WP-Safety

Easy Booked – Appointment Booking and Scheduling Management System for WordPress Security & Risk Analysis

wordpress.org/plugins/easy-booked

A comprehensive appointment booking calendar and scheduling management system for WordPress.

100 active installs v2.4.11 PHP 5.6+ WP 4.7+ Updated Mar 30, 2025
appointment-bookingbookingbooking-calendarbooking-systemscheduling
91
A · Safe
CVEs total1
Unpatched0
Last CVEFeb 11, 2025
Plugin page Download
Safety Verdict

Is Easy Booked – Appointment Booking and Scheduling Management System for WordPress Safe to Use in 2026?

Generally Safe

Score 91/100

Easy Booked – Appointment Booking and Scheduling Management System for WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 11, 2025Updated 1yr ago
Risk Assessment

The 'easy-booked' plugin v2.4.11 exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query preparation (93%) and output escaping (91%), a significant concern arises from its large attack surface, with 22 out of 27 entry points lacking authentication checks. This makes many functionalities susceptible to unauthorized access and manipulation.

Taint analysis reveals a notable number of flows with unsanitized paths, with 8 classified as high severity. These flows, combined with the unprotected AJAX handlers, suggest potential for injection vulnerabilities or unauthorized data access. The presence of file operations and external HTTP requests further increases the potential for exploitation if these are not handled securely within the unsanitized paths.

The plugin's vulnerability history, though showing no currently unpatched CVEs, includes a past medium-severity CSRF vulnerability. This pattern indicates a history of security weaknesses, and while the most recent vulnerability is addressed, the overall trend suggests a need for continued vigilance. The strengths in prepared statements and output escaping are commendable, but the significant number of unprotected entry points and high-severity taint flows are major weaknesses that warrant attention and remediation.

Key Concerns

  • High number of unprotected AJAX handlers
  • High severity taint flows (unsanitized paths)
  • Past medium severity CVE history
  • File operations without explicit auth check context
  • External HTTP requests without explicit auth check context
Vulnerabilities
1

Easy Booked – Appointment Booking and Scheduling Management System for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-22634medium · 4.3Cross-Site Request Forgery (CSRF)

Easy Booked – Appointment Booking and Scheduling Management System for WordPress <= 2.4.5 - Cross-Site Request Forgery

Feb 11, 2025 Patched in 2.4.6 (8d)
Code Analysis
Analyzed Mar 16, 2026

Easy Booked – Appointment Booking and Scheduling Management System for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
64 prepared
Unescaped Output
47
490 escaped
Nonce Checks
26
Capability Checks
5
File Operations
1
External Requests
5
Bundled Libraries
2

Bundled Libraries

Select2Guzzle

SQL Query Safety

93% prepared69 total queries

Output Escaping

91% escaped537 total outputs
Data Flows
10 unsanitized

Data Flow Analysis

25 flows10 with unsanitized paths
search_box (includes\Admin\Appointment_List.php:351)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
22 unprotected

Easy Booked – Appointment Booking and Scheduling Management System for WordPress Attack Surface

Entry Points27
Unprotected22

AJAX Handlers 22

authwp_ajax_abs_time_slotsincludes\Admin.php:40
authwp_ajax_abs_load_time_slotsincludes\Admin.php:41
authwp_ajax_abs_time_slots_removeincludes\Admin.php:42
authwp_ajax_abs_time_slots_subincludes\Admin.php:43
authwp_ajax_abs_custom_time_slotsincludes\Admin.php:46
authwp_ajax_abs_load_custom_timeincludes\Admin.php:47
authwp_ajax_abs_custom_time_slots_removeincludes\Admin.php:48
authwp_ajax_abs_custom_time_slots_subincludes\Admin.php:49
authwp_ajax_get_appointmentsincludes\Admin.php:50
authwp_ajax_abs_check_api_connectionincludes\Admin.php:68
authwp_ajax_abs_get_appointmentsincludes\Shortcode.php:30
noprivwp_ajax_abs_get_appointmentsincludes\Shortcode.php:31
authwp_ajax_booked_form_containincludes\Shortcode.php:32
noprivwp_ajax_booked_form_containincludes\Shortcode.php:33
authwp_ajax_abs_booked_appointmentincludes\Shortcode.php:34
noprivwp_ajax_abs_booked_appointmentincludes\Shortcode.php:35
authwp_ajax_book_calendar_loadincludes\Shortcode.php:36
noprivwp_ajax_book_calendar_loadincludes\Shortcode.php:37
noprivwp_ajax_abs_registration_userincludes\Shortcode.php:40
authwp_ajax_abs_registration_userincludes\Shortcode.php:41
authwp_ajax_abs_user_loginincludes\Shortcode.php:42
noprivwp_ajax_abs_user_loginincludes\Shortcode.php:43

Shortcodes 5

[easy-booked] includes\Frontend\Build_Calendar.php:37
[easy-booked-popup] includes\Frontend\PopUp.php:17
[easy-booked-profile] includes\Frontend\Profile.php:19
[easy-booked-registration-form] includes\Frontend\Users_Register.php:19
[easy-booked-login] includes\Frontend\Users_Register.php:20
WordPress Hooks 39
actionplugins_loadedappointment-booking-and-scheduling.php:37
actionplugins_loadedappointment-booking-and-scheduling.php:38
actionregister_plugin_activationappointment-booking-and-scheduling.php:39
actionpersonal_options_updateincludes\Admin\Add_Mata_Fields.php:17
actionedit_user_profile_updateincludes\Admin\Add_Mata_Fields.php:18
filteruser_contactmethodsincludes\Admin\Add_Mata_Fields.php:19
actionabs_email_manageincludes\Admin\Email_Manage.php:17
actionabs_appointment_confirmation_emailincludes\Admin\Email_Manage.php:18
actionabs_appointment_confirmation_emailincludes\Admin\Email_Manage.php:19
actionabs_appointment_approval_emailincludes\Admin\Email_Manage.php:20
actionadmin_menuincludes\Admin\Menu.php:26
filterplugin_action_links_appointment-booking-and-scheduling/appointment-booking-and-scheduling.phpincludes\Admin\Menu.php:27
filterdisplay_post_statesincludes\Admin\Page_Title_Prefix.php:17
actionadmin_post_abs-calendar-deleteincludes\Admin.php:33
actionadmin_post_abs_create_new_calendarincludes\Admin.php:34
actionadmin_post_abs_generalincludes\Admin.php:37
actionadmin_post_abs_settingincludes\Admin.php:53
actionadmin_post_abs_emailincludes\Admin.php:56
actionadmin_post_abs-appointments-approveincludes\Admin.php:59
actionadmin_post_abs-appointments-pendingincludes\Admin.php:60
actionadmin_post_abs-appointments-deleteincludes\Admin.php:61
actionadmin_post_abs-export-csvincludes\Admin.php:64
actionadmin_post_abs_zoomincludes\Admin.php:67
actioninitincludes\Admin.php:73
filtershow_admin_barincludes\Admin.php:75
actionwp_enqueue_scriptsincludes\Assets.php:17
actionadmin_enqueue_scriptsincludes\Assets.php:18
actionadmin_noticesincludes\Assets.php:175
actionelementor/widgets/registerincludes\Elementor_Widget.php:15
filterabs_time_slot_removeincludes\Frontend\Build_Calendar.php:134
filterwoocommerce_account_menu_itemsincludes\Frontend\Wc\Appointment_List_Page.php:17
actioninitincludes\Frontend\Wc\Appointment_List_Page.php:18
actioninitincludes\Frontend\Wc\Appointment_List_Page.php:19
actionwoocommerce_account_appointment-list_endpointincludes\Frontend\Wc\Appointment_List_Page.php:20
filtercron_schedulesincludes\functions.php:210
actionadmin_post_abs_user_profile_editincludes\Shortcode.php:44
actionadmin_post_nopriv_abs_user_profile_editincludes\Shortcode.php:45
actionwoocommerce_order_status_changedincludes\WcPayment_Status.php:17
actionabs_appointment_confirmation_emailincludes\Zoom.php:32

