Does Hydra Booking — Appointment Scheduling & Booking Calendar have any unpatched vulnerabilities?

No. All known vulnerabilities in Hydra Booking — Appointment Scheduling & Booking Calendar have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Hydra Booking — Appointment Scheduling & Booking Calendar compatible with WordPress 6.9.4?

According to WordPress.org data, Hydra Booking — Appointment Scheduling & Booking Calendar 1.1.39 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Hydra Booking — Appointment Scheduling & Booking Calendar compatible with PHP 7.4+?

Hydra Booking — Appointment Scheduling & Booking Calendar requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Hydra Booking — Appointment Scheduling & Booking Calendar Security & Risk Analysis

wordpress.org/plugins/hydra-booking

A complete appointment scheduling and booking calendar for WordPress — integrates with WooCommerce, Google Calendar, Zoom, and more.

2K active installs v1.1.39 PHP 7.4+ WP 5.4+ Updated Feb 27, 2026

appointment-bookingappointmentsbookingcalendarscheduling

A · Safe

CVEs total8

Unpatched0

Last CVEJan 21, 2026

Plugin page Download

Safety Verdict

Is Hydra Booking — Appointment Scheduling & Booking Calendar Safe to Use in 2026?

Generally Safe

Score 86/100

Hydra Booking — Appointment Scheduling & Booking Calendar has a strong security track record. Known vulnerabilities have been patched promptly.

8 known CVEsLast CVE: Jan 21, 2026Updated 1mo ago

Risk Assessment

The "hydra-booking" plugin v1.1.40 presents a mixed security posture. While it demonstrates good practices in areas like prepared statement usage for SQL queries (79%) and output escaping (95%), significant concerns remain. The presence of 18 AJAX handlers, with 3 lacking authorization checks, opens a substantial attack surface. Furthermore, the taint analysis revealed one high-severity flow with unsanitized paths, indicating potential for unauthorized data access or modification. The plugin's history of 8 known CVEs, including a past critical and high severity vulnerability, despite no currently unpatched issues, suggests a recurring pattern of security weaknesses. The types of past vulnerabilities, such as Improper Privilege Management and SQL Injection, align with the observed lack of authorization checks and potential for taint flow issues. The last vulnerability in 2026 is also concerning for a plugin of this version.

Key Concerns

AJAX handlers without auth checks
High severity taint flow
Previous critical CVEs
Previous high severity CVEs
Dangerous functions (unserialize)
Unsanitized paths in taint analysis

Vulnerabilities

Hydra Booking — Appointment Scheduling & Booking Calendar Security Vulnerabilities

CVEs by Year

7 CVEs in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

8 total CVEs

CVE-2025-68027critical · 9.8Improper Privilege Management

Hydra Booking <= 1.1.32 - Unauthenticated Privilege Escalation

Jan 21, 2026 Patched in 1.1.33 (8d)

CVE-2025-68055medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Hydra Booking <= 1.1.32 - Authenticated (Custom role+) SQL Injection

Nov 27, 2025 Patched in 1.1.33 (42d)

CVE-2025-12788medium · 5.3Client-Side Enforcement of Server-Side Security

Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Missing Payment Verification to Unauthenticated Payment Bypass

Nov 10, 2025 Patched in 1.1.28 (1d)

CVE-2025-12787medium · 5.3Use of Insufficiently Random Values

Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation

Nov 10, 2025 Patched in 1.1.28 (1d)

CVE-2025-7689high · 8.8Missing Authorization

Hydra Booking 1.1.0 - 1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via tfhb_reset_password_callback Function

Jul 28, 2025 Patched in 1.1.19 (1d)

CVE-2025-49378medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Hydra Booking <= 1.1.10 - Authenticated (Subscriber+) SQL Injection

Jun 12, 2025 Patched in 1.1.11 (140d)

CVE-2025-49377medium · 4.3Missing Authorization

Hydra Booking <= 1.1.9 - Missing Authorization

Jun 12, 2025 Patched in 1.1.10 (146d)

CVE-2025-49323medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Hydra Booking <= 1.1.10 - Authenticated (Contributor+) SQL Injection

Jun 5, 2025 Patched in 1.1.11 (8d)

Code Analysis

Analyzed Mar 16, 2026

Hydra Booking — Appointment Scheduling & Booking Calendar Code Analysis

Dangerous Functions

Raw SQL Queries

119 prepared

Unescaped Output

1105 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$response = unserialize( $this->decrypt( $response['data'] ) );includes\license\HydraBookingBase.php:174

unserializereturn unserialize( $text );includes\license\HydraBookingBase.php:401

unserializereturn unserialize( $this->decrypt( $response, $this->get_domain() ) );includes\license\HydraBookingBase.php:545

unserialize$license_obj = unserialize( $serial_obj );includes\license\HydraBookingBase.php:699

Bundled Libraries

Select2

SQL Query Safety

79% prepared150 total queries

Output Escaping

95% escaped1165 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

GetAccessData (includes\services\Integrations\GoogleCalendar\GoogleCalendar.php:88)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Hydra Booking — Appointment Scheduling & Booking Calendar Attack Surface

Entry Points111

Unprotected3

AJAX Handlers 18

authwp_ajax_tfhb_hydra_manage_pluginadmin\Admin.php:61

authwp_ajax_tfhb_user_registration_licenseadmin\Controller\NoticeController.php:16

authwp_ajax_tfhb_cart_item_licenseadmin\Controller\NoticeController.php:17

authwp_ajax_tf_black_friday_notice_dismiss_callbackadmin\Controller\PromoNotice.php:78

authwp_ajax_tfhb_promo_side_notice_dismiss_callbackadmin\Controller\PromoNotice.php:99

authwp_ajax_tfhb_dashboard_widget_dismissadmin\Controller\PromoNotice.php:114

noprivwp_ajax_tfhb_forgot_passwordapp\FrontendDashboard\FrontendDashboard.php:78

noprivwp_ajax_tfhb_reset_passwordapp\FrontendDashboard\FrontendDashboard.php:81

noprivwp_ajax_tfhb_sign_inapp\FrontendDashboard\Shortcode\Login.php:25

noprivwp_ajax_tfhb_registrationapp\FrontendDashboard\Shortcode\Signup.php:32

noprivwp_ajax_tfhb_already_booked_timesapp\Shortcode\HydraBookingShortcode.php:28

authwp_ajax_tfhb_already_booked_timesapp\Shortcode\HydraBookingShortcode.php:29

noprivwp_ajax_tfhb_meeting_form_submitapp\Shortcode\HydraBookingShortcode.php:32

authwp_ajax_tfhb_meeting_form_submitapp\Shortcode\HydraBookingShortcode.php:33

noprivwp_ajax_tfhb_meeting_form_cencelapp\Shortcode\HydraBookingShortcode.php:36

authwp_ajax_tfhb_meeting_form_cencelapp\Shortcode\HydraBookingShortcode.php:37

noprivwp_ajax_tfhb_meeting_paypal_payment_confirmationapp\Shortcode\HydraBookingShortcode.php:41

authwp_ajax_tfhb_meeting_paypal_payment_confirmationapp\Shortcode\HydraBookingShortcode.php:42

REST API Routes 87

GET/wp-json/hydra-booking/v1/user/authadmin\Controller\AuthController.php:18

POST/wp-json/hydra-booking/v1/booking/listsadmin\Controller\BookingController.php:30

POST/wp-json/hydra-booking/v1/booking/get-availability-datesadmin\Controller\BookingController.php:39

POST/wp-json/hydra-booking/v1/booking/get-availability-time-slotadmin\Controller\BookingController.php:48

POST/wp-json/hydra-booking/v1/booking/re-book-meetingadmin\Controller\BookingController.php:57

POST/wp-json/hydra-booking/v1/booking/createadmin\Controller\BookingController.php:66

POST/wp-json/hydra-booking/v1/booking/deleteadmin\Controller\BookingController.php:75

GET/wp-json/hydra-booking/v1/booking/(?P<id>[0-9]+)admin\Controller\BookingController.php:85

GET/wp-json/hydra-booking/v1/booking/details/(?P<id>[0-9]+)admin\Controller\BookingController.php:95

POST/wp-json/hydra-booking/v1/booking/change-booking-statusadmin\Controller\BookingController.php:105

POST/wp-json/hydra-booking/v1/booking/cancel-booking-attendeeadmin\Controller\BookingController.php:115

POST/wp-json/hydra-booking/v1/booking/updateadmin\Controller\BookingController.php:125

POST/wp-json/hydra-booking/v1/booking/bulk-updateadmin\Controller\BookingController.php:134

POST/wp-json/hydra-booking/v1/booking/send-reminderadmin\Controller\BookingController.php:145

POST/wp-json/hydra-booking/v1/booking/send-attendee-reminderadmin\Controller\BookingController.php:155

POST/wp-json/hydra-booking/v1/booking/change-attendee-statusadmin\Controller\BookingController.php:165

POST/wp-json/hydra-booking/v1/booking/update-internal-noteadmin\Controller\BookingController.php:176

GET/wp-json/hydra-booking/v1/booking/preadmin\Controller\BookingController.php:188

POST/wp-json/hydra-booking/v1/booking/meetingadmin\Controller\BookingController.php:197

POST/wp-json/hydra-booking/v1/booking/availabletimeadmin\Controller\BookingController.php:206

POST/wp-json/hydra-booking/v1/booking/export-asadmin\Controller\BookingController.php:217

GET/wp-json/hydra-booking/v1/booking/filteradmin\Controller\BookingController.php:228

POST/wp-json/hydra-booking/v1/dashboardadmin\Controller\DashboardController.php:26

POST/wp-json/hydra-booking/v1/dashboard/statisticsadmin\Controller\DashboardController.php:36

GET/wp-json/hydra-booking/v1/settings/fd-dashboardadmin\Controller\FrontendDashboard.php:29

POST/wp-json/hydra-booking/v1/settings/fd-dashboard/updateadmin\Controller\FrontendDashboard.php:38

POST/wp-json/hydra-booking/v1/fd-dashboard/user-authadmin\Controller\FrontendDashboard.php:48

POST/wp-json/hydra-booking/v1/fd-dashboard/logoutadmin\Controller\FrontendDashboard.php:58

POST/wp-json/hydra-booking/v1/fd-dashboard/update-profileadmin\Controller\FrontendDashboard.php:69

POST/wp-json/hydra-booking/v1/fd-dashboard/change-passwordadmin\Controller\FrontendDashboard.php:80

GET/wp-json/hydra-booking/v1/hosts/listsadmin\Controller\HostsController.php:31

POST/wp-json/hydra-booking/v1/hosts/createadmin\Controller\HostsController.php:40

POST/wp-json/hydra-booking/v1/hosts/deleteadmin\Controller\HostsController.php:49

POST/wp-json/hydra-booking/v1/hosts/update-statusadmin\Controller\HostsController.php:58

GET/wp-json/hydra-booking/v1/hosts/(?P<id>[0-9]+)admin\Controller\HostsController.php:68

POST/wp-json/hydra-booking/v1/hosts/information/updateadmin\Controller\HostsController.php:77

POST/wp-json/hydra-booking/v1/hosts/availability/updateadmin\Controller\HostsController.php:89

POST/wp-json/hydra-booking/v1/hosts/availabilityadmin\Controller\HostsController.php:99

POST/wp-json/hydra-booking/v1/hosts/availability/singleadmin\Controller\HostsController.php:109

POST/wp-json/hydra-booking/v1/hosts/availability/deleteadmin\Controller\HostsController.php:119

POST/wp-json/hydra-booking/v1/hosts/integrationadmin\Controller\HostsController.php:131

POST/wp-json/hydra-booking/v1/hosts/integration/updateadmin\Controller\HostsController.php:141

GET/wp-json/hydra-booking/v1/hosts/integration/fetchadmin\Controller\HostsController.php:151

GET/wp-json/hydra-booking/v1/hosts/filteradmin\Controller\HostsController.php:161

GET/wp-json/hydra-booking/v1/settings/licenseadmin\Controller\licenseController.php:31

POST/wp-json/hydra-booking/v1/settings/license/updateadmin\Controller\licenseController.php:40

POST/wp-json/hydra-booking/v1/settings/license/deactivateadmin\Controller\licenseController.php:50

GET/wp-json/hydra-booking/v1/meetings/listsadmin\Controller\MeetingController.php:29

POST/wp-json/hydra-booking/v1/meetings/createadmin\Controller\MeetingController.php:38

POST/wp-json/hydra-booking/v1/meetings/deleteadmin\Controller\MeetingController.php:47

GET/wp-json/hydra-booking/v1/meetings/(?P<id>[0-9]+)admin\Controller\MeetingController.php:57

POST/wp-json/hydra-booking/v1/meetings/details/updateadmin\Controller\MeetingController.php:66

POST/wp-json/hydra-booking/v1/meetings/cloneadmin\Controller\MeetingController.php:76

POST/wp-json/hydra-booking/v1/meetings/webhook/updateadmin\Controller\MeetingController.php:86

POST/wp-json/hydra-booking/v1/meetings/webhook/deleteadmin\Controller\MeetingController.php:95

POST/wp-json/hydra-booking/v1/meetings/integration/updateadmin\Controller\MeetingController.php:106

POST/wp-json/hydra-booking/v1/meetings/integration/deleteadmin\Controller\MeetingController.php:115

POST/wp-json/hydra-booking/v1/meetings/integration/fieldsadmin\Controller\MeetingController.php:124

GET/wp-json/hydra-booking/v1/meetings/filteradmin\Controller\MeetingController.php:134

GET/wp-json/hydra-booking/v1/meetings/categoriesadmin\Controller\MeetingController.php:150

POST/wp-json/hydra-booking/v1/meetings/categories/create-updateadmin\Controller\MeetingController.php:159

POST/wp-json/hydra-booking/v1/meetings/categories/deleteadmin\Controller\MeetingController.php:168

GET/wp-json/hydra-booking/v1/meetings/single-host-availability/(?P<id>[0-9]+)admin\Controller\MeetingController.php:179

POST/wp-json/hydra-booking/v1/meetings/question/forms-listadmin\Controller\MeetingController.php:189

GET/wp-json/hydra-booking/v1/meetings/payment/payment-methodadmin\Controller\MeetingController.php:200

GET/wp-json/hydra-booking/v1/notifactionadmin\Controller\Notification.php:17

POST/wp-json/hydra-booking/v1/notifaction/markasreadadmin\Controller\Notification.php:27

GET/wp-json/hydra-booking/v1/settings/generaladmin\Controller\SettingsController.php:33

POST/wp-json/hydra-booking/v1/settings/general/updateadmin\Controller\SettingsController.php:42

GET/wp-json/hydra-booking/v1/settings/availabilityadmin\Controller\SettingsController.php:52

POST/wp-json/hydra-booking/v1/settings/availability/updateadmin\Controller\SettingsController.php:61

POST/wp-json/hydra-booking/v1/settings/availability/deleteadmin\Controller\SettingsController.php:71

GET/wp-json/hydra-booking/v1/settings/availability/(?P<id>[0-9]+)admin\Controller\SettingsController.php:82

POST/wp-json/hydra-booking/v1/settings/availability/mark-as-defaultadmin\Controller\SettingsController.php:92

GET/wp-json/hydra-booking/v1/settings/integrationadmin\Controller\SettingsController.php:103

POST/wp-json/hydra-booking/v1/settings/integration/updateadmin\Controller\SettingsController.php:113

GET/wp-json/hydra-booking/v1/settings/notificationadmin\Controller\SettingsController.php:124

POST/wp-json/hydra-booking/v1/settings/notification/updateadmin\Controller\SettingsController.php:133

GET/wp-json/hydra-booking/v1/settings/hosts-settingsadmin\Controller\SettingsController.php:144

POST/wp-json/hydra-booking/v1/settings/hosts-settings/updateadmin\Controller\SettingsController.php:153

GET/wp-json/hydra-booking/v1/settings/appearance-settingsadmin\Controller\SettingsController.php:164

POST/wp-json/hydra-booking/v1/settings/appearance-settings/updateadmin\Controller\SettingsController.php:173

GET/wp-json/hydra-booking/v1/settings/shortcodeadmin\Controller\SettingsController.php:184

POST/wp-json/hydra-booking/v1/settings/shortcode/previewadmin\Controller\SettingsController.php:193

GET/wp-json/hydra-booking/v1/setup-wizard/fetchadmin\Controller\SetupWizard.php:29

POST/wp-json/hydra-booking/v1/setup-wizard/import-meetingadmin\Controller\SetupWizard.php:39

GET/wp-json/hydra-booking/v1/integration/google-apiincludes\services\Integrations\GoogleCalendar\GoogleCalendar.php:74

Shortcodes 6

[hydra_login_form] app\FrontendDashboard\Shortcode\Login.php:23

[hydra_signup_form] app\FrontendDashboard\Shortcode\Signup.php:29

[hydra_booking] app\Shortcode\HydraBookingShortcode.php:21

[tfhb_meetings] app\Shortcode\ShortcodeBuilder.php:26

[tfhb_hosts] app\Shortcode\ShortcodeBuilder.php:29

[tfhb_categories] app\Shortcode\ShortcodeBuilder.php:32

WordPress Hooks 76

actionadmin_initadmin\Admin.php:51

actionadmin_initadmin\Admin.php:54

actionadmin_footeradmin\Admin.php:58

actionadmin_menuadmin\Controller\AdminMenu.php:22

actionadmin_enqueue_scriptsadmin\Controller\Enqueue.php:25

actionwp_enqueue_scriptsadmin\Controller\Enqueue.php:26

filterscript_loader_tagadmin\Controller\Enqueue.php:27

filtercron_schedulesadmin\Controller\PromoNotice.php:59

actiontfhb_promo__scheduleadmin\Controller\PromoNotice.php:65

actionadmin_noticesadmin\Controller\PromoNotice.php:77

actiontfhb_sidebar_promo_banneradmin\Controller\PromoNotice.php:98

actionadmin_initadmin\Controller\PromoNotice.php:113

actionwp_dashboard_setupadmin\Controller\PromoNotice.php:127

actionrest_api_initadmin\Controller\RouteController.php:44

actiontfhb_after_booking_completed_scheduleadmin\Controller\ScheduleController.php:18

actiontfhb_cart_auto_remover_scheduleadmin\Controller\ScheduleController.php:20

filtercron_schedulesadmin\Controller\ScheduleController.php:25

filtercron_schedulesadmin\Controller\ScheduleController.php:32

filtercron_schedulesadmin\Controller\ScheduleController.php:204

filtercron_schedulesadmin\Controller\ScheduleController.php:213

filterquery_varsapp\App.php:42

filtertemplate_includeapp\App.php:44

actionpre_get_postsapp\App.php:67

filtersingle_templateapp\App.php:68

filterpost_type_linkapp\App.php:70

filtertemplate_includeapp\Content\Archive.php:22

actionwp_enqueue_scriptsapp\Enqueue.php:12

actionenqueue_block_editor_assetsapp\Enqueue.php:13

filtertheme_page_templatesapp\FrontendDashboard\FrontendDashboard.php:53

filterpage_templateapp\FrontendDashboard\FrontendDashboard.php:56

filterdisplay_post_statesapp\FrontendDashboard\FrontendDashboard.php:62

filterquery_varsapp\FrontendDashboard\FrontendDashboard.php:65

filtertemplate_includeapp\FrontendDashboard\FrontendDashboard.php:75

actionadmin_initapp\FrontendDashboard\FrontendDashboard.php:84

actionlogin_redirectapp\FrontendDashboard\FrontendDashboard.php:87

filtershow_admin_barapp\FrontendDashboard\Template\frontend-dashboard.php:11

actionhydra_booking/after_meeting_renderapp\Shortcode\HydraBookingShortcode.php:24

actionhydra_booking/before_meeting_renderapp\Shortcode\HydraBookingShortcode.php:25

actioninithydra-booking.php:47

actioncurrent_screenhydra-booking.php:48

actionplugins_loadedhydra-booking.php:50

actionin_admin_headerhydra-booking.php:100

actionhydra_booking/after_booking_confirmedincludes\hooks\ActionHooks.php:21

actionhydra_booking/after_booking_canceledincludes\hooks\ActionHooks.php:22

actionhydra_booking/after_booking_scheduleincludes\hooks\ActionHooks.php:23

actionprofile_updateincludes\hooks\ActionHooks.php:36

actionwoocommerce_checkout_create_order_line_itemincludes\hooks\ActionHooks.php:46

actionwoocommerce_order_status_changedincludes\hooks\ActionHooks.php:49

actionwoocommerce_checkout_order_processedincludes\hooks\ActionHooks.php:52

actionwoocommerce_thankyouincludes\hooks\ActionHooks.php:54

actionwoocommerce_store_api_checkout_order_processedincludes\hooks\ActionHooks.php:56

actionwoocommerce_cart_loaded_from_sessionincludes\hooks\ActionHooks.php:58

actionwoocommerce_remove_cart_itemincludes\hooks\ActionHooks.php:60

actionhydra_booking/after_booking_confirmedincludes\hooks\BookingLocation.php:13

actionhydra_booking/after_booking_scheduleincludes\hooks\BookingLocation.php:16

filterauthenticateincludes\hooks\FilterHooks.php:12

filterwoocommerce_get_item_dataincludes\hooks\FilterHooks.php:19

filterwoocommerce_prevent_admin_accessincludes\hooks\FilterHooks.php:23

actionhydra_booking/after_booking_confirmedincludes\hooks\MailHooks.php:19

actionhydra_booking/after_booking_pendingincludes\hooks\MailHooks.php:20

actionhydra_booking/after_booking_canceledincludes\hooks\MailHooks.php:21

actionhydra_booking/after_booking_scheduleincludes\hooks\MailHooks.php:22

actionhydra_booking/send_booking_reminderincludes\hooks\MailHooks.php:23

actionhydra_booking/send_booking_with_all_attendees_confirmedincludes\hooks\MailHooks.php:26

actionhydra_booking/send_booking_with_all_attendees_pendingincludes\hooks\MailHooks.php:29

actionhydra_booking/send_booking_with_all_attendees_canceledincludes\hooks\MailHooks.php:32

actionhydra_booking/send_booking_with_all_attendees_scheduleincludes\hooks\MailHooks.php:35

actionadmin_post_hydra-booking_fupcincludes\license\HydraBookingBase.php:47

actioninitincludes\license\HydraBookingBase.php:55

actionhydra_booking/after_booking_completedincludes\services\Integrations\MailChimp\MailChimp.php:8

actionhydra_booking/after_booking_canceledincludes\services\Integrations\MailChimp\MailChimp.php:9

actionhydra_booking/after_booking_confirmedincludes\services\Integrations\MailChimp\MailChimp.php:10

filterhttps_ssl_verifyincludes\services\Integrations\MailChimp\MailChimp.php:200

actionhydra_booking/after_booking_confirmedincludes\services\Integrations\Telegram\Telegram.php:13

actionhydra_booking/after_booking_canceledincludes\services\Integrations\Telegram\Telegram.php:14

actionhydra_booking/after_booking_scheduleincludes\services\Integrations\Telegram\Telegram.php:15

