Does Appointment Booking Calendar have any unpatched vulnerabilities?

No. All known vulnerabilities in Appointment Booking Calendar have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Appointment Booking Calendar compatible with WordPress 6.9.4?

According to WordPress.org data, Appointment Booking Calendar 1.2.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Appointment Booking Calendar compatible with PHP 7.4+?

Appointment Booking Calendar requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Appointment Booking Calendar updated?

Appointment Booking Calendar was last updated on Mar 13, 2026. Frequent updates are generally a positive security signal.

What is Appointment Booking Calendar's security score?

Appointment Booking Calendar has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Appointment Booking Calendar Security & Risk Analysis

wordpress.org/plugins/creavi-booking-service

Easy appointment booking system for any service. Create services, manage availability, and accept bookings with a simple booking calendar.

10 active installs v1.2.1 PHP 7.4+ WP 6.0+ Updated Mar 13, 2026

appointmentsbookingbooking-calendarbookingsscheduling

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Appointment Booking Calendar Safe to Use in 2026?

Generally Safe

Score 100/100

Appointment Booking Calendar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 21d ago

Risk Assessment

The Creavi Booking Service plugin version 1.2.1 exhibits a generally good security posture based on the static analysis provided. The plugin demonstrates strong adherence to security best practices by utilizing prepared statements for all SQL queries and implementing nonce and capability checks for all identified entry points, including AJAX handlers and cron events. The absence of dangerous functions and external HTTP requests with potential for injection is also a positive indicator. However, a notable concern arises from the taint analysis, which identified one flow with unsanitized paths. While this did not result in a critical or high severity finding, it represents a potential vector for certain types of vulnerabilities if not properly handled. The plugin's vulnerability history is clean, with no recorded CVEs, which is highly encouraging and suggests a commitment to security by the developers. Despite the single unsanitized path flow, the overall security of this plugin appears robust due to its comprehensive use of security checks and the lack of historical vulnerabilities.

Key Concerns

Flows with unsanitized paths detected
Low percentage of properly escaped output

Vulnerabilities

None known

Appointment Booking Calendar Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Appointment Booking Calendar Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

136

270 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

67% escaped406 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

<cbs-gcal-remote> (includes\cbs-gcal-remote.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Appointment Booking Calendar Attack Surface

Entry Points8

Unprotected0

AJAX Handlers 6

authwp_ajax_creavibc_create_bookingincludes\ajax-handlers.php:410

noprivwp_ajax_creavibc_create_bookingincludes\ajax-handlers.php:411

authwp_ajax_creavibc_get_booked_slotsincludes\ajax-handlers.php:1012

noprivwp_ajax_creavibc_get_booked_slotsincludes\ajax-handlers.php:1013

authwp_ajax_creavibc_save_deactivation_feedbackincludes\deactivation-feedback.php:234

authwp_ajax_cbs_admin_get_busy_slotsincludes\gcal-freebusy.php:234

Shortcodes 2

[creavibc_booking_button] includes\functions.php:14

[creavibc_booking_inline] includes\render-booking-inline.php:14

WordPress Hooks 38

actionplugins_loadedcreavi-booking-service.php:21

actionwp_enqueue_scriptscreavi-booking-service.php:62

actionadmin_menucreavi-booking-service.php:126

actiontransition_post_statusincludes\activation-metrics.php:167

actionadmin_initincludes\activation-redirect.php:9

filterenter_title_hereincludes\admin.php:7

actionedit_form_after_titleincludes\admin.php:19

actionadmin_headincludes\admin.php:66

actionadmin_enqueue_scriptsincludes\admin.php:108

actionedit_form_topincludes\admin.php:287

filterdefault_contentincludes\admin.php:296

actionpost_submitbox_misc_actionsincludes\admin.php:325

actionwp_mail_failedincludes\ajax-handlers.php:274

actionadmin_menuincludes\cbs-gcal-remote.php:135

actionadmin_post_creavibc_gcal_disconnectincludes\cbs-gcal-remote.php:183

actionadmin_post_creavibc_gcal_disconnect_serviceincludes\cbs-gcal-remote.php:258

actionadmin_initincludes\cbs-gcal-remote.php:289

actionadmin_post_creavibc_gcal_selftestincludes\cbs-gcal-remote.php:784

actionadmin_enqueue_scriptsincludes\deactivation-feedback.php:96

actionadmin_footerincludes\deactivation-feedback.php:152

actionwp_footerincludes\functions.php:36

actionwp_enqueue_scriptsincludes\functions.php:236

actionwp_footerincludes\functions.php:265

actionadd_meta_boxesincludes\meta-boxes.php:4

filterget_user_option_meta-box-order_creavibc_serviceincludes\meta-boxes.php:110

actioninitincludes\meta-boxes.php:140

filtermanage_creavibc_service_posts_columnsincludes\meta-boxes.php:1354

actionmanage_creavibc_service_posts_custom_columnincludes\meta-boxes.php:1360

actionadmin_initincludes\placeholders.php:71

actiondeleted_post_metaincludes\placeholders.php:82

actionupdated_post_metaincludes\placeholders.php:100

actionsave_postincludes\placeholders.php:121

actioninitincludes\post-types.php:4

filtercron_schedulesincludes\reminders.php:15

actioninitincludes\reminders.php:26

actioncreavibc_run_remindersincludes\reminders.php:32

actionsave_post_creavibc_serviceincludes\save-service.php:4

actionbefore_delete_postincludes\save-service.php:440

Scheduled Events 1

creavibc_run_reminders

Maintenance & Trust

Appointment Booking Calendar Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version7.4

Downloads2K

Community Trust

Rating100/100

Number of ratings4

Active installs10

Alternatives

Appointment Booking Calendar Alternatives

Booking Ultra Pro Appointments Booking Calendar Plugin

booking-ultra-pro

Powerful Booking Plugin with amazing dashboard to manage all of your appointments & bookings online.

500 1 unpatched

Booking Calendar

booking

Original "Booking Calendar" plugin. Easily manage full-day bookings, time-slot appointments, or events in our all-in-one, outstanding booking system.

50K 28 CVEs

Bookings for WooCommerce – Create Booking Calendar, Start Scheduling, Manage Bookings And Appointments

mwb-bookings-for-woocommerce

100

This WordPress Booking Plugin lets you manage full-day bookings, service appointments, Accept/reject bookings, show booking availability & much more.

4K No CVEs

Easy Appointment Booking & Scheduling System – Webba Booking Calendar

webba-booking-lite

Free Appointment Booking Plugin 📅 Unlimited appointments, booking management, calendar sync, notifications, 5* support = powerful booking system!

3K 7 CVEs

Timetics – Appointment Booking Calendar & Scheduling System

timetics

Appointment booking system for Professionals — schedule, manage calendars, accept payments, send reminders & automate bookings easily.

2K 8 CVEs

Developer Profile

Appointment Booking Calendar Developer Profile

Creavi

2 plugins · 310 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Appointment Booking Calendar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/creavi-booking-service/assets/css/style.css/wp-content/plugins/creavi-booking-service/assets/vendor/flatpickr/flatpickr.min.css/wp-content/plugins/creavi-booking-service/assets/vendor/flatpickr/l10n/fr.js/wp-content/plugins/creavi-booking-service/assets/vendor/flatpickr/l10n/da.js/wp-content/plugins/creavi-booking-service/assets/vendor/luxon/luxon.min.js/wp-content/plugins/creavi-booking-service/assets/vendor/flatpickr/flatpickr.min.js

Script Paths

/wp-content/plugins/creavi-booking-service/assets/vendor/luxon/luxon.min.js/wp-content/plugins/creavi-booking-service/assets/vendor/flatpickr/flatpickr.min.js/wp-content/plugins/creavi-booking-service/assets/vendor/flatpickr/l10n/fr.js/wp-content/plugins/creavi-booking-service/assets/vendor/flatpickr/l10n/da.js

Version Parameters

creavi-booking-service/assets/css/style.css?ver=creavi-booking-service/assets/vendor/flatpickr/flatpickr.min.css?ver=creavi-booking-service/assets/vendor/flatpickr/flatpickr.min.js?ver=creavi-booking-service/assets/vendor/flatpickr/l10n/fr.js?ver=creavi-booking-service/assets/vendor/flatpickr/l10n/da.js?ver=creavi-booking-service/assets/vendor/luxon/luxon.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

creavibc-basics-boxcreavibc-title-hostcreavibc-editor-host

HTML Comments

Data Attributes

id="creavibc_service_title_box"id="creavibc_service_desc_box"id="creavibc-title-host"id="creavibc-editor-host"

FAQ