WP-Safety

Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution Security & Risk Analysis

wordpress.org/plugins/fluent-booking

The ultimate solution for booking appointments, meetings, webinars, events, sales calls, and more.

10K active installs v2.0.05 PHP 7.3+ WP 6.0+ Updated Feb 17, 2026
appointment-bookingappointmentsbookingbooking-system
98
A · Safe
CVEs total2
Unpatched0
Last CVEDec 3, 2025
Plugin page Download
Safety Verdict

Is Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution Safe to Use in 2026?

Generally Safe

Score 98/100

Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 3, 2025Updated 1mo ago
Risk Assessment

The 'fluent-booking' v2.0.05 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices by utilizing prepared statements for 94% of its SQL queries and properly escaping 97% of its output. The absence of dangerous functions and critical or high-severity taint flows is also encouraging. However, a significant concern lies in its attack surface, with 6 out of 13 entry points (AJAX handlers and shortcodes) lacking proper authentication checks. This could allow unauthenticated users to trigger sensitive actions or expose information.

The vulnerability history indicates a past struggle with security, specifically concerning missing authorization, evidenced by two medium-severity CVEs. While there are currently no unpatched vulnerabilities, the recurrence of authorization issues in the past suggests a potential area for ongoing vigilance. The latest vulnerability in 2025 is concerning if this version is actively maintained and this indicates a pattern of historical vulnerabilities that may not be fully addressed in this version or indicate a recurring issue.

In conclusion, while the plugin has made significant strides in adopting secure coding practices like prepared statements and output escaping, the presence of unprotected AJAX handlers and a history of authorization vulnerabilities represent the most significant risks. The large number of unprotected entry points needs to be addressed to mitigate potential exploitation by unauthenticated users. The development team should prioritize a thorough review of authorization mechanisms across all entry points.

Key Concerns

  • Multiple unprotected AJAX handlers
  • Past medium severity CVEs (2)
  • Unprotected entry points in attack surface
Vulnerabilities
2

Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-13756medium · 4.3Missing Authorization

Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management

Dec 3, 2025 Patched in 1.10.0 (1d)
CVE-2025-67597medium · 4.3Missing Authorization

Fluent Booking <= 1.9.11 - Missing Authorization

Nov 25, 2025 Patched in 1.10.0 (17d)
Code Analysis
Analyzed Mar 16, 2026

Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
30 prepared
Unescaped Output
24
730 escaped
Nonce Checks
4
Capability Checks
13
File Operations
8
External Requests
1
Bundled Libraries
0

SQL Query Safety

94% prepared32 total queries

Output Escaping

97% escaped754 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
exportCalendar (app\Hooks\Handlers\DataExporter.php:12)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution Attack Surface

Entry Points13
Unprotected6

AJAX Handlers 8

authwp_ajax_fluent_cal_schedule_meetingapp\Hooks\Handlers\FrontEndHandler.php:37
noprivwp_ajax_fluent_cal_schedule_meetingapp\Hooks\Handlers\FrontEndHandler.php:38
authwp_ajax_fcal_cancel_meetingapp\Hooks\Handlers\FrontEndHandler.php:40
noprivwp_ajax_fcal_cancel_meetingapp\Hooks\Handlers\FrontEndHandler.php:41
authwp_ajax_fluent_cal_get_available_datesapp\Hooks\Handlers\FrontEndHandler.php:43
noprivwp_ajax_fluent_cal_get_available_datesapp\Hooks\Handlers\FrontEndHandler.php:44
authwp_ajax_get_calendar_eventsapp\Services\Integrations\Elementor\ElementorIntegration.php:22
authwp_ajax_get_event_hashapp\Services\Integrations\Elementor\ElementorIntegration.php:24