Scheduled Events 5

tfhb_promo__schedule

tfhb_after_booking_completed_schedule

tfhb_cart_auto_remover_schedule

tfhb_after_booking_completed_schedule

tfhb_cart_auto_remover_schedule

Maintenance & Trust

Hydra Booking — Appointment Scheduling & Booking Calendar Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 27, 2026

PHP min version7.4

Downloads35K

Community Trust

Rating86/100

Number of ratings7

Active installs2K

Alternatives

Hydra Booking — Appointment Scheduling & Booking Calendar Alternatives

Easy Appointment Booking & Scheduling System – Webba Booking Calendar

webba-booking-lite

Free Appointment Booking Plugin 📅 Unlimited appointments, booking management, calendar sync, notifications, 5* support = powerful booking system!

3K 7 CVEs

Timetics – Appointment Booking Calendar & Scheduling System

timetics

Appointment booking system for Professionals — schedule, manage calendars, accept payments, send reminders & automate bookings easily.

2K 8 CVEs

Ultimate Appointment Booking & Scheduling

ultimate-appointment-scheduling

100

Appointment booking calendar and scheduling plugin that lets you set up different services, service providers, locations and availability

90 1 CVE

Sugar Calendar Bookings Scheduling Appointments Lite

sugar-calendar-bookings-scheduling-appointments-lite

100

The easiest appointment booking plugin for WordPress. Create booking forms, manage services & schedules, and accept Stripe payments.

10 No CVEs

Talika

talika

Talika is an easy to use free appointment and scheduling plugin suitable for any business niche offering a range of services to their customers.

0 No CVEs

Developer Profile

Hydra Booking — Appointment Scheduling & Booking Calendar Developer Profile

Themefic

11 plugins · 97K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

93 days

View full developer profile

Detection Fingerprints

How We Detect Hydra Booking — Appointment Scheduling & Booking Calendar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hydra-booking/assets/admin/css/tfhb-admin-style.css/wp-content/plugins/hydra-booking/build/assets/tfhb-admin-app.css/wp-content/plugins/hydra-booking/build/assets/tfhb-admin-app-script.js/wp-content/plugins/hydra-booking/assets/app/js/widget.js

Script Paths

/wp-content/plugins/hydra-booking/assets/admin/js/main.js

Version Parameters

hydra-booking/assets/admin/js/main.js?ver=hydra-booking/assets/admin/css/tfhb-admin-style.css?ver=hydra-booking/build/assets/tfhb-admin-app.css?ver=hydra-booking/build/assets/tfhb-admin-app-script.js?ver=hydra-booking/assets/app/js/widget.js?ver=

HTML / DOM Fingerprints

CSS Classes

tfhb-admin-style

Data Attributes

tfhb_core_apps

JS Globals

tfhb_admin_noticetfhb_core_apps

REST Endpoints

/wp-json/hydra-booking/

FAQ

Hydra Booking — Appointment Scheduling & Booking Calendar Security & Risk Analysis

Is Hydra Booking — Appointment Scheduling & Booking Calendar Safe to Use in 2026?

Generally Safe

Key Concerns

Hydra Booking — Appointment Scheduling & Booking Calendar Security Vulnerabilities

CVEs by Year

Severity Breakdown

Hydra Booking — Appointment Scheduling & Booking Calendar Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Hydra Booking — Appointment Scheduling & Booking Calendar Attack Surface

AJAX Handlers 18

REST API Routes 87

Shortcodes 6

Scheduled Events 5

Hydra Booking — Appointment Scheduling & Booking Calendar Maintenance & Trust

Maintenance Signals

Community Trust

Hydra Booking — Appointment Scheduling & Booking Calendar Alternatives

Easy Appointment Booking & Scheduling System – Webba Booking Calendar

Timetics – Appointment Booking Calendar & Scheduling System

Ultimate Appointment Booking & Scheduling

Sugar Calendar Bookings Scheduling Appointments Lite

Talika

Hydra Booking — Appointment Scheduling & Booking Calendar Developer Profile

How We Detect Hydra Booking — Appointment Scheduling & Booking Calendar

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Hydra Booking — Appointment Scheduling & Booking Calendar