Does WPS Bookings for WooCommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WPS Bookings for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, WPS Bookings for WooCommerce 3.11.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WPS Bookings for WooCommerce compatible with PHP 7.4+?

WPS Bookings for WooCommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WPS Bookings for WooCommerce updated?

WPS Bookings for WooCommerce was last updated on Apr 15, 2026. Frequent updates are generally a positive security signal.

What is WPS Bookings for WooCommerce's security score?

WPS Bookings for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPS Bookings for WooCommerce Security & Risk Analysis

wordpress.org/plugins/mwb-bookings-for-woocommerce

This WordPress Booking Plugin lets you manage full-day bookings, service appointments, Accept/reject bookings, show booking availability & much more.

4K active installs v3.11.4 PHP 7.4+ WP 6.7.0+ Updated Apr 15, 2026

appointment-bookingappointmentsbooking-systembookingsscheduling

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WPS Bookings for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

WPS Bookings for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The mwb-bookings-for-woocommerce plugin v3.11.2 exhibits a mixed security posture. While the plugin has no recorded vulnerabilities or CVEs, indicating a potentially good track record, the static analysis reveals significant areas of concern. A substantial portion of the attack surface, specifically 10 out of 14 AJAX handlers, lacks authentication checks. This is a major vulnerability, as unauthenticated users could potentially trigger these actions, leading to unexpected behavior or further exploitation if combined with other weaknesses. Furthermore, the presence of raw SQL queries without prepared statements is a critical security flaw that could lead to SQL injection vulnerabilities. While output escaping is generally well-handled, the lack of robust authentication on AJAX endpoints and the use of raw SQL queries present significant risks that outweigh the positive aspects of its clean vulnerability history and generally good output escaping.

Key Concerns

10 AJAX handlers without auth checks
1 SQL query without prepared statement

Vulnerabilities

None known

WPS Bookings for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WPS Bookings for WooCommerce Release Timeline

v3.11.4Current

v3.11.3

v3.11.2

v3.11.1

v3.11.0

v3.10.2

v3.10.1

v3.10.0

v3.9.0

v3.8.0

v3.7.0

v3.6.0

v3.5.2

v3.5.1

v3.5.0

v3.4.1

v3.4.0

v3.3.3

v3.3.2

v3.3.1

Code Analysis

Analyzed Mar 16, 2026

WPS Bookings for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

802 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTablesSelect2

SQL Query Safety

0% prepared1 total queries

Output Escaping

97% escaped825 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

8 flows2 with unsanitized paths

mbfw_retrieve_booking_total_single_page (common\class-mwb-bookings-for-woocommerce-common.php:543)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

WPS Bookings for WooCommerce Attack Surface

Entry Points16

Unprotected10

AJAX Handlers 14

authwp_ajax_mwb_mbfw_send_onboarding_dataincludes\class-mwb-bookings-for-woocommerce-onboarding-steps.php:124

noprivwp_ajax_mwb_mbfw_send_onboarding_dataincludes\class-mwb-bookings-for-woocommerce-onboarding-steps.php:125

authwp_ajax_mbfw_skip_onboarding_popupincludes\class-mwb-bookings-for-woocommerce-onboarding-steps.php:128

noprivwp_ajax_mbfw_skip_onboarding_popupincludes\class-mwb-bookings-for-woocommerce-onboarding-steps.php:129

authwp_ajax_wps_wpr_ajax_banner_actionincludes\class-mwb-bookings-for-woocommerce-onboarding-steps.php:132

noprivwp_ajax_wps_wpr_ajax_banner_actionincludes\class-mwb-bookings-for-woocommerce-onboarding-steps.php:133

authwp_ajax_mwb_mbfw_get_all_events_dateincludes\class-mwb-bookings-for-woocommerce.php:258

authwp_ajax_mbfw_retrieve_booking_total_single_pageincludes\class-mwb-bookings-for-woocommerce.php:281

noprivwp_ajax_mbfw_retrieve_booking_total_single_pageincludes\class-mwb-bookings-for-woocommerce.php:282

authwp_ajax_bfw_cancelled_booked_orderincludes\class-mwb-bookings-for-woocommerce.php:288

authwp_ajax_mbfw_get_cart_dataincludes\class-mwb-bookings-for-woocommerce.php:290

noprivwp_ajax_mbfw_get_cart_dataincludes\class-mwb-bookings-for-woocommerce.php:291

authwp_ajax_mwb_check_service_max_qtyincludes\class-mwb-bookings-for-woocommerce.php:294

noprivwp_ajax_mwb_check_service_max_qtyincludes\class-mwb-bookings-for-woocommerce.php:295

REST API Routes 1

GET/wp-json/wps-bfw/v1/bookingspackage\rest-api\class-mwb-bookings-for-woocommerce-rest-api.php:72

Shortcodes 1

[bookable_booking_calendar] public\class-mwb-bookings-for-woocommerce-public.php:1402

WordPress Hooks 118

actionadmin_enqueue_scriptsincludes\class-mwb-bookings-for-woocommerce-onboarding-steps.php:115

actionadmin_enqueue_scriptsincludes\class-mwb-bookings-for-woocommerce-onboarding-steps.php:116

actionadmin_footerincludes\class-mwb-bookings-for-woocommerce-onboarding-steps.php:117

actionadmin_footerincludes\class-mwb-bookings-for-woocommerce-onboarding-steps.php:118

filtermwb_mbfw_on_boarding_form_fieldsincludes\class-mwb-bookings-for-woocommerce-onboarding-steps.php:120

filtermwb_mbfw_deactivation_form_fieldsincludes\class-mwb-bookings-for-woocommerce-onboarding-steps.php:121

actionwps_wgm_check_for_notification_updateincludes\class-mwb-bookings-for-woocommerce-onboarding-steps.php:134

actionadmin_initincludes\class-mwb-bookings-for-woocommerce-onboarding-steps.php:135

actionadmin_enqueue_scriptsincludes\class-mwb-bookings-for-woocommerce.php:174

actionadmin_enqueue_scriptsincludes\class-mwb-bookings-for-woocommerce.php:175

actionadmin_menuincludes\class-mwb-bookings-for-woocommerce.php:178

actionadmin_menuincludes\class-mwb-bookings-for-woocommerce.php:179

filterwps_add_plugins_menus_arrayincludes\class-mwb-bookings-for-woocommerce.php:182

filtermbfw_general_settings_arrayincludes\class-mwb-bookings-for-woocommerce.php:183

filtermbfw_booking_form_settings_arrayincludes\class-mwb-bookings-for-woocommerce.php:184

filtermbfw_availability_settings_arrayincludes\class-mwb-bookings-for-woocommerce.php:185

actionmwb_mbfw_settings_saved_noticeincludes\class-mwb-bookings-for-woocommerce.php:188

actioninitincludes\class-mwb-bookings-for-woocommerce.php:189

actionmbfw_developer_admin_hooks_arrayincludes\class-mwb-bookings-for-woocommerce.php:192

actionmbfw_developer_public_hooks_arrayincludes\class-mwb-bookings-for-woocommerce.php:193

actionall_admin_noticesincludes\class-mwb-bookings-for-woocommerce.php:196

actionadmin_footerincludes\class-mwb-bookings-for-woocommerce.php:197

actionparent_fileincludes\class-mwb-bookings-for-woocommerce.php:198

filtersubmenu_fileincludes\class-mwb-bookings-for-woocommerce.php:199

actioninitincludes\class-mwb-bookings-for-woocommerce.php:202

filterproduct_type_selectorincludes\class-mwb-bookings-for-woocommerce.php:205

filterwoocommerce_product_data_tabsincludes\class-mwb-bookings-for-woocommerce.php:206

actionwoocommerce_process_product_metaincludes\class-mwb-bookings-for-woocommerce.php:207

actionwoocommerce_product_data_panelsincludes\class-mwb-bookings-for-woocommerce.php:208

actionmwb_booking_cost_add_form_fieldsincludes\class-mwb-bookings-for-woocommerce.php:210

actionmwb_booking_cost_edit_form_fieldsincludes\class-mwb-bookings-for-woocommerce.php:211

actioncreated_mwb_booking_costincludes\class-mwb-bookings-for-woocommerce.php:212

actionedited_mwb_booking_costincludes\class-mwb-bookings-for-woocommerce.php:213

filtermanage_edit-mwb_booking_cost_columnsincludes\class-mwb-bookings-for-woocommerce.php:214

filtermanage_mwb_booking_cost_custom_columnincludes\class-mwb-bookings-for-woocommerce.php:215

actionmwb_booking_service_add_form_fieldsincludes\class-mwb-bookings-for-woocommerce.php:217

actionmwb_booking_service_edit_form_fieldsincludes\class-mwb-bookings-for-woocommerce.php:218

actioncreated_mwb_booking_serviceincludes\class-mwb-bookings-for-woocommerce.php:219

actionedited_mwb_booking_serviceincludes\class-mwb-bookings-for-woocommerce.php:220

filtermanage_edit-mwb_booking_service_columnsincludes\class-mwb-bookings-for-woocommerce.php:221

filtermanage_mwb_booking_service_custom_columnincludes\class-mwb-bookings-for-woocommerce.php:222

actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-mwb-bookings-for-woocommerce.php:224

actionmanage_shop_order_posts_custom_columnincludes\class-mwb-bookings-for-woocommerce.php:225

actionrestrict_manage_postsincludes\class-mwb-bookings-for-woocommerce.php:227

actionpre_get_postsincludes\class-mwb-bookings-for-woocommerce.php:228

actionwoocommerce_hidden_order_itemmetaincludes\class-mwb-bookings-for-woocommerce.php:229

filterwoocommerce_order_item_display_meta_keyincludes\class-mwb-bookings-for-woocommerce.php:230

actionwoocommerce_before_calculate_totalsincludes\class-mwb-bookings-for-woocommerce.php:231

actionwoocommerce_after_order_itemmetaincludes\class-mwb-bookings-for-woocommerce.php:232

actionadd_meta_boxesincludes\class-mwb-bookings-for-woocommerce.php:234

actionsave_postincludes\class-mwb-bookings-for-woocommerce.php:235

actionsave_post_wps_dynamic_formincludes\class-mwb-bookings-for-woocommerce.php:236

filtermanage_wps_global_booking_posts_columnsincludes\class-mwb-bookings-for-woocommerce.php:238

filterpost_row_actionsincludes\class-mwb-bookings-for-woocommerce.php:240

actionmanage_wps_global_booking_posts_custom_columnincludes\class-mwb-bookings-for-woocommerce.php:242

filterpost_row_actionsincludes\class-mwb-bookings-for-woocommerce.php:244

filterpost_updated_messagesincludes\class-mwb-bookings-for-woocommerce.php:245

actionadmin_headincludes\class-mwb-bookings-for-woocommerce.php:246

filterinitincludes\class-mwb-bookings-for-woocommerce.php:250

filtercron_schedulesincludes\class-mwb-bookings-for-woocommerce.php:252

actionwps_sync_airbnb_calendarsincludes\class-mwb-bookings-for-woocommerce.php:253

filterdefault_titleincludes\class-mwb-bookings-for-woocommerce.php:255

actionwp_enqueue_scriptsincludes\class-mwb-bookings-for-woocommerce.php:269

actionwp_enqueue_scriptsincludes\class-mwb-bookings-for-woocommerce.php:270

actionadmin_enqueue_scriptsincludes\class-mwb-bookings-for-woocommerce.php:271

actionadmin_enqueue_scriptsincludes\class-mwb-bookings-for-woocommerce.php:272

actionplugins_loadedincludes\class-mwb-bookings-for-woocommerce.php:274

actioninitincludes\class-mwb-bookings-for-woocommerce.php:275

actionmwb_booking_cost_pre_add_formincludes\class-mwb-bookings-for-woocommerce.php:277

actionmwb_booking_service_pre_add_formincludes\class-mwb-bookings-for-woocommerce.php:278

actionadmin_bar_menuincludes\class-mwb-bookings-for-woocommerce.php:280

actionwoocommerce_before_calculate_totalsincludes\class-mwb-bookings-for-woocommerce.php:283

actionwoocommerce_new_orderincludes\class-mwb-bookings-for-woocommerce.php:284

actionwoocommerce_thankyouincludes\class-mwb-bookings-for-woocommerce.php:285

actionwoocommerce_order_item_meta_endincludes\class-mwb-bookings-for-woocommerce.php:286

filterwoocommerce_valid_order_statuses_for_order_againincludes\class-mwb-bookings-for-woocommerce.php:287

actionwps_sfw_compatible_points_and_rewardsincludes\class-mwb-bookings-for-woocommerce.php:292

actionwps_sfw_after_renewal_paymentincludes\class-mwb-bookings-for-woocommerce.php:293

actiontemplate_redirectincludes\class-mwb-bookings-for-woocommerce.php:297

actioninitincludes\class-mwb-bookings-for-woocommerce.php:298

filterquery_varsincludes\class-mwb-bookings-for-woocommerce.php:299

filterrequestincludes\class-mwb-bookings-for-woocommerce.php:300

actionwp_enqueue_scriptsincludes\class-mwb-bookings-for-woocommerce.php:313

actionwp_enqueue_scriptsincludes\class-mwb-bookings-for-woocommerce.php:314

filterwoocommerce_product_classincludes\class-mwb-bookings-for-woocommerce.php:316

actionwoocommerce_before_add_to_cart_buttonincludes\class-mwb-bookings-for-woocommerce.php:317

actionmwb_mbfw_booking_services_details_on_formincludes\class-mwb-bookings-for-woocommerce.php:318

actionmwb_mbfw_number_of_people_while_booking_on_formincludes\class-mwb-bookings-for-woocommerce.php:319

filterwoocommerce_add_cart_item_dataincludes\class-mwb-bookings-for-woocommerce.php:320

filterwoocommerce_get_item_dataincludes\class-mwb-bookings-for-woocommerce.php:321

actionwoocommerce_mwb_booking_add_to_cartincludes\class-mwb-bookings-for-woocommerce.php:322

actionwoocommerce_loop_add_to_cart_linkincludes\class-mwb-bookings-for-woocommerce.php:323

actionwoocommerce_checkout_create_order_line_itemincludes\class-mwb-bookings-for-woocommerce.php:324

actionmwb_mbfw_add_calender_or_time_selector_for_bookingincludes\class-mwb-bookings-for-woocommerce.php:325

filterwoocommerce_quantity_input_argsincludes\class-mwb-bookings-for-woocommerce.php:326

actionmwb_booking_before_add_to_cart_buttonincludes\class-mwb-bookings-for-woocommerce.php:327

actioninitincludes\class-mwb-bookings-for-woocommerce.php:328

actionquery_varsincludes\class-mwb-bookings-for-woocommerce.php:330

actionwoocommerce_account_menu_itemsincludes\class-mwb-bookings-for-woocommerce.php:332

actionwoocommerce_account_wps-mybookings-tab_endpointincludes\class-mwb-bookings-for-woocommerce.php:334

actionwoocommerce_blocks_enqueue_cart_block_scripts_beforeincludes\class-mwb-bookings-for-woocommerce.php:335

actionwoocommerce_store_api_product_quantity_maximumincludes\class-mwb-bookings-for-woocommerce.php:336

actionwoocommerce_store_api_product_quantity_minimumincludes\class-mwb-bookings-for-woocommerce.php:337

actionwoocommerce_checkout_create_orderincludes\class-mwb-bookings-for-woocommerce.php:338

actionplugins_loadedincludes\class-mwb-bookings-for-woocommerce.php:339

actiontemplate_redirectincludes\class-mwb-bookings-for-woocommerce.php:340

actionwoocommerce_add_order_item_metaincludes\class-mwb-bookings-for-woocommerce.php:341

actionwps_before_global_booking_form includes\class-mwb-bookings-for-woocommerce.php:342

actionrest_api_initincludes\class-mwb-bookings-for-woocommerce.php:354

actionwp_initialize_sitemwb-bookings-for-woocommerce.php:116

actioninitmwb-bookings-for-woocommerce.php:186

filterplugin_row_metamwb-bookings-for-woocommerce.php:270

actionadmin_noticesmwb-bookings-for-woocommerce.php:273

actionelementor/widgets/widgets_registeredmwb-bookings-for-woocommerce.php:316

actionadmin_noticesmwb-bookings-for-woocommerce.php:324

actionadmin_initmwb-bookings-for-woocommerce.php:389

actionadmin_noticesmwb-bookings-for-woocommerce.php:390

actionbefore_woocommerce_initmwb-bookings-for-woocommerce.php:420

Scheduled Events 2

wps_sync_airbnb_calendars

wps_wgm_check_for_notification_update

Maintenance & Trust

WPS Bookings for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 15, 2026

PHP min version7.4

Downloads152K

Community Trust

Rating88/100

Number of ratings41

Active installs4K

Alternatives

WPS Bookings for WooCommerce Alternatives

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

simply-schedule-appointments

Unlimited appointments, booking calendars, and notifications. Powerful appointment booking plugin and booking system. Start scheduling for free today!

60K 27 CVEs

Advanced Appointment Booking & Scheduling

advanced-appointment-booking-scheduling

Advanced Appointment Booking & Scheduling: Effortlessly manage appointments with a simple, user-friendly scheduling system.

3K 1 unpatched

Easy Appointment Booking & Scheduling System – Webba Booking Calendar

webba-booking-lite

Free Appointment Booking Plugin 📅 Unlimited appointments, booking management, calendar sync, notifications, 5* support = powerful booking system!

3K 7 CVEs

Bookify – Appointment Booking & Scheduling for WordPress

bookify

🚀 A modern, lightweight appointment booking plugin for WordPress. Let customers book services online, manage schedules easily, and reduce no-shows — n …

10 2 CVEs

Multi-Location Appointment Booking & Staff Scheduling – Next Open

next-open-location-booking

100

The appointment booking plugin built for multi-location businesses. Manage staff and bookings across all your locations.

0 No CVEs

Developer Profile

WPS Bookings for WooCommerce Developer Profile

WP Swings

13 plugins · 42K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

90 days

View full developer profile

Detection Fingerprints

How We Detect WPS Bookings for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mwb-bookings-for-woocommerce/assets/css/backend_booking_style.css/wp-content/plugins/mwb-bookings-for-woocommerce/assets/css/frontend_booking_style.css/wp-content/plugins/mwb-bookings-for-woocommerce/assets/js/admin_booking_script.js/wp-content/plugins/mwb-bookings-for-woocommerce/assets/js/frontend_booking_script.js/wp-content/plugins/mwb-bookings-for-woocommerce/assets/js/mwb-booking-admin.js/wp-content/plugins/mwb-bookings-for-woocommerce/assets/js/mwb-booking-public.js/wp-content/plugins/mwb-bookings-for-woocommerce/assets/js/moment.min.js/wp-content/plugins/mwb-bookings-for-woocommerce/assets/js/range.js+2 more

Script Paths

/wp-content/plugins/mwb-bookings-for-woocommerce/assets/js/backend_booking_style.js/wp-content/plugins/mwb-bookings-for-woocommerce/assets/js/frontend_booking_style.js/wp-content/plugins/mwb-bookings-for-woocommerce/assets/js/admin_booking_script.js/wp-content/plugins/mwb-bookings-for-woocommerce/assets/js/frontend_booking_script.js/wp-content/plugins/mwb-bookings-for-woocommerce/assets/js/mwb-booking-admin.js/wp-content/plugins/mwb-bookings-for-woocommerce/assets/js/mwb-booking-public.js+4 more

Version Parameters

mwb-bookings-for-woocommerce/assets/css/backend_booking_style.css?ver=mwb-bookings-for-woocommerce/assets/css/frontend_booking_style.css?ver=mwb-bookings-for-woocommerce/assets/js/admin_booking_script.js?ver=mwb-bookings-for-woocommerce/assets/js/frontend_booking_script.js?ver=mwb-bookings-for-woocommerce/assets/js/mwb-booking-admin.js?ver=mwb-bookings-for-woocommerce/assets/js/mwb-booking-public.js?ver=mwb-bookings-for-woocommerce/assets/js/moment.min.js?ver=mwb-bookings-for-woocommerce/assets/js/range.js?ver=mwb-bookings-for-woocommerce/assets/js/tinymce/plugins/mwb_booking/plugin.min.js?ver=mwb-bookings-for-woocommerce/blocks/booking-calendar/block.js?ver=

HTML / DOM Fingerprints

CSS Classes

mwb_booking_field_settingsmwb_booking_page_wrappermwb_booking_field_wrappermwb-bookings-main-wrapperbooking-calendar-containermwbfw-date-pickermwbfw-time-pickermwbfw-duration-picker+4 more

HTML Comments

Data Attributes

data-mwb-booking-product-iddata-mwb-booking-start-datedata-mwb-booking-end-datedata-mwb-booking-duration

JS Globals

MWB_BOOKINGS_FOR_WOOCOMMERCE_ADMIN_PARAMSMWB_BOOKINGS_FOR_WOOCOMMERCE_PUBLIC_PARAMSmwb_booking_tinymce_plugin

REST Endpoints

/wp-json/mwb-bookings-for-woocommerce/v1/get_booking_availability/wp-json/mwb-bookings-for-woocommerce/v1/book_product

Shortcode Output

[mwb_booking_calendar[mwb_booking_form

FAQ