Scheduled Events 1

abs_email_manage
Maintenance & Trust

Easy Booked – Appointment Booking and Scheduling Management System for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 30, 2025
PHP min version5.6
Downloads12K

Community Trust

Rating100/100
Number of ratings3
Active installs100
Alternatives

Easy Booked – Appointment Booking and Scheduling Management System for WordPress Alternatives

Easy Appointment Booking & Scheduling System – Webba Booking Calendar

Easy Appointment Booking & Scheduling System – Webba Booking Calendar

webba-booking-lite

A
95

Free Appointment Booking Plugin 📅 Unlimited appointments, booking management, calendar sync, notifications, 5* support = powerful booking system!

3K 7 CVEs
Online Scheduling and Appointment Booking System – Bookly

Online Scheduling and Appointment Booking System – Bookly

bookly-responsive-appointment-booking-tool

A
93

Appointment booking system for WordPress — schedule appointments, manage calendars, send reminders, take payments. Start booking today!

70K 8 CVEs
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

simply-schedule-appointments

A
88

Unlimited appointments, booking calendars, and notifications. Powerful appointment booking plugin and booking system. Start scheduling for free today!

60K 21 CVEs
Booking calendar, Appointment Booking System

Booking calendar, Appointment Booking System

booking-calendar

B
82

Booking calendar plugin is an awesome tool for creating appointment booking calendars and Scheduling systems in a few minutes.

4K 17 CVEs
Bookings for WooCommerce – Create Booking Calendar, Start Scheduling, Manage Bookings And Appointments

Bookings for WooCommerce – Create Booking Calendar, Start Scheduling, Manage Bookings And Appointments

mwb-bookings-for-woocommerce

A
100

This WordPress Booking Plugin lets you manage full-day bookings, service appointments, Accept/reject bookings, show booking availability & much more.

4K No CVEs
Developer Profile

Easy Booked – Appointment Booking and Scheduling Management System for WordPress Developer Profile

MD Abu Jubayer Hossain

1 plugin · 100 total installs

88
trust score
Avg Security Score
91/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect Easy Booked – Appointment Booking and Scheduling Management System for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-booked/assets/css/all.css/wp-content/plugins/easy-booked/assets/css/front-end.css/wp-content/plugins/easy-booked/assets/css/dashboard.css/wp-content/plugins/easy-booked/assets/css/country-code-selector-public.css/wp-content/plugins/easy-booked/assets/tooltips/tooltipster.main.css/wp-content/plugins/easy-booked/assets/tooltips/themes/tooltipster-light.css/wp-content/plugins/easy-booked/assets/tooltips/tooltipster.main.js/wp-content/plugins/easy-booked/assets/js/country-code-selector-public.js+2 more
Script Paths
/wp-content/plugins/easy-booked/assets/tooltips/tooltipster.main.js/wp-content/plugins/easy-booked/assets/js/country-code-selector-public.js/wp-content/plugins/easy-booked/assets/js/calendar.js/wp-content/plugins/easy-booked/assets/js/frontend.js
Version Parameters
easy-booked/assets/css/all.css?ver=easy-booked/assets/css/front-end.css?ver=easy-booked/assets/css/dashboard.css?ver=easy-booked/assets/css/country-code-selector-public.css?ver=easy-booked/assets/tooltips/tooltipster.main.css?ver=easy-booked/assets/tooltips/themes/tooltipster-light.css?ver=easy-booked/assets/tooltips/tooltipster.main.js?ver=easy-booked/assets/js/country-code-selector-public.js?ver=easy-booked/assets/js/calendar.js?ver=easy-booked/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
abs-calendar-headerabs-daysabs-today-activeabs-time-slots-activeabs-numberabs-bookme-timeslot-buttonab-book-button
Data Attributes
data-abs-plugin-urldata-abs-plugin-images-urldata-abs-ajax-url
JS Globals
abs_data
FAQ

Frequently Asked Questions about Easy Booked – Appointment Booking and Scheduling Management System for WordPress