Does MySchedulr have any unpatched vulnerabilities?

No. All known vulnerabilities in MySchedulr have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MySchedulr compatible with WordPress 5.9.13?

According to WordPress.org data, MySchedulr 1.0.0 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

Is MySchedulr compatible with PHP 7.1+?

MySchedulr requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MySchedulr updated?

MySchedulr was last updated on Feb 18, 2022. Frequent updates are generally a positive security signal.

What is MySchedulr's security score?

MySchedulr has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MySchedulr Security & Risk Analysis

wordpress.org/plugins/myschedulr

An online scheduling solution that easily integrates with your website and domain. Manage your own bookings page that will give your clients a simple …

10 active installs v1.0.0 PHP 7.1+ WP 4.7+ Updated Feb 18, 2022

appointmentsautomationsbookingsnewfoldschedules

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is MySchedulr Safe to Use in 2026?

Generally Safe

Score 85/100

MySchedulr has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The "myschedulr" plugin v1.0.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has no recorded vulnerability history (CVEs). This suggests a potentially well-developed or relatively new plugin with no known exploitable flaws. However, the static analysis reveals significant concerns regarding its attack surface. All three identified AJAX handlers lack authentication checks, presenting a direct pathway for unauthenticated users to interact with sensitive functionalities. Additionally, a substantial portion of output (49%) is not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before being displayed to other users. The plugin also performs file operations and external HTTP requests, which can be vectors for further exploitation if not secured. The absence of taint analysis findings is positive, but it's important to note that taint analysis is most effective on complex code and may not have identified subtle issues in this particular plugin's flows.

Key Concerns

AJAX handlers without authentication
Insufficient output escaping
File operations without context
External HTTP requests without context

Vulnerabilities

None known

MySchedulr Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

MySchedulr Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

86 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

51% escaped170 total outputs

Attack Surface

3 unprotected

MySchedulr Attack Surface

Entry Points3

Unprotected3

AJAX Handlers 3

authwp_ajax_woocommerce_ms4wp_ratedsrc\Managers\AdminManager.php:51

authwp_ajax_ms4wp_request_ssosrc\Managers\AdminManager.php:52

authwp_ajax_ms4wp_deactivate_surveysrc\Managers\AdminManager.php:56

WordPress Hooks 9

actionplugins_loadedmyschedulr-plugin.php:90

actioninitmyschedulr-plugin.php:95

actioninitsrc\blