[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnDS3qysbFgB6Jcjf_qGTGF2KPE14Ogdzsooz_Clz07o":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":254,"crawl_stats":38,"alternatives":261,"analysis":349,"fingerprints":967},"meeting-scheduler-by-vcita","Online Booking & Scheduling Calendar for WordPress by vcita","4.6.0","vcita","https:\u002F\u002Fprofiles.wordpress.org\u002Fvcita\u002F","\u003Cp>\u003Cstrong>vcita is the #1 scheduling software for service based business. Trusted by over 100,000 users worldwide!\u003C\u002Fstrong> vcita’s appointment booking and online scheduling plugin for WordPress offers a self-service scheduling software for online sessions, 1-on-1 appointments, group events and classes.\u003C\u002Fp>\n\u003Ch4>Convert website visitors to paying customers with online bookings:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Take online appointments requests \u003C\u002Fli>\n\u003Cli>Enable online booking and rescheduling \u003C\u002Fli>\n\u003Cli>Offer registration for online sessions, 1:1 appointments, classes and events \u003C\u002Fli>\n\u003Cli>Register for events, sign up for classes \u003C\u002Fli>\n\u003Cli>Pay for services and view their invoices \u002F receipts \u003C\u002Fli>\n\u003Cli>Offer online services via Zoom \u003C\u002Fli>\n\u003Cli>Accept secure online payments \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key booking features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Business calendar for you and your staff \u003C\u002Fli>\n\u003Cli>Unlimited bookings and service list \u003C\u002Fli>\n\u003Cli>All service types: online, 1:1 appointments, classes and events \u003C\u002Fli>\n\u003Cli>Customizable services and grouping into categories \u003C\u002Fli>\n\u003Cli>Customizable business hours & booking preferences \u003C\u002Fli>\n\u003Cli>Business calendar for you and your staff \u003C\u002Fli>\n\u003Cli>Personalized branding and online appearance \u003C\u002Fli>\n\u003Cli>Email & TXT notifications, reminders & follow ups \u003C\u002Fli>\n\u003Cli>Customizable booking form * Staff members roles and permissions management * Adjust to any time zone  \u003C\u002Fli>\n\u003Cli>Sync with Google calendar \u002F iCal \u002F Outlook * Available in 11 languages – EN, EN GB, FR, ES, IT, PT, RU, DE, PL, NL, HE * Advanced analytics and export options \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Who is vcita good for?\u003C\u002Fstrong>\u003Cbr \u002F>\nvcita was designed for service professionals and appointment-based businesses. With vcita, businesses at any size can accept bookings & payments 24\u002F7 and manage their clients, schedule, and team from one centralized dashboard. From beauty Salons to business consultants, therapists and personal trainers, vcita fits any business, anywhere.\u003C\u002Fp>\n\u003Ch4>Why business owners love vcita?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Mobile app: your own office station, perfect for work on-the-go\u003C\u002Fli>\n\u003Cli>Instant availability: clients can self-book and pay 24\u002F7 \u003C\u002Fli>\n\u003Cli>Get paid anywhere: choose between PayPal, Square or Stripe \u003C\u002Fli>\n\u003Cli>No surprises: TXT appointment reminders eliminate no-shows  \u003C\u002Fli>\n\u003Cli>Exceptional client service: safe and secure self-service portal \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FyzGIhxTvtdg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>One app, one power house of advanced features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Take bookings 24\u002F7 \u003C\u002Fli>\n\u003Cli>Accept payments online, offline & on-the-go \u003C\u002Fli>\n\u003Cli>Send TXT & email appointment and payment reminders \u003C\u002Fli>\n\u003Cli>Issue green invoices, receipts & price estimates \u003C\u002Fli>\n\u003Cli>Keep neat client list and history records \u003C\u002Fli>\n\u003Cli>Invite team members to collaborate \u003C\u002Fli>\n\u003Cli>Add lead capturing widgets to your website – Multi contact form, newsletter subscribers, booking & payment widgets \u003C\u002Fli>\n\u003Cli>Offer clients a secure and professional self-service portal \u003C\u002Fli>\n\u003Cli>Send email marketing campaigns and coupons \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Available integrations:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Gmail \u002F iCal \u002F Outlook\u003C\u002Fli>\n\u003Cli>Zoom\u003C\u002Fli>\n\u003Cli>Facebook\u003C\u002Fli>\n\u003Cli>Google My Business\u003C\u002Fli>\n\u003Cli>Reserve with Google \u003C\u002Fli>\n\u003Cli>QuickBooks\u003C\u002Fli>\n\u003Cli>Square \u003C\u002Fli>\n\u003Cli>Stripe\u003C\u002Fli>\n\u003Cli>Zapier \u003C\u002Fli>\n\u003Cli>PayPal \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>We are here 24\u002F7\u002F365\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsupport.vcita.com\u002Fhc\u002Fen-us\" rel=\"nofollow ugc\"> contact us \u003C\u002Fa> \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002Fnewvcitafeatures\" rel=\"nofollow ugc\"> Join Facebook’s user community \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Visit vcita \u003Ca href=\"https:\u002F\u002Fsupport.vcita.com\u002Fhc\u002Fen-us\" rel=\"nofollow ugc\"> help center  \u003C\u002Fa> \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Enjoying vcita? Love us back:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fmeeting-scheduler-by-vcita\u002Freviews\u002F\" rel=\"ugc\"> Rate \u003C\u002Fa>vcita 5 stars \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.vcita.com\u002Fpartners\u002Fsolution-provider\" rel=\"nofollow ugc\"> Join the partners program \u003C\u002Fa> \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Follow vcita\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fvcitainc\" rel=\"nofollow ugc\"> Facebook \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fvcita\u002F\" rel=\"nofollow ugc\"> Linkedin \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.instagram.com\u002Fvcita\u002F\" rel=\"nofollow ugc\"> Instagram \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fchannel\u002FUCncmmt-8OvYswfcV0bDOo0Q\" rel=\"nofollow ugc\"> Youtube \u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>FREE 14 DAYS TRIAL. No credit card needed\u003C\u002Fp>\n","Let clients schedule meetings with you online! No more back & forth emails",1000,440604,78,117,"2025-11-19T08:15:00.000Z","6.7.5","4.6","",[20,21,22,23,24],"booking","calendar","events","meetings","scheduling","https:\u002F\u002Fwww.vcita.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmeeting-scheduler-by-vcita.4.6.0.zip",88,19,0,"2025-11-12 00:00:00","2026-03-15T15:16:48.613Z",[33,48,58,74,87,100,112,125,139,150,163,172,183,192,204,215,225,235,244],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-67472","online-booking-scheduling-calendar-for-wordpress-by-vcita-cross-site-request-forgery-2","Online Booking & Scheduling Calendar for WordPress by vcita \u003C= 4.5.5 - Cross-Site Request Forgery","The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=4.5.5","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-12-11 16:42:58",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Faf6c1d79-b33e-4f5e-a6c6-9827cba5dda6?source=api-prod",30,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":53,"vuln_type":54,"published_date":30,"updated_date":55,"references":56,"days_to_patch":47},"CVE-2025-67559","online-booking-scheduling-calendar-for-wordpress-by-vcita-missing-authorization","Online Booking & Scheduling Calendar for WordPress by vcita \u003C= 4.5.5 - Missing Authorization","The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-12-11 16:47:11",[57],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbf77908d-2469-449b-abab-f8411ee42f65?source=api-prod",{"id":59,"url_slug":60,"title":61,"description":62,"plugin_slug":4,"theme_slug":38,"affected_versions":63,"patched_in_version":64,"severity":65,"cvss_score":66,"cvss_vector":67,"vuln_type":68,"published_date":69,"updated_date":70,"references":71,"days_to_patch":73},"CVE-2025-54677","online-booking-scheduling-calendar-for-wordpress-by-vcita-authenticated-author-arbitrary-file-upload","Online Booking & Scheduling Calendar for WordPress by vcita \u003C= 4.5.3 - Authenticated (Author+) Arbitrary File Upload","The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.5.3. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","\u003C=4.5.3","4.5.5","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2025-08-14 00:00:00","2025-08-18 18:26:19",[72],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F89183a72-5b35-4c11-81d7-0a735ebce884?source=api-prod",5,{"id":75,"url_slug":76,"title":77,"description":78,"plugin_slug":4,"theme_slug":38,"affected_versions":63,"patched_in_version":64,"severity":40,"cvss_score":79,"cvss_vector":80,"vuln_type":81,"published_date":82,"updated_date":83,"references":84,"days_to_patch":86},"CVE-2025-54676","online-booking-scheduling-calendar-for-wordpress-by-vcita-authenticated-contributor-stored-cross-site-scripting","Online Booking & Scheduling Calendar for WordPress by vcita \u003C= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-07-30 00:00:00","2025-08-04 21:01:00",[85],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2970ea7e-bd36-4b43-bc55-bc545efbeb67?source=api-prod",6,{"id":88,"url_slug":89,"title":90,"description":91,"plugin_slug":4,"theme_slug":38,"affected_versions":92,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":93,"vuln_type":94,"published_date":95,"updated_date":96,"references":97,"days_to_patch":99},"CVE-2025-32238","online-booking-scheduling-calendar-for-wordpress-by-vcita-authenticated-subscriber-sensitive-information-exposure","Online Booking & Scheduling Calendar for WordPress by vcita \u003C= 4.5.2 - Authenticated (Subscriber+) Sensitive Information Exposure","The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data.","\u003C=4.5.2","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Exposure of Sensitive Information to an Unauthorized Actor","2025-04-04 00:00:00","2025-11-20 19:48:38",[98],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbca37dc1-64a7-4265-bd38-d58844140336?source=api-prod",231,{"id":101,"url_slug":102,"title":103,"description":104,"plugin_slug":4,"theme_slug":38,"affected_versions":105,"patched_in_version":106,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":107,"updated_date":108,"references":109,"days_to_patch":111},"CVE-2024-54356","online-booking-scheduling-calendar-for-wordpress-by-vcita-cross-site-request-forgery","Online Booking & Scheduling Calendar for WordPress by vcita \u003C= 4.5 - Cross-Site Request Forgery","The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5. This is due to missing or incorrect nonce validation on the vcita_save_settings_callback() function. This makes it possible for unauthenticated attackers to save settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=4.5","4.5.2","2024-12-11 00:00:00","2024-12-19 15:26:01",[110],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F65ae71fc-cc3e-4208-99fe-ce1984515f5a?source=api-prod",9,{"id":113,"url_slug":114,"title":115,"description":116,"plugin_slug":4,"theme_slug":38,"affected_versions":117,"patched_in_version":106,"severity":40,"cvss_score":118,"cvss_vector":119,"vuln_type":81,"published_date":120,"updated_date":121,"references":122,"days_to_patch":124},"CVE-2024-9872","online-booking-scheduling-calendar-for-wordpress-by-vcita-authenticated-subscriber-stored-cross-site-scripting","Online Booking & Scheduling Calendar for WordPress by vcita \u003C= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting","The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_user_data_callback() function in all versions up to, and including, 4.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject malicious web scripts and update settings.","\u003C=4.5.1",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-12-05 00:00:00","2024-12-06 08:24:56",[123],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F963c2d10-692b-4447-8d0b-7ccc2e533f01?source=api-prod",1,{"id":126,"url_slug":127,"title":128,"description":129,"plugin_slug":4,"theme_slug":38,"affected_versions":130,"patched_in_version":131,"severity":40,"cvss_score":132,"cvss_vector":133,"vuln_type":81,"published_date":134,"updated_date":135,"references":136,"days_to_patch":138},"CVE-2024-47638","online-booking-scheduling-calendar-for-wordpress-by-vcita-reflected-cross-site-scripting-2","Online Booking & Scheduling Calendar for WordPress by vcita \u003C= 4.4.6 - Reflected Cross-Site Scripting","The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=4.4.6","4.5",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-09-30 00:00:00","2024-11-25 16:19:59",[137],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd8f7d1c3-50eb-44ef-a832-a0230ff1406f?source=api-prod",57,{"id":140,"url_slug":141,"title":142,"description":143,"plugin_slug":4,"theme_slug":38,"affected_versions":144,"patched_in_version":145,"severity":40,"cvss_score":79,"cvss_vector":80,"vuln_type":81,"published_date":146,"updated_date":147,"references":148,"days_to_patch":38},"CVE-2024-35761","vcita-online-booking-scheduling-calendar-authenticated-contributor-stored-cross-site-scripting","vCita Online Booking & Scheduling Calendar \u003C= 4.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=4.4.0","4.4.1","2024-07-17 00:00:00","2024-07-02 12:50:03",[149],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5e79bdfe-5b91-4459-9e0f-f25859e4d0ce?source=api-prod",{"id":151,"url_slug":152,"title":153,"description":154,"plugin_slug":4,"theme_slug":38,"affected_versions":155,"patched_in_version":156,"severity":65,"cvss_score":66,"cvss_vector":67,"vuln_type":157,"published_date":158,"updated_date":159,"references":160,"days_to_patch":162},"CVE-2024-37499","online-booking-scheduling-calendar-for-wordpress-by-vcita-authenticated-contributor-local-file-inclusion","Online Booking & Scheduling Calendar for WordPress by vcita \u003C= 4.4.2 - Authenticated (Contributor+) Local File Inclusion","The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.","\u003C=4.4.2","4.4.3","Improper Control of Filename for Include\u002FRequire Statement in PHP Program ('PHP Remote File Inclusion')","2024-07-04 00:00:00","2024-07-11 13:18:24",[161],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc648aace-93d9-46c9-bf10-80286c81422c?source=api-prod",8,{"id":164,"url_slug":165,"title":166,"description":167,"plugin_slug":4,"theme_slug":38,"affected_versions":155,"patched_in_version":156,"severity":40,"cvss_score":132,"cvss_vector":133,"vuln_type":81,"published_date":168,"updated_date":169,"references":170,"days_to_patch":86},"CVE-2024-37262","online-booking-scheduling-calendar-for-wordpress-by-vcita-reflected-cross-site-scripting","Online Booking & Scheduling Calendar for WordPress by vcita \u003C= 4.4.2 - Reflected Cross-Site Scripting","The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","2024-06-27 00:00:00","2024-07-02 13:47:30",[171],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F758e035f-5713-4af0-a771-8214c753a9ba?source=api-prod",{"id":173,"url_slug":174,"title":175,"description":176,"plugin_slug":4,"theme_slug":38,"affected_versions":155,"patched_in_version":156,"severity":65,"cvss_score":177,"cvss_vector":178,"vuln_type":81,"published_date":179,"updated_date":180,"references":181,"days_to_patch":124},"CVE-2024-5791","appointment-booking-and-online-scheduling-missing-authorization-to-unauthenticated-stored-cross-site-scripting","Appointment Booking and Online Scheduling \u003C= 4.4.2 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting","The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 due to missing authorization checks on processAction function, as well as insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that will execute whenever a user accesses a wp-admin dashboard.",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-06-21 12:35:46","2024-06-22 02:01:07",[182],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc033171a-d81f-4cae-830b-8bdc4017b85e?source=api-prod",{"id":184,"url_slug":185,"title":186,"description":187,"plugin_slug":4,"theme_slug":38,"affected_versions":155,"patched_in_version":156,"severity":40,"cvss_score":132,"cvss_vector":133,"vuln_type":81,"published_date":188,"updated_date":189,"references":190,"days_to_patch":124},"CVE-2024-5859","appointment-booking-and-online-scheduling-reflected-cross-site-scripting","Appointment Booking and Online Scheduling \u003C= 4.4.2 - Reflected Cross-Site Scripting","The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘d’ parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","2024-06-20 20:02:07","2024-06-21 08:39:46",[191],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa8ea0559-dec7-4c20-956d-dbfe7bc67634?source=api-prod",{"id":193,"url_slug":194,"title":195,"description":196,"plugin_slug":4,"theme_slug":38,"affected_versions":197,"patched_in_version":198,"severity":40,"cvss_score":79,"cvss_vector":80,"vuln_type":81,"published_date":199,"updated_date":200,"references":201,"days_to_patch":203},"CVE-2023-39992","online-booking-scheduling-calendar-for-wordpress-by-vcita-authenticated-contributor-stored-cross-site-scripting-2","Online Booking & Scheduling Calendar for WordPress by vcita \u003C= 4.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=4.3.2","4.3.3","2023-08-10 00:00:00","2024-01-22 19:56:02",[202],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdaeb24e0-7f3f-472f-aee5-be42e374aa52?source=api-prod",166,{"id":205,"url_slug":206,"title":207,"description":208,"plugin_slug":4,"theme_slug":38,"affected_versions":130,"patched_in_version":131,"severity":40,"cvss_score":118,"cvss_vector":209,"vuln_type":54,"published_date":210,"updated_date":211,"references":212,"days_to_patch":214},"CVE-2023-2414","online-booking-scheduling-calendar-for-wordpress-by-vcita-missing-authorization-to-settings-update-and-arbitrary-file-up","Online Booking & Scheduling Calendar for WordPress by vcita \u003C= 4.4.6 - Missing Authorization to Settings Update and Arbitrary File Upload","The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.4.6. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload arbitrary files, and inject malicious JavaScript (before 4.3.2).","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:L","2023-06-02 00:00:00","2024-11-25 16:24:27",[213],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3c99aab5-a995-44ae-bc14-09f73e6b22c5?source=api-prod",543,{"id":216,"url_slug":217,"title":218,"description":219,"plugin_slug":4,"theme_slug":38,"affected_versions":155,"patched_in_version":156,"severity":40,"cvss_score":220,"cvss_vector":221,"vuln_type":54,"published_date":210,"updated_date":222,"references":223,"days_to_patch":214},"CVE-2023-2299","online-booking-scheduling-calendar-for-wordpress-by-vcita-missing-authorization-on-rest-api","Online Booking & Scheduling Calendar for WordPress by vcita \u003C= 4.4.2 - Missing Authorization on REST-API","The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the \u002Fwp-json\u002Fvcita-wordpress\u002Fv1\u002Factions\u002Fauth REST-API endpoint in versions up to, and including, 4.4.2 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin's settings.",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","2024-11-25 16:22:34",[224],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4855627a-de56-49ee-b0b0-01b9735d8557?source=api-prod",{"id":226,"url_slug":227,"title":228,"description":229,"plugin_slug":4,"theme_slug":38,"affected_versions":230,"patched_in_version":231,"severity":40,"cvss_score":118,"cvss_vector":209,"vuln_type":54,"published_date":210,"updated_date":200,"references":232,"days_to_patch":234},"CVE-2023-2415","online-booking-scheduling-calendar-for-wordpress-by-vcita-missing-authorization-to-account-logout","Online Booking & Scheduling Calendar for WordPress by vcita \u003C= 4.2.10 - Missing Authorization to Account Logout","The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler.","\u003C=4.2.10","4.3.0",[233],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F731cbeed-d4aa-448f-878a-8c51a3da4e18?source=api-prod",235,{"id":236,"url_slug":237,"title":238,"description":239,"plugin_slug":4,"theme_slug":38,"affected_versions":240,"patched_in_version":241,"severity":65,"cvss_score":177,"cvss_vector":178,"vuln_type":81,"published_date":210,"updated_date":200,"references":242,"days_to_patch":234},"CVE-2023-2298","online-booking-scheduling-calendar-for-wordpress-by-vcita-unauthenticated-stored-cross-site-scripting","Online Booking & Scheduling Calendar for WordPress by vcita \u003C= 4.3.0 - Unauthenticated Stored Cross-Site Scripting","The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'business_id' parameter in versions up to, and including, 4.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=4.3.0","4.3.1",[243],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7e6a0bf9-4767-4d4c-9a1e-adcb3c7719d9?source=api-prod",{"id":245,"url_slug":246,"title":247,"description":248,"plugin_slug":4,"theme_slug":38,"affected_versions":105,"patched_in_version":106,"severity":40,"cvss_score":118,"cvss_vector":249,"vuln_type":43,"published_date":210,"updated_date":250,"references":251,"days_to_patch":253},"CVE-2023-2416","online-booking-scheduling-calendar-for-wordpress-by-vcita-cross-site-request-forgery-to-account-logout","Online Booking & Scheduling Calendar for WordPress by vcita \u003C= 4.5 - Cross-Site Request Forgery to Account Logout","The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.5. This makes it possible for unauthenticated to logout a vctia connected account which would cause a denial of service on the appointment scheduler, via a forged request granted they can trick a site user into performing an action such as clicking on a link.","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:L","2024-12-05 15:22:55",[252],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff434585c-8533-4788-b0bc-5650390c29a8?source=api-prod",553,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":255,"total_installs":256,"avg_security_score":257,"avg_patch_time_days":258,"trust_score":259,"computed_at":260},3,1200,91,171,73,"2026-04-04T15:01:55.665Z",[262,285,306,322,335],{"slug":263,"name":264,"version":265,"author":266,"author_profile":267,"description":268,"short_description":269,"active_installs":270,"downloaded":271,"rating":272,"num_ratings":273,"last_updated":274,"tested_up_to":275,"requires_at_least":276,"requires_php":277,"tags":278,"homepage":280,"download_link":281,"security_score":282,"vuln_count":28,"unpatched_count":283,"last_vuln_date":284,"fetched_at":31},"latepoint","LatePoint – Calendar Booking Plugin for Appointments and Events","5.2.11","LatePoint","https:\u002F\u002Fprofiles.wordpress.org\u002Flatepoint\u002F","\u003Cp>\u003Cstrong>LatePoint – The Lightweight Appointment Booking Plugin for WordPress\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>★★★★★\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fs5lcrXFWQcw?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Flatepoint.com\u002Fchangelog\u002F?utm_source=wordpressorg&utm_medium=plugin_listing&utm_campaign=free_plugin\" rel=\"nofollow ugc\">What’s New\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwpdocs.latepoint.com\u002F?utm_source=wordpressorg&utm_medium=plugin_listing&utm_campaign=free_plugin\" rel=\"nofollow ugc\">Docs\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=wwQ5EwEln6E&utm_source=wordpressorg&utm_medium=plugin_listing&utm_campaign=free_plugin\" rel=\"nofollow ugc\">Video Tutorial\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwpdocs.latepoint.com\u002Fsupport\u002F?utm_source=wordpressorg&utm_medium=plugin_listing&utm_campaign=free_plugin\" rel=\"nofollow ugc\">Get Help\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>LatePoint is a simple yet lightweight and powerful appointment booking plugin for WordPress. Built for service-based businesses, it helps your customers book appointments in just a few clicks, without the back-and-forth emails or clunky booking systems.\u003C\u002Fp>\n\u003Cp>Whether you’re a coach, salon, consultant, or clinic, if your business runs on bookings, LatePoint makes it easy to manage your schedule, take payments, and let clients book online 24\u002F7.\u003C\u002Fp>\n\u003Cp>Set it up in 10 minutes. Look professional. Automate the boring stuff. Let LatePoint handle the heavy lifting so you can focus on your business.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fapp.zipwp.com\u002Fblueprint\u002Flatepoint-demo-m00?utm_source=wordpressorg&utm_medium=plugin_listing&utm_campaign=free_plugin\" rel=\"nofollow ugc\">Try the Live Demo\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>What You Can Do With LatePoint\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Let customers book appointments online 24\u002F7\u003C\u002Fli>\n\u003Cli>Manage your calendar and availability with ease\u003C\u002Fli>\n\u003Cli>Accept payments with Stripe (Braintree, Flutterwave, MercadoPago, Molie, PayPal, Paystack, RazorPay, Square, Woo, SureCart available in Pro)\u003C\u002Fli>\n\u003Cli>Sync with Google Calendar (Pro)\u003C\u002Fli>\n\u003Cli>Offer in-person or virtual sessions (Zoom\u002FGoogle Meet with Pro)\u003C\u002Fli>\n\u003Cli>Support for multiple staff, services, and locations\u003C\u002Fli>\n\u003Cli>Send automatic confirmations and reminders\u003C\u002Fli>\n\u003Cli>Customize booking forms to collect the info you need\u003C\u002Fli>\n\u003Cli>Provide a customers dashboard to manage bookings (Pro)\u003C\u002Fli>\n\u003Cli>View and control everything from a unified admin dashboard\u003C\u002Fli>\n\u003Cli>Use coupons, addons, and follow-ups to boost engagement (Pro)\u003C\u002Fli>\n\u003Cli>Let customers book multiple appointments at once (Booking Cart – Pro)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpastra.com\u002Freview\u002Flatepoint-review\u002F?utm_source=wordpressorg&utm_medium=plugin_listing&utm_campaign=free_plugin\" rel=\"nofollow ugc\">LatePoint Review: Is It the Right Booking Plugin for Your Service?\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Who Is LatePoint For?\u003C\u002Fh3>\n\u003Cp>LatePoint is trusted by freelancers, studios, agencies, and small business owners across many industries. If your business runs on appointments, LatePoint can save you time and make your life easier.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Salons & Studios\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you run a personal care studio, hair or nail salon, spa, massage therapist or tattoo studio, you’ll know how important it is to avoid no-shows, double-bookings, and awkward payment moments.