Shortcodes 5

[fluent_booking] app\Hooks\Handlers\FrontEndHandler.php:27
[fluent_booking_team] app\Hooks\Handlers\FrontEndHandler.php:29
[fluent_booking_calendar] app\Hooks\Handlers\FrontEndHandler.php:31
[fluent_booking_lists] app\Hooks\Handlers\FrontEndHandler.php:33
[fluent_booking_receipt] app\Hooks\Handlers\FrontEndHandler.php:35
WordPress Hooks 106
actioninitapp\Hooks\actions.php:45
actionadmin_menuapp\Hooks\Handlers\AdminMenuHandler.php:17
actionadmin_enqueue_scriptsapp\Hooks\Handlers\AdminMenuHandler.php:19
filteradmin_footer_textapp\Hooks\Handlers\AdminMenuHandler.php:169
filterupdate_footerapp\Hooks\Handlers\AdminMenuHandler.php:175
actionwp_print_scriptsapp\Hooks\Handlers\AdminMenuHandler.php:196
actionwp_print_stylesapp\Hooks\Handlers\AdminMenuHandler.php:238
filteruser_can_richeditapp\Hooks\Handlers\AdminMenuHandler.php:307
actionenqueue_block_editor_assetsapp\Hooks\Handlers\BlockEditorHandler.php:16
actionfluent_booking/before_delete_bookingapp\Hooks\Handlers\CleanupHandlers\BookingCleaner.php:11
actionfluent_booking/before_delete_calendarapp\Hooks\Handlers\CleanupHandlers\CalenderCleaner.php:15
actionfluent_booking/before_delete_calendar_eventapp\Hooks\Handlers\CleanupHandlers\CalenderEventCleaner.php:12
actionfluent_booking/before_delete_orderapp\Hooks\Handlers\CleanupHandlers\OrderCleaner.php:13
actiondelete_userapp\Hooks\Handlers\CleanupHandlers\UserCleaner.php:14
actionfluent_booking/starting_scheduling_ajaxapp\Hooks\Handlers\FrontEndHandler.php:46
filterfluent_booking/schedule_custom_field_dataapp\Hooks\Handlers\FrontEndHandler.php:425
filterfluent_booking/schedule_validation_rules_dataapp\Hooks\Handlers\FrontEndHandler.php:429
actionfluent_booking/before_creating_scheduleapp\Hooks\Handlers\FrontEndHandler.php:445
filterfluent_booking/schedule_receipt_dataapp\Hooks\Handlers\FrontEndHandler.php:524
actionfluent_booking/handle_global_notification_backgroundapp\Hooks\Handlers\GlobalNotificationHandler.php:20
actionfluent_booking/after_booking_scheduledapp\Hooks\Handlers\GlobalNotificationHandler.php:47
actionfluent_booking/booking_schedule_cancelledapp\Hooks\Handlers\GlobalNotificationHandler.php:48
actionfluent_booking/booking_schedule_completedapp\Hooks\Handlers\GlobalNotificationHandler.php:49
actionfluent_booking/booking_schedule_rejectedapp\Hooks\Handlers\GlobalNotificationHandler.php:50
actionfluent_booking/after_booking_rescheduledapp\Hooks\Handlers\GlobalNotificationHandler.php:51
actionfluent_booking/after_booking_scheduledapp\Hooks\Handlers\IntegrationHandlers.php:12
actionfluent_booking/run_booking_integrations_for_scheduledapp\Hooks\Handlers\IntegrationHandlers.php:13
actionfluent_booking/log_booking_noteapp\Hooks\Handlers\LogHandler.php:12
actionfluent_booking/log_booking_activityapp\Hooks\Handlers\LogHandler.php:13
actionfluent_booking/after_booking_scheduledapp\Hooks\Handlers\NotificationHandler.php:13
actionfluent_booking/after_booking_scheduled_asyncapp\Hooks\Handlers\NotificationHandler.php:14
actionfluent_booking/after_booking_pendingapp\Hooks\Handlers\NotificationHandler.php:15
actionfluent_booking/after_booking_pending_asyncapp\Hooks\Handlers\NotificationHandler.php:16
actionfluent_booking/booking_schedule_reminderapp\Hooks\Handlers\NotificationHandler.php:17
actionfluent_booking/after_booking_rescheduledapp\Hooks\Handlers\NotificationHandler.php:18
actionfluent_booking/booking_schedule_cancelledapp\Hooks\Handlers\NotificationHandler.php:19
actionfluent_booking/booking_schedule_rejectedapp\Hooks\Handlers\NotificationHandler.php:20
actionfluent_booking/after_patch_booking_emailapp\Hooks\Handlers\NotificationHandler.php:21
actionfluent_booking/daily_tasksapp\Hooks\Scheduler\DailyScheduler.php:11
actionfluent_booking_five_minutes_tasksapp\Hooks\Scheduler\FiveMinuteScheduler.php:14
filterfluent_booking/global_addonsapp\Http\Controllers\IntegrationManagerController.php:50
filterfluent_booking/global_settings_componentsapp\Http\Controllers\IntegrationManagerController.php:72
filterfluent_booking/global_notification_typesapp\Http\Controllers\IntegrationManagerController.php:81
filterfluent_booking/get_available_form_integrationsapp\Http\Controllers\IntegrationManagerController.php:83
filterfluent_booking/global_notification_active_typesapp\Http\Controllers\IntegrationManagerController.php:99
filterfluent_booking/settings_menu_itemsapp\Services\GlobalModules\GlobalModules.php:13
filterfluent_booking/settings_menu_itemsapp\Services\Integrations\Calendars\BaseCalendar.php:19
filterfluent_booking/remote_calendar_providersapp\Services\Integrations\Calendars\BaseCalendar.php:27
filterfluent_booking/remote_calendar_connection_feedsapp\Services\Integrations\Calendars\BaseCalendar.php:28
filterfluent_booking/remote_booked_eventsapp\Services\Integrations\Calendars\BaseCalendar.php:36
actionelementor/initapp\Services\Integrations\Elementor\ElementorIntegration.php:14
