear_schedule
Maintenance & Trust

Booktics – Booking Calendar for Appointments and Service Businesses Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 8, 2026
PHP min version7.4
Downloads6K

Community Trust

Rating92/100
Number of ratings7
Active installs600
Alternatives

Booktics – Booking Calendar for Appointments and Service Businesses Alternatives

Online Scheduling and Appointment Booking System – Bookly

Online Scheduling and Appointment Booking System – Bookly

bookly-responsive-appointment-booking-tool

A
88

Appointment booking system for WordPress — schedule appointments, manage calendars, send reminders, take payments. Start booking today!

70K 10 CVEs
Booking calendar, Appointment Booking System

Booking calendar, Appointment Booking System

booking-calendar

C
50

Booking calendar plugin is an awesome tool for creating appointment booking calendars and Scheduling systems in a few minutes.

4K 1 unpatched
Easy Appointment Booking & Scheduling System – Webba Booking Calendar

Easy Appointment Booking & Scheduling System – Webba Booking Calendar

webba-booking-lite

A
95

Free Appointment Booking Plugin 📅 Unlimited appointments, booking management, calendar sync, notifications, 5* support = powerful booking system!

3K 7 CVEs
Timetics – Appointment Booking & Scheduling

Timetics – Appointment Booking & Scheduling

timetics

A
86

Appointment booking and scheduling system with online booking calendar, payments, automated reminders, and calendar sync.

2K 10 CVEs
Easy Booked – Appointment Booking and Scheduling Management System for WordPress

Easy Booked – Appointment Booking and Scheduling Management System for WordPress

easy-booked

A
91

A comprehensive appointment booking calendar and scheduling management system for WordPress.

100 1 CVE
Developer Profile

Booktics – Booking Calendar for Appointments and Service Businesses Developer Profile

Arraytics

10 plugins · 20K total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
27 days
View full developer profile
Detection Fingerprints

How We Detect Booktics – Booking Calendar for Appointments and Service Businesses

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/booktics/assets/css/booktics-frontend.css/wp-content/plugins/booktics/assets/css/booktics-vendor.css/wp-content/plugins/booktics/assets/js/booktics-packages.js/wp-content/plugins/booktics/assets/js/booktics-frontend-scripts.js/wp-content/plugins/booktics/assets/js/booktics-flatpickr-scripts.js

HTML / DOM Fingerprints

CSS Classes
booktics-login-requiredbooktics-login-btnbooktics-booking-formbooktics-category-formbooktics-customer-dashboard
Data Attributes
data-user-id
Shortcode Output
<div id="booktics-booking-form"></div><div id="booktics-category-form"></div><div class="booktics-login-required"><h3>Customer Portal Access</h3><p>Please login to access your booking history.</p><a href="" class="booktics-login-btn">Login</a></div>
FAQ

Frequently Asked Questions about Booktics – Booking Calendar for Appointments and Service Businesses