\u003C\u002Fp>\n\u003Cp>With LatePoint:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customers can book online anytime\u003C\u002Fli>\n\u003Cli>You can send automatic reminders so clients actually show up\u003C\u002Fli>\n\u003Cli>Accept payments upfront or after the session\u003C\u002Fli>\n\u003Cli>Sync your bookings with Google Calendar\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=IWbBoEyXklI&utm_source=wordpressorg&utm_medium=plugin_listing&utm_campaign=free_plugin\" rel=\"nofollow ugc\">▶️ How To Set Up LatePoint for Salons\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Coaches, Consultants & Trainers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you run 1:1 sessions, group coaching, or online workshops, LatePoint keeps your schedule organized and sessions full.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Let clients pick time slots based on availability\u003C\u002Fli>\n\u003Cli>Offer in-person or Zoom sessions\u003C\u002Fli>\n\u003Cli>Sell service packages and recurring appointments\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Clinics, Therapists & Healthcare Pros\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>For medical, wellness, or therapy practices, LatePoint helps you stay professional while giving patients a smooth experience.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Collect patient information with custom fields\u003C\u002Fli>\n\u003Cli>Offer multiple services with different specialists\u003C\u002Fli>\n\u003Cli>Manage multiple staff calendars and locations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Education & Classes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Whether you’re a tutor, language teacher, or run in-person classes, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Let students book 1:1 or group sessions\u003C\u002Fli>\n\u003Cli>Limit bookings to your preferred hours\u003C\u002Fli>\n\u003Cli>Automate reminders and payments\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Local Services & Agencies\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Photographers, cleaners, auto services, repair shops, if your business depends on appointments, LatePoint makes it simple.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Show real-time availability\u003C\u002Fli>\n\u003Cli>Set different schedules by service or team member\u003C\u002Fli>\n\u003Cli>Let clients book 24\u002F7, no calls or emails needed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>What Makes LatePoint Unique?\u003C\u002Fh3>\n\u003Cp>LatePoint isn’t just another booking plugin, it’s designed to solve real-world scheduling problems with a smart, flexible approach.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose-built for service providers:\u003C\u002Fstrong> From solo pros to teams across locations, LatePoint adapts to your business.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Quick to launch, simple to manage:\u003C\u002Fstrong> The built-in onboarding wizard walks you through the entire setup. You’ll go from install to taking bookings in under 10 minutes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mobile-first booking experience:\u003C\u002Fstrong> Clients see clean, intuitive forms that work beautifully on phones, tablets, and desktops. Fewer clicks = fewer drop-offs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automation built-in:\u003C\u002Fstrong> LatePoint handles confirmations, reminders, follow-ups, and payments. Skip the admin and focus on delivering your services.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Affordable, with a forever-free plan:\u003C\u002Fstrong> You won’t get trapped in expensive subscriptions. Start with the free version, and upgrade when you need advanced features.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Native to WordPress:\u003C\u002Fstrong> Built to feel like a natural part of your site, LatePoint works with most popular themes and page builders out of the box.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Install the plugin:\u003C\u002Fstrong> Download LatePoint from the WordPress plugin repository and activate it on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Complete the setup wizard:\u003C\u002Fstrong> Walk through a simple onboarding process to set your timezone, services, staff, and availability.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customize your booking form:\u003C\u002Fstrong> Add custom fields to collect the information you need before a session. Choose which details to make required or optional.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Add booking to your site:\u003C\u002Fstrong> Use a shortcode or LatePoint widget to place the booking interface into any page or post.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Start accepting bookings:\u003C\u002Fstrong> Customers can now see your real-time availability, book appointments, pay (Pro), and receive confirmation emails.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Manage everything in your dashboard:\u003C\u002Fstrong> View and manage appointments, customer information, payments, and notifications directly from your WordPress admin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpdocs.latepoint.com\u002Fgetting-started-with-latepoint\u002F?utm_source=wordpressorg&utm_medium=plugin_listing&utm_campaign=free_plugin\" rel=\"nofollow ugc\">Follow the Step-by-Step Guide\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Features You’ll Love\u003C\u002Fh3>\n\u003Cp>✅ \u003Cstrong>Visual booking form builder\u003C\u002Fstrong> – Customize steps, services, and fields without touching code\u003Cbr \u002F>\n✅ \u003Cstrong>Multi-step appointment scheduling\u003C\u002Fstrong> – Clean, intuitive customer experience\u003Cbr \u002F>\n✅ \u003Cstrong>Multiple services, agents & locations\u003C\u002Fstrong> – Set schedules, prices, and availability per agent or location\u003Cbr \u002F>\n✅ \u003Cstrong>Customer dashboard\u003C\u002Fstrong> – Customers can view and manage bookings, cancel and reschedule\u003Cbr \u002F>\n✅ \u003Cstrong>Admin dashboard\u003C\u002Fstrong> – Full calendar view with filters for appointments, agents, and locations\u003Cbr \u002F>\n✅ \u003Cstrong>Google Calendar sync\u003C\u002Fstrong> – Keep everything up to date across platforms\u003Cbr \u002F>\n✅ \u003Cstrong>Built-in notifications\u003C\u002Fstrong> – Email, SMS, and WhatsApp notifications out of the box\u003Cbr \u002F>\n✅ \u003Cstrong>Online payments\u003C\u002Fstrong> – Connect Stripe or PayPal to accept payments during booking\u003Cbr \u002F>\n✅ \u003Cstrong>Booking cart\u003C\u002Fstrong> – Let customers book multiple appointments at once\u003C\u002Fp>\n\u003Ch3>Want To Unlock More?\u003C\u002Fh3>\n\u003Cp>LatePoint comes with a solid set of features in the free version, perfect if you’re just getting started. But if you’re managing multiple team members, need advanced scheduling logic, or want to offer online payments and video calls, the Pro version gives you that extra power.\u003C\u002Fp>\n\u003Cp>Here’s what you unlock with LatePoint Pro:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add unlimited agents and services\u003C\u002Fli>\n\u003Cli>Accept payments using other methods, such as PayPal\u003C\u002Fli>\n\u003Cli>Zoom and Google Meet integration\u003C\u002Fli>\n\u003Cli>Set up advanced availability rules and service durations\u003C\u002Fli>\n\u003Cli>Send custom reminders and follow-ups\u003C\u002Fli>\n\u003Cli>Support for deposits, coupons, and recurring bookings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdocs.google.com\u002Fspreadsheets\u002Fd\u002F1AcjnUEKGhM0ySAgm7ZKRt-PSqlJ05eZk1JiuL5ToGRs\u002Fedit?usp=sharing\" rel=\"nofollow ugc\">See the Full Free vs Pro Feature Comparison\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Flatepoint.com\u002Fpricing\u002F?utm_source=wordpressorg&utm_medium=plugin_listing&utm_campaign=free_plugin\" rel=\"nofollow ugc\">Check Out LatePoint Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Works With Your Stack\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Works with most Popular WordPress themes (Astra, Kadence, GeneratePress and others)\u003C\u002Fli>\n\u003Cli>Fully compatible with Elementor, Gutenberg, and page builders\u003C\u002Fli>\n\u003Cli>LatePoint is compatible with WooCommerce but doesn’t need it to work\u003C\u002Fli>\n\u003Cli>Extendable with official LatePoint add-ons (Zoom, WhatsApp, Packages, etc.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Blocks\u003C\u002Fh3>\n\u003Cp>This plugin provides 6 blocks.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Customer dashboard:\u003C\u002Fstrong> Adds a customer dashboard for LatePoint\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Booking button:\u003C\u002Fstrong> Adds a booking button\u003C\u002Fli>\n\u003Cli>\u003Cstrong>List of resources:\u003C\u002Fstrong> Adds a list of bookable resources by type\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Booking form:\u003C\u002Fstrong> Adds a LatePoint booking form\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customer login:\u003C\u002Fstrong> Adds a customer login form\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Latepoint calendar:\u003C\u002Fstrong> Adds a calendar of events\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Trusted by 21,000+ Businesses\u003C\u002Fh3>\n\u003Cp>LatePoint has over 1,300 five-star reviews and is trusted by businesses worldwide, including the Nigerian Embassy, fitness chains, and solo freelancers.\u003C\u002Fp>\n\u003Cp>If you want a modern, effortless way to let your customers book online, give LatePoint a try today.\u003C\u002Fp>\n","Optimize your appointment scheduling with our plugin. Sync calendars, automate reminders, and keep your bookings organized.",100000,745803,98,74,"2026-03-10T07:15:00.000Z","6.9.4","6.5","7.4",[279,20,21,22,24],"appointments","https:\u002F\u002Flatepoint.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flatepoint.5.2.11.zip",20,2,"2026-03-23 00:00:00",{"slug":286,"name":287,"version":288,"author":289,"author_profile":290,"description":291,"short_description":292,"active_installs":11,"downloaded":293,"rating":294,"num_ratings":295,"last_updated":296,"tested_up_to":275,"requires_at_least":297,"requires_php":18,"tags":298,"homepage":302,"download_link":303,"security_score":304,"vuln_count":283,"unpatched_count":29,"last_vuln_date":305,"fetched_at":31},"supersaas-appointment-scheduling","SuperSaaS – online appointment scheduling","2.1.15","supersaas","https:\u002F\u002Fprofiles.wordpress.org\u002Fsupersaas\u002F","\u003Cp>SuperSaaS is a flexible online appointment scheduling system that works with many different businesses and is available in over 28 languages. The basic version is free, a paid version is available for large users and commercial use.\u003C\u002Fp>\n\u003Cp>The plugin can automatically log a user into a SuperSaaS schedule using his WordPress username. It passes along the user’s information, creating or updating the user’s information on SuperSaaS as needed. This saves users from having to log in twice.\u003C\u002Fp>\n\u003Ch4>MORE INFORMATION\u003C\u002Fh4>\n\u003Cp>Read the \u003Ca href=\"https:\u002F\u002Fwww.supersaas.com\u002Finfo\u002Fdoc\u002Fintegration\u002Fwordpress_integration\" rel=\"nofollow ugc\">SuperSaaS WordPress Plugin documentation page\u003C\u002Fa> for information about how to install and setup the plugin in WordPress. Visit the \u003Ca href=\"https:\u002F\u002Fwww.supersaas.com\" rel=\"nofollow ugc\">supersaas.com\u003C\u002Fa> website for an overview of all features of the booking system.\u003C\u002Fp>\n\u003Ch3>Languages\u003C\u002Fh3>\n\u003Cp>SuperSaaS is available in over 28 languages. Check out the \u003Ca href=\"https:\u002F\u002Fwww.supersaas.com\" rel=\"nofollow ugc\">SuperSaaS\u003C\u002Fa> website for more information.\u003C\u002Fp>\n","SuperSaaS is a flexible appointment scheduling system that works with many different businesses. The basic version is free.",47508,68,10,"2025-12-03T10:38:00.000Z","2.7",[299,279,300,23,301],"appointment-scheduling","booking-calendar","reservations","http:\u002F\u002Fwww.supersaas.com\u002Ftutorials\u002Fwordpress_appointment_scheduling","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsupersaas-appointment-scheduling.zip",99,"2025-02-10 22:06:43",{"slug":307,"name":308,"version":309,"author":310,"author_profile":311,"description":312,"short_description":313,"active_installs":29,"downloaded":314,"rating":29,"num_ratings":29,"last_updated":315,"tested_up_to":316,"requires_at_least":317,"requires_php":277,"tags":318,"homepage":319,"download_link":320,"security_score":321,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"cal24h","Cal24h","1.2.0","gvadev","https:\u002F\u002Fprofiles.wordpress.org\u002Fgvadev\u002F","\u003Cp>Cal24h is an online booking platform that lets you publish event calendars, appointment forms, and catalogues. This plugin embeds any Cal24h organization or event on your WordPress site with just a shortcode or block, while offering a floating button modal for persistent calls to action.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Highlights\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Gutenberg block with an inspector panel to configure organization, event, language, and appearance.\u003C\u002Fli>\n\u003Cli>Shortcode \u003Ccode>[cal24h]\u003C\u002Fcode> supporting attributes for iframe or floating-button display modes.\u003C\u002Fli>\n\u003Cli>Settings page (\u003Ccode>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Cal24h\u003C\u002Fcode>) to define default values such as organization slug, event slug, language, and colors.\u003C\u002Fli>\n\u003Cli>Theme personalization parameters for the stepper (primary colors, step labels, card backgrounds, stepper background).\u003C\u002Fli>\n\u003Cli>Responsive floating button that opens a customizable modal overlay.\u003C\u002Fli>\n\u003Cli>Ready-to-ship translations and language loading for both editor and front end. Included locales: ar, bn_BD, da_DK, de_DE, el, en_US, es_ES, fa_IR, fi, fr_FR, he_IL, hi_IN, id_ID, it_IT, ja, ko_KR, nb_NO, nl_NL, pa_IN, pt_BR, pt_PT, ru_RU, sv_SE, sw, tr_TR, ur, wo, zh_CN.\u003C\u002Fli>\n\u003Cli>Paste-friendly slugs: you can paste a full Cal24h URL (e.g., \u003Ccode>https:\u002F\u002Fcal24h.com\u002Fintegration\u002Forg\u002Fevent\u003C\u002Fcode>) into settings or shortcode attributes — the plugin extracts the correct organization\u002Fevent automatically.\u003C\u002Fli>\n\u003C\u002Ful>\n","Embed the Cal24h booking experience in WordPress with a shortcode, Gutenberg block, or floating modal.",218,"2026-01-05T01:10:00.000Z","6.8.5","5.8",[279,20,21,22,24],"https:\u002F\u002Fcal24h.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcal24h.1.2.0.zip",100,{"slug":323,"name":324,"version":325,"author":326,"author_profile":327,"description":328,"short_description":329,"active_installs":29,"downloaded":99,"rating":29,"num_ratings":29,"last_updated":18,"tested_up_to":316,"requires_at_least":317,"requires_php":277,"tags":330,"homepage":332,"download_link":333,"security_score":321,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":334},"ehx-events","EHx Events","1.0.0","EH Studio","https:\u002F\u002Fprofiles.wordpress.org\u002Fehstudio\u002F","\u003Cp>A flexible event management plugin with booking, and user role controls. EHx Events makes it easy to manage events, attendees, and memberships through a modern, responsive, and user-friendly interface.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>AJAX Booking System – Seamless, no-refresh form submissions\u003C\u002Fli>\n\u003Cli>Event Calendar – Visual display of upcoming and available dates\u003C\u002Fli>\n\u003Cli>Capacity Control – Limit event attendance with ease\u003C\u002Fli>\n\u003Cli>Role-Based Access – Restrict booking by user role\u003C\u002Fli>\n\u003Cli>Multilingual Support – Fully translatable and WPML-compatible\u003C\u002Fli>\n\u003Cli>Mobile Responsive – Optimized for all screen sizes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin integrates with the following third-party services:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Stripe PHP Library\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Purpose: Server-side payment processing for donations\u003C\u002Fli>\n\u003Cli>Data Sent: Payment tokens, transaction amounts, customer metadata\u003C\u002Fli>\n\u003Cli>When: During donation processing and payment verification\u003C\u002Fli>\n\u003Cli>Links:\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fstripe.com\u002Flegal\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fstripe.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fstripe\u002Fstripe-php\" rel=\"nofollow ugc\">GitHub Repository\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stripe.js v3 (https:\u002F\u002Fjs.stripe.com\u002Fv3)\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Purpose: Securely collects payment information on the frontend via Stripe Elements\u003C\u002Fli>\n\u003Cli>Data Sent: Card details (directly to Stripe), browser metadata\u003C\u002Fli>\n\u003Cli>When: When users interact with the payment form\u003C\u002Fli>\n\u003Cli>Notes: This library is loaded from Stripe’s CDN to ensure PCI compliance and secure client-side processing\u003C\u002Fli>\n\u003Cli>Links:\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.stripe.com\u002Fjs\" rel=\"nofollow ugc\">Stripe.js Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fstripe.com\u002Flegal\u002Fssa\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fstripe.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fstripe\u002Fstripe-php\" rel=\"nofollow ugc\">GitHub Repository\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Maps\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Purpose: Displaying event locations on interactive maps\u003C\u002Fli>\n\u003Cli>Data Sent: Event location addresses\u002Fcoordinates\u003C\u002Fli>\n\u003Cli>When: When event pages containing maps are loaded\u003C\u002Fli>\n\u003Cli>Links:\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcloud.google.com\u002Fmaps-platform\u002Fterms\u002F\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Data Handling\u003C\u002Fh3>\n\u003Cp>All communication with external services is done securely via HTTPS. The plugin implements:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Payment Processing\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Uses the official Stripe PHP library (stripe\u002Fstripe-php) for server-side operations\u003C\u002Fli>\n\u003Cli>Sensitive payment details are processed directly by Stripe’s systems\u003C\u002Fli>\n\u003Cli>Our servers only receive and store payment tokens for transaction verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Security Measures:\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Follows Stripe’s recommended practices for PCI compliance\u003C\u002Fli>\n\u003Cli>All sensitive communication is encrypted and routed through secure endpoints\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Roadmap\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Recurring events support\u003C\u002Fli>\n\u003Cli>Payment gateway integrations (Stripe, PayPal)\u003C\u002Fli>\n\u003Cli>Google Calendar sync\u003C\u002Fli>\n\u003Cli>Waitlist functionality\u003C\u002Fli>\n\u003Cli>QR code check-in system\u003C\u002Fli>\n\u003C\u002Ful>\n","A powerful event booking and management system for WordPress websites.",[331,21,22,301,24],"bookings","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fehx-events","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fehx-events.1.0.0.zip","2026-03-15T10:48:56.248Z",{"slug":336,"name":337,"version":338,"author":339,"author_profile":340,"description":341,"short_description":342,"active_installs":29,"downloaded":343,"rating":321,"num_ratings":124,"last_updated":344,"tested_up_to":275,"requires_at_least":345,"requires_php":277,"tags":346,"homepage":347,"download_link":348,"security_score":321,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"niftybukzee","NiftyBukzee – Calendar Booking Plugin for Appointments and Events","1.0.3","NiftySol","https:\u002F\u002Fprofiles.wordpress.org\u002Fniftysol\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fbukzee.pushnifty.com\u002F\" rel=\"nofollow ugc\">Demo\u003C\u002Fa>  |  \u003Ca href=\"https:\u002F\u002Fbukzee.pushnifty.com\u002Fbukzee-document\u002F\" rel=\"nofollow ugc\">Docs\u003C\u002Fa>  |  \u003Ca href=\"mailto:sales@niftysol.com\" rel=\"nofollow ugc\">Support\u003C\u002Fa>   |  \u003Ca href=\"https:\u002F\u002Fniftysol.com\u002F\" rel=\"nofollow ugc\">Website\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>NiftyBukzee is a smart, user-friendly appointment booking plugin built for service-based businesses. It enables quick 3-step bookings with service providers, supports offline payments, and integrates Google Meet or Zoom for virtual appointments. Designed to help you gain more customers and streamline your operations, NiftyBukzee is perfect for clinics, trainers, stylists, consultants, and other professionals.\u003C\u002Fp>\n\u003Cp>With a built-in dashboard, customizable services, and provider time scheduling, NiftyBukzee helps manage appointments efficiently. Accept payments via Stripe* or PayPal\u003Cem>(\u003C\u002Fem>Coming soon), generate unique appointment IDs, send email confirmations, and more all from your WordPress site.\u003C\u002Fp>\n\u003Cp>Whether you’re a doctor, lawyer, stylist, or coach. NiftyBukzee makes booking fast, simple, and seamless.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features with Details\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Quick 3-Step Booking Process\u003C\u002Fstrong>\u003Cbr \u002F>\nLet your customers book appointments in just three easy steps: choose time, provide details, and confirm.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customizable Services\u003C\u002Fstrong>\u003Cbr \u002F>\nAdd, edit, or remove services and choose from pre-set templates for doctors, trainers, stylists, and lawyers.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service Provider Management\u003C\u002Fstrong>\u003Cbr \u002F>\nManage service providers with individual availability, working hours, and service assignments.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Unique Appointment ID Generation\u003C\u002Fstrong>\u003Cbr \u002F>\nAutomatically assign a unique ID with a customizable prefix for each new booking.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Admin Dashboard & Calendar View\u003C\u002Fstrong>\u003Cbr \u002F>\nGet real-time insights into today’s bookings, cancellations, registered users, and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Email Notifications\u003C\u002Fstrong>\u003Cbr \u002F>\nSend automated appointment confirmation emails with all the booking details.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Mobile-Responsive Design\u003C\u002Fstrong>\u003Cbr \u002F>\nOptimized for mobile and desktop to ensure a smooth experience for all users.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Quick Setup Wizard\u003C\u002Fstrong>\u003Cbr \u002F>\nGet started quickly with an easy-to-follow wizard to guide you through setup.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customizable Frontend with Shortcodes\u003C\u002Fstrong>\u003Cbr \u002F>\nUse shortcodes to embed the booking form anywhere on your WordPress site pages.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Google Meet & Zoom Integration\u003C\u002Fstrong>\u003Cbr \u002F>\nEmbed meeting links in services, which are then shared on confirmation pages and emails.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Multiple Payment Options\u003C\u002Fstrong>\u003Cbr \u002F>\nCurrently supports offline payments; Stripe and PayPal integration coming soon.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Best Suited For\u003C\u002Fstrong>\u003Cbr \u002F>\n* Clinics.\u003Cbr \u002F>\n* Fitness trainers.\u003Cbr \u002F>\n* Stylists & salons.\u003Cbr \u002F>\n* Lawyers & consultants.\u003Cbr \u002F>\n* Coaches and educators.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>To display the appointment booking wizard on the frontend, simply use the following shortcode on any page:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[niftybkz_appointment_booking_shortcode]\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Gain More customers with Quick and Easy 3-step appointment booking with service providers: Calendar, Payments, Google Meet & more.",457,"2025-12-06T05:19:00.000Z","5.6",[279,20,21,22,24],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fniftybukzee\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fniftybukzee.zip",{"attackSurface":350,"codeSignals":432,"taintFlows":933,"riskAssessment":950,"analyzedAt":966},{"hooks":351,"ajaxHandlers":400,"restRoutes":422,"shortcodes":430,"cronEvents":431,"entryPointCount":418,"unprotectedCount":124},[352,358,364,368,372,376,380,384,388,392,396],{"type":353,"name":354,"callback":355,"file":356,"line":357},"filter","show_admin_bar","__return_false","pages\\vcita-add-to-site.php",33,{"type":359,"name":360,"callback":361,"file":362,"line":363},"action","admin_enqueue_scripts","vcita_enqueue_admin_scripts","vcita-scheduler.php",429,{"type":353,"name":365,"callback":366,"priority":295,"file":362,"line":367},"plugin_action_links","wpshd_vcita_add_plugins_actions",528,{"type":359,"name":369,"callback":370,"file":362,"line":371},"current_screen","wpshd_vcita_this_screen",529,{"type":359,"name":373,"callback":374,"file":362,"line":375},"admin_init","wpshd_vcita_check_redirect",530,{"type":359,"name":377,"callback":378,"file":362,"line":379},"admin_menu","wpshd_vcita_admin_actions",531,{"type":359,"name":381,"callback":382,"file":362,"line":383},"wp_head","wpshd_vcita_add_active_engage",532,{"type":359,"name":385,"callback":386,"file":362,"line":387},"admin_notices","vcita_activate_func",534,{"type":359,"name":389,"callback":390,"file":362,"line":391},"admin_footer","vcita_admin_footer_script",535,{"type":359,"name":393,"callback":394,"priority":29,"file":362,"line":395},"plugins_loaded","wpshd_vcita_load_translations",536,{"type":359,"name":397,"callback":398,"file":362,"line":399},"rest_api_init","vcita_set_rest",545,[401,406,410,412,415,419],{"action":402,"nopriv":403,"callback":402,"hasNonce":404,"hasCapCheck":404,"file":405,"line":255},"vcita_dismiss",false,true,"vcita-ajax-function.php",{"action":407,"nopriv":403,"callback":408,"hasNonce":404,"hasCapCheck":404,"file":405,"line":409},"vcita_logout","vcita_logout_callback",4,{"action":411,"nopriv":403,"callback":411,"hasNonce":403,"hasCapCheck":404,"file":405,"line":73},"vcita_check_auth",{"action":413,"nopriv":403,"callback":414,"hasNonce":404,"hasCapCheck":404,"file":405,"line":86},"vcita_save_settings","vcita_save_settings_callback",{"action":416,"nopriv":403,"callback":417,"hasNonce":404,"hasCapCheck":404,"file":405,"line":418},"vcita_save_data","vcita_save_user_data_callback",7,{"action":420,"nopriv":403,"callback":421,"hasNonce":404,"hasCapCheck":404,"file":405,"line":162},"vcita_deactivate_others","vcita_vcita_deactivate_others_callback",[423],{"namespace":424,"route":425,"methods":426,"callback":428,"permissionCallback":38,"file":362,"line":429},"vcita-wordpress\u002Fv1","\u002Factions\u002F(?P\u003Caction>.+)",[427],"GET","vcita_callback",379,[],[],{"dangerousFunctions":433,"sqlUsage":434,"outputEscaping":436,"fileOperations":124,"externalRequests":409,"nonceChecks":86,"capabilityChecks":111,"bundledLibraries":929},[],{"prepared":29,"raw":29,"locations":435},[],{"escaped":437,"rawEcho":438,"locations":439},84,297,[440,443,445,446,448,449,451,453,455,457,459,461,463,465,467,469,471,473,474,476,478,480,482,484,486,488,490,491,493,495,497,499,501,503,505,507,509,511,513,515,517,519,521,523,525,526,528,530,532,534,536,538,540,542,544,546,548,550,553,555,557,559,561,563,565,566,568,569,571,572,573,575,577,579,580,581,583,584,586,588,590,592,594,596,598,599,601,603,605,607,609,612,614,615,617,618,619,621,623,625,627,629,631,632,634,635,637,638,639,640,641,642,643,644,646,648,650,652,653,655,656,658,660,662,663,665,667,669,670,671,673,675,677,679,681,682,684,686,688,690,692,693,695,697,699,701,703,705,707,709,711,713,715,717,720,722,724,726,728,729,730,732,734,736,738,739,741,742,743,745,747,748,750,751,752,753,754,756,758,760,762,763,764,766,767,769,770,772,774,775,776,777,779,780,782,783,785,787,788,789,791,792,793,795,797,798,799,801,802,803,806,807,808,809,810,811,812,813,815,816,818,820,822,823,825,826,827,829,830,831,833,834,835,836,838,839,841,842,843,844,845,847,849,850,851,852,853,854,856,858,859,860,862,863,864,865,866,868,869,870,871,873,875,876,877,879,881,882,884,886,887,888,889,891,892,893,894,895,897,899,900,901,904,906,908,910,912,914,916,918,920,921,922,923,924,926,927],{"file":356,"line":441,"context":442},64,"raw output",{"file":356,"line":444,"context":442},67,{"file":356,"line":294,"context":442},{"file":356,"line":447,"context":442},85,{"file":356,"line":257,"context":442},{"file":356,"line":450,"context":442},95,{"file":356,"line":452,"context":442},97,{"file":356,"line":454,"context":442},103,{"file":356,"line":456,"context":442},105,{"file":356,"line":458,"context":442},108,{"file":356,"line":460,"context":442},120,{"file":356,"line":462,"context":442},121,{"file":356,"line":464,"context":442},130,{"file":356,"line":466,"context":442},146,{"file":356,"line":468,"context":442},158,{"file":356,"line":470,"context":442},159,{"file":356,"line":472,"context":442},164,{"file":356,"line":258,"context":442},{"file":356,"line":475,"context":442},175,{"file":356,"line":477,"context":442},181,{"file":356,"line":479,"context":442},185,{"file":356,"line":481,"context":442},186,{"file":356,"line":483,"context":442},190,{"file":356,"line":485,"context":442},196,{"file":356,"line":487,"context":442},202,{"file":356,"line":489,"context":442},210,{"file":356,"line":314,"context":442},{"file":356,"line":492,"context":442},219,{"file":356,"line":494,"context":442},222,{"file":356,"line":496,"context":442},223,{"file":356,"line":498,"context":442},226,{"file":356,"line":500,"context":442},230,{"file":356,"line":502,"context":442},234,{"file":356,"line":504,"context":442},244,{"file":356,"line":506,"context":442},249,{"file":356,"line":508,"context":442},252,{"file":356,"line":510,"context":442},262,{"file":356,"line":512,"context":442},268,{"file":356,"line":514,"context":442},273,{"file":356,"line":516,"context":442},274,{"file":356,"line":518,"context":442},280,{"file":356,"line":520,"context":442},283,{"file":356,"line":522,"context":442},285,{"file":356,"line":524,"context":442},290,{"file":356,"line":438,"context":442},{"file":356,"line":527,"context":442},303,{"file":356,"line":529,"context":442},308,{"file":356,"line":531,"context":442},309,{"file":356,"line":533,"context":442},315,{"file":356,"line":535,"context":442},318,{"file":356,"line":537,"context":442},322,{"file":356,"line":539,"context":442},331,{"file":356,"line":541,"context":442},333,{"file":356,"line":543,"context":442},342,{"file":356,"line":545,"context":442},345,{"file":356,"line":547,"context":442},354,{"file":356,"line":549,"context":442},357,{"file":551,"line":552,"context":442},"pages\\vcita-custom-impl.php",22,{"file":551,"line":554,"context":442},24,{"file":551,"line":556,"context":442},35,{"file":551,"line":558,"context":442},37,{"file":551,"line":560,"context":442},43,{"file":551,"line":562,"context":442},56,{"file":551,"line":564,"context":442},71,{"file":551,"line":259,"context":442},{"file":551,"line":567,"context":442},79,{"file":551,"line":257,"context":442},{"file":551,"line":570,"context":442},93,{"file":551,"line":454,"context":442},{"file":551,"line":456,"context":442},{"file":551,"line":574,"context":442},107,{"file":551,"line":576,"context":442},109,{"file":551,"line":578,"context":442},116,{"file":551,"line":14,"context":442},{"file":551,"line":14,"context":442},{"file":551,"line":582,"context":442},128,{"file":551,"line":464,"context":442},{"file":551,"line":585,"context":442},137,{"file":551,"line":587,"context":442},138,{"file":551,"line":589,"context":442},145,{"file":551,"line":591,"context":442},150,{"file":551,"line":593,"context":442},155,{"file":551,"line":595,"context":442},160,{"file":551,"line":597,"context":442},165,{"file":551,"line":258,"context":442},{"file":551,"line":600,"context":442},177,{"file":551,"line":602,"context":442},183,{"file":551,"line":604,"context":442},188,{"file":551,"line":606,"context":442},192,{"file":551,"line":608,"context":442},197,{"file":610,"line":611,"context":442},"pages\\vcita-main.php",31,{"file":610,"line":613,"context":442},32,{"file":610,"line":357,"context":442},{"file":610,"line":616,"context":442},34,{"file":610,"line":556,"context":442},{"file":610,"line":558,"context":442},{"file":610,"line":620,"context":442},39,{"file":610,"line":622,"context":442},47,{"file":610,"line":624,"context":442},50,{"file":610,"line":626,"context":442},54,{"file":610,"line":628,"context":442},61,{"file":610,"line":630,"context":442},70,{"file":610,"line":13,"context":442},{"file":610,"line":633,"context":442},80,{"file":610,"line":447,"context":442},{"file":610,"line":636,"context":442},89,{"file":610,"line":257,"context":442},{"file":610,"line":304,"context":442},{"file":610,"line":321,"context":442},{"file":610,"line":458,"context":442},{"file":610,"line":14,"context":442},{"file":610,"line":460,"context":442},{"file":610,"line":582,"context":442},{"file":610,"line":645,"context":442},131,{"file":610,"line":647,"context":442},139,{"file":610,"line":649,"context":442},142,{"file":610,"line":651,"context":442},152,{"file":610,"line":593,"context":442},{"file":610,"line":654,"context":442},163,{"file":610,"line":597,"context":442},{"file":610,"line":657,"context":442},173,{"file":610,"line":659,"context":442},176,{"file":610,"line":661,"context":442},184,{"file":610,"line":481,"context":442},{"file":610,"line":664,"context":442},195,{"file":610,"line":666,"context":442},198,{"file":610,"line":668,"context":442},201,{"file":610,"line":487,"context":442},{"file":610,"line":489,"context":442},{"file":610,"line":672,"context":442},213,{"file":610,"line":674,"context":442},216,{"file":610,"line":676,"context":442},217,{"file":610,"line":678,"context":442},225,{"file":610,"line":680,"context":442},228,{"file":610,"line":99,"context":442},{"file":610,"line":683,"context":442},232,{"file":610,"line":685,"context":442},239,{"file":610,"line":687,"context":442},241,{"file":610,"line":689,"context":442},246,{"file":610,"line":691,"context":442},250,{"file":610,"line":508,"context":442},{"file":610,"line":694,"context":442},259,{"file":610,"line":696,"context":442},261,{"file":610,"line":698,"context":442},263,{"file":610,"line":700,"context":442},275,{"file":610,"line":702,"context":442},277,{"file":610,"line":704,"context":442},279,{"file":610,"line":706,"context":442},281,{"file":610,"line":708,"context":442},292,{"file":610,"line":710,"context":442},294,{"file":610,"line":712,"context":442},299,{"file":610,"line":714,"context":442},376,{"file":610,"line":716,"context":442},377,{"file":718,"line":719,"context":442},"pages\\vcita-premium.php",12,{"file":718,"line":721,"context":442},13,{"file":718,"line":723,"context":442},16,{"file":718,"line":725,"context":442},17,{"file":718,"line":727,"context":442},18,{"file":718,"line":28,"context":442},{"file":718,"line":282,"context":442},{"file":718,"line":731,"context":442},23,{"file":718,"line":733,"context":442},26,{"file":718,"line":735,"context":442},27,{"file":718,"line":737,"context":442},28,{"file":718,"line":357,"context":442},{"file":740,"line":552,"context":442},"pages\\vcita-support.php",{"file":740,"line":554,"context":442},{"file":740,"line":616,"context":442},{"file":740,"line":744,"context":442},36,{"file":740,"line":746,"context":442},41,{"file":740,"line":624,"context":442},{"file":740,"line":749,"context":442},52,{"file":740,"line":138,"context":442},{"file":740,"line":441,"context":442},{"file":740,"line":564,"context":442},{"file":740,"line":273,"context":442},{"file":740,"line":755,"context":442},76,{"file":740,"line":757,"context":442},83,{"file":740,"line":759,"context":442},86,{"file":740,"line":761,"context":442},92,{"file":740,"line":450,"context":442},{"file":740,"line":452,"context":442},{"file":740,"line":765,"context":442},104,{"file":740,"line":574,"context":442},{"file":740,"line":768,"context":442},113,{"file":740,"line":578,"context":442},{"file":740,"line":771,"context":442},118,{"file":740,"line":773,"context":442},125,{"file":740,"line":582,"context":442},{"file":740,"line":464,"context":442},{"file":740,"line":585,"context":442},{"file":740,"line":778,"context":442},140,{"file":740,"line":649,"context":442},{"file":740,"line":781,"context":442},149,{"file":740,"line":651,"context":442},{"file":740,"line":784,"context":442},154,{"file":740,"line":786,"context":442},161,{"file":740,"line":472,"context":442},{"file":740,"line":203,"context":442},{"file":740,"line":790,"context":442},172,{"file":740,"line":657,"context":442},{"file":740,"line":600,"context":442},{"file":740,"line":794,"context":442},179,{"file":796,"line":255,"context":442},"php_assets\\admin_footer.php",{"file":796,"line":86,"context":442},{"file":796,"line":28,"context":442},{"file":796,"line":800,"context":442},25,{"file":796,"line":611,"context":442},{"file":796,"line":558,"context":442},{"file":804,"line":805,"context":442},"php_assets\\admin_header.php",21,{"file":804,"line":554,"context":442},{"file":804,"line":800,"context":442},{"file":804,"line":733,"context":442},{"file":804,"line":735,"context":442},{"file":804,"line":737,"context":442},{"file":804,"line":556,"context":442},{"file":804,"line":558,"context":442},{"file":804,"line":814,"context":442},38,{"file":804,"line":620,"context":442},{"file":804,"line":817,"context":442},42,{"file":804,"line":819,"context":442},49,{"file":804,"line":821,"context":442},51,{"file":804,"line":626,"context":442},{"file":804,"line":824,"context":442},55,{"file":804,"line":562,"context":442},{"file":804,"line":441,"context":442},{"file":804,"line":828,"context":442},66,{"file":804,"line":444,"context":442},{"file":804,"line":294,"context":442},{"file":804,"line":832,"context":442},69,{"file":804,"line":630,"context":442},{"file":804,"line":630,"context":442},{"file":804,"line":564,"context":442},{"file":804,"line":837,"context":442},72,{"file":804,"line":633,"context":442},{"file":804,"line":840,"context":442},82,{"file":804,"line":757,"context":442},{"file":804,"line":437,"context":442},{"file":804,"line":759,"context":442},{"file":804,"line":27,"context":442},{"file":804,"line":846,"context":442},129,{"file":804,"line":848,"context":442},132,{"file":804,"line":470,"context":442},{"file":804,"line":597,"context":442},{"file":804,"line":597,"context":442},{"file":804,"line":794,"context":442},{"file":804,"line":483,"context":442},{"file":855,"line":295,"context":442},"php_assets\\admin_scripts.php",{"file":855,"line":857,"context":442},11,{"file":855,"line":719,"context":442},{"file":855,"line":800,"context":442},{"file":855,"line":861,"context":442},65,{"file":855,"line":861,"context":442},{"file":855,"line":444,"context":442},{"file":855,"line":832,"context":442},{"file":855,"line":832,"context":442},{"file":855,"line":867,"context":442},96,{"file":855,"line":452,"context":442},{"file":855,"line":574,"context":442},{"file":855,"line":578,"context":442},{"file":855,"line":872,"context":442},169,{"file":855,"line":874,"context":442},191,{"file":405,"line":657,"context":442},{"file":405,"line":698,"context":442},{"file":405,"line":878,"context":442},286,{"file":405,"line":880,"context":442},305,{"file":405,"line":541,"context":442},{"file":405,"line":883,"context":442},338,{"file":405,"line":885,"context":442},355,{"file":362,"line":620,"context":442},{"file":362,"line":837,"context":442},{"file":362,"line":464,"context":442},{"file":362,"line":890,"context":442},147,{"file":362,"line":477,"context":442},{"file":362,"line":483,"context":442},{"file":362,"line":874,"context":442},{"file":362,"line":874,"context":442},{"file":362,"line":896,"context":442},193,{"file":362,"line":898,"context":442},209,{"file":362,"line":706,"context":442},{"file":362,"line":543,"context":442},{"file":902,"line":903,"context":442},"vcita-utility-functions.php",504,{"file":902,"line":905,"context":442},540,{"file":902,"line":907,"context":442},542,{"file":902,"line":909,"context":442},547,{"file":902,"line":911,"context":442},552,{"file":902,"line":913,"context":442},557,{"file":902,"line":915,"context":442},560,{"file":917,"line":552,"context":442},"vcita-widgets-functions.php",{"file":917,"line":919,"context":442},45,{"file":917,"line":444,"context":442},{"file":917,"line":837,"context":442},{"file":917,"line":259,"context":442},{"file":917,"line":273,"context":442},{"file":917,"line":925,"context":442},75,{"file":917,"line":755,"context":442},{"file":917,"line":928,"context":442},77,[930],{"name":931,"version":38,"knownCves":932},"Select2",[],[934],{"entryPoint":935,"graph":936,"unsanitizedCount":124,"severity":949},"\u003Cvcita-add-to-site> (pages\\vcita-add-to-site.php:0)",{"nodes":937,"edges":947},[938,942],{"id":939,"type":940,"label":941,"file":356,"line":466},"n0","source","$_SERVER['SERVER_NAME']",{"id":943,"type":944,"label":945,"file":356,"line":466,"wp_function":946},"n1","sink","echo() [XSS]","echo",[948],{"from":939,"to":943,"sanitized":403},"low",{"summary":951,"deductions":952},"The 'meeting-scheduler-by-vcita' plugin version 4.6.0 presents a mixed security posture. While it demonstrates strengths such as 100% SQL query sanitization via prepared statements and a good number of nonce and capability checks, several significant concerns emerge.  The presence of one unprotected REST API route, coupled with a notable 22% of output escaping, suggests potential vulnerabilities. The taint analysis, while limited, did reveal one flow with unsanitized paths, which, although not critical or high severity in this analysis, warrants attention given the plugin's history.",[953,955,957,959,962,964],{"reason":954,"points":162},"1 unprotected REST API route",{"reason":956,"points":86},"22% of outputs properly escaped",{"reason":958,"points":73},"1 flow with unsanitized paths",{"reason":960,"points":961},"19 known CVEs historically",15,{"reason":963,"points":295},"4 high severity historical CVEs",{"reason":965,"points":418},"15 medium severity historical CVEs","2026-03-16T18:47:42.621Z",{"wat":968,"direct":981},{"assetPaths":969,"generatorPatterns":974,"scriptPaths":975,"versionParams":976},[970,971,972,973],"\u002Fwp-content\u002Fplugins\u002Fmeeting-scheduler-by-vcita\u002Fassets\u002Fjs\u002Fpc_v.js","\u002Fwp-content\u002Fplugins\u002Fmeeting-scheduler-by-vcita\u002Fassets\u002Fjs\u002Futils_v.js","\u002Fwp-content\u002Fplugins\u002Fmeeting-scheduler-by-vcita\u002Fassets\u002Fjs\u002Fmixpanel_v.js","\u002Fwp-content\u002Fplugins\u002Fmeeting-scheduler-by-vcita\u002Fassets\u002Fstyle\u002Fstyle_v.css",[],[],[977,978,979,980],"meeting-scheduler-by-vcita\u002Fassets\u002Fjs\u002Fpc_v.js?ver=","meeting-scheduler-by-vcita\u002Fassets\u002Fjs\u002Futils_v.js?ver=","meeting-scheduler-by-vcita\u002Fassets\u002Fjs\u002Fmixpanel_v.js?ver=","meeting-scheduler-by-vcita\u002Fassets\u002Fstyle\u002Fstyle_v.css?ver=",{"cssClasses":982,"htmlComments":988,"htmlAttributes":991,"restEndpoints":996,"jsGlobals":998,"shortcodeOutput":1002},[983,984,985,986,987],"wpschd_admin_notice","wpschd_admin_notice-image","wpschd_admin_notice-text","vcita__btn__blue","wpschd_admin_notice_close",[989,990],"Check if vCita plugin already installed.","This plugin shows your free time slot on your blog and allows you to book appointments with your clients 24x7x365. Very easy Ajax interface. Easy to setup and can be controlled completely from powerful admin area.",[992,993,994,995],"onclick=\"wpshd_ntf_dismiss();this.parentNode.remove()\"","onclick=\"wpshd_ntf_dismiss_switch()\"","onclick=\"wpshd_ntf_connect_click()\"","onclick=\"wpshd_ntf_turn_on_click()\"",[997],"\u002Fwp-json\u002Fvcita\u002Fv1\u002Fappointments",[999,1000,1001],"vcitaSchedulerData","VcitaMixpman","MixpMan",[1003],"[vcita-scheduler]"]