actionelementor/widgets/widgets_registeredapp\Services\Integrations\Elementor\ElementorIntegration.php:16
actionelementor/controls/controls_registeredapp\Services\Integrations\Elementor\ElementorIntegration.php:17
actionelementor/editor/before_enqueue_scriptsapp\Services\Integrations\Elementor\ElementorIntegration.php:19
actionelementor/editor/after_enqueue_scriptsapp\Services\Integrations\Elementor\ElementorIntegration.php:20
filterfluent_booking/public_event_varsapp\Services\Integrations\FluentCart\Bootstrap.php:28
filterfluent_booking/booking_dataapp\Services\Integrations\FluentCart\Bootstrap.php:29
actionfluent_cart/cart/cart_data_items_updatedapp\Services\Integrations\FluentCart\Bootstrap.php:30
actionfluent_cart/receipt/thank_you/after_order_itemsapp\Services\Integrations\FluentCart\Bootstrap.php:32
actionfluent_booking/booking_meta_info_main_meta_cartapp\Services\Integrations\FluentCart\Bootstrap.php:33
actionfluent_cart/cart/line_item/line_metaapp\Services\Integrations\FluentCart\Bootstrap.php:36
actionfluent_booking/cart/booking_order_createdapp\Services\Integrations\FluentCart\Bootstrap.php:38
actionfluent_booking/cart/booking_order_completedapp\Services\Integrations\FluentCart\Bootstrap.php:55
filterfluent_booking/booking_confirmation_responseapp\Services\Integrations\FluentCart\Bootstrap.php:107
actionwp_footerapp\Services\Integrations\FluentCart\Bootstrap.php:342
filterfluent_booking/notifying_async_fluentcrmapp\Services\Integrations\FluentCRM\Bootstrap.php:34
filterfluent_crm_funnel_context_smart_codesapp\Services\Integrations\FluentCRM\CrmSmartCode.php:13
filterfluent_crm/smartcode_group_callback_fcalapp\Services\Integrations\FluentCRM\CrmSmartCode.php:14
filterfluent_crm_asset_listed_slugsapp\Services\Integrations\FluentCRM\FluentCrmInit.php:18
filterfluentcrm_profile_sectionsapp\Services\Integrations\FluentCRM\FluentCrmInit.php:36
filterfluentcrm_get_form_submissions_fluent_bookingapp\Services\Integrations\FluentCRM\FluentCrmInit.php:37
actionfluent_crm/global_appjs_loadedapp\Services\Integrations\FluentCRM\FluentCrmInit.php:46
filterfluentform/response_render_fcal_bookingapp\Services\Integrations\FluentForms\BookingElement.php:37
filterfluentform/select_group_component_ajax_optionsapp\Services\Integrations\FluentForms\BookingElement.php:38
actionfluentform/loading_editor_assetsapp\Services\Integrations\FluentForms\BookingElement.php:40
actionfluentform/validate_input_item_fcal_bookingapp\Services\Integrations\FluentForms\FluentFormInit.php:31
actionfluentform/notify_on_form_submitapp\Services\Integrations\FluentForms\FluentFormInit.php:32
actionfluentform/conversational_questionapp\Services\Integrations\FluentForms\FluentFormInit.php:33
filterfluentform/conversational_field_typesapp\Services\Integrations\FluentForms\FluentFormInit.php:35
filterfluentform/conversational_accepted_field_elementsapp\Services\Integrations\FluentForms\FluentFormInit.php:40
actionfluent_booking/booking_meta_info_main_meta_fluentformapp\Services\Integrations\FluentForms\FluentFormInit.php:45
actioninitapp\Services\Integrations\FluentForms\FluentFormInit.php:50
filterfluentform/insert_response_dataapp\Services\Integrations\FluentForms\FluentFormInit.php:171
actionfluentform/loadedapp\Services\Integrations\integrations.php:11
actionfluentcrm_loadedapp\Services\Integrations\integrations.php:15
actioninitapp\Services\Integrations\integrations.php:18
actionfluent_boards_loadedapp\Services\Integrations\integrations.php:24
actioninitapp\Services\Integrations\integrations.php:25
actionfluentcart_loadedapp\Services\Integrations\integrations.php:30
actioninitapp\Services\Integrations\integrations.php:31
actiontemplate_redirectapp\Services\LandingPage\LandingPageHandler.php:22
actioninitapp\Services\LandingPage\LandingPageHandler.php:26
actionfluent_booking/author_landing_headapp\Services\LandingPage\LandingPageHandler.php:264
filterfluent_booking/public_event_varsapp\Services\LandingPage\LandingPageHandler.php:376
filterfluent_calendar/global_booking_varsapp\Services\LandingPage\LandingPageHandler.php:402
filterfluent_booking/public_event_varsapp\Services\LandingPage\LandingPageHandler.php:412
actionfluent_booking/before_calendar_event_landing_pageapp\Services\LandingPage\LandingPageHandler.php:419
actionfluent_booking/author_landing_headapp\Services\LandingPage\LandingPageHandler.php:429
actionwp_print_stylesapp\Services\LandingPage\LandingPageHandler.php:445
filterwp_handle_upload_prefilterapp\Services\Libs\FileSystem.php:95
filterupload_dirapp\Services\Libs\FileSystem.php:96
filterwp_handle_uploadapp\Services\Libs\FileSystem.php:98
actionplugins_loadedboot\action_scheduler_loader.php:7
actionplugins_loadedboot\action_scheduler_loader.php:10
actionplugins_loadedboot\app.php:24
filterfluent_booking/dashboard_noticesboot\app.php:37
Maintenance & Trust

Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 17, 2026
PHP min version7.3
Downloads164K

Community Trust

Rating94/100
Number of ratings39
Active installs10K
Alternatives

Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution Alternatives

Online Scheduling and Appointment Booking System – Bookly

Online Scheduling and Appointment Booking System – Bookly

bookly-responsive-appointment-booking-tool

A
93

Appointment booking system for WordPress — schedule appointments, manage calendars, send reminders, take payments. Start booking today!

70K 8 CVEs
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

simply-schedule-appointments

A
88

Unlimited appointments, booking calendars, and notifications. Powerful appointment booking plugin and booking system. Start scheduling for free today!

60K 21 CVEs
Bookings for WooCommerce – Create Booking Calendar, Start Scheduling, Manage Bookings And Appointments

Bookings for WooCommerce – Create Booking Calendar, Start Scheduling, Manage Bookings And Appointments

mwb-bookings-for-woocommerce

A
100

This WordPress Booking Plugin lets you manage full-day bookings, service appointments, Accept/reject bookings, show booking availability & much more.

4K No CVEs
Advanced Appointment Booking & Scheduling

Advanced Appointment Booking & Scheduling

advanced-appointment-booking-scheduling

B
78

Advanced Appointment Booking & Scheduling: Effortlessly manage appointments with a simple, user-friendly scheduling system.

3K 1 unpatched
Easy Appointment Booking & Scheduling System – Webba Booking Calendar

Easy Appointment Booking & Scheduling System – Webba Booking Calendar

webba-booking-lite

A
95

Free Appointment Booking Plugin 📅 Unlimited appointments, booking management, calendar sync, notifications, 5* support = powerful booking system!

3K 7 CVEs
Developer Profile

Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution Developer Profile

Shahjahan Jewel

17 plugins · 1.3M total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
113 days
View full developer profile
Detection Fingerprints

How We Detect Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fluent-booking/assets/admin/admin.css/wp-content/plugins/fluent-booking/assets/admin/fluentbooking_admin_rtl.css
Script Paths
/wp-content/plugins/fluent-booking/app/assets/js/index.js
Version Parameters
fluent-booking/assets/admin/admin.css?ver=fluent-booking/assets/admin/fluentbooking_admin_rtl.css?ver=

HTML / DOM Fingerprints

CSS Classes
fluent-booking-admin-menu-wrapper
HTML Comments
Thank you for using <a href="https://fluentbooking.com/">FluentBooking</a>.
Data Attributes
data-timestamp
JS Globals
fluent_booking_admin_app_vars
FAQ

Frequently Asked Questions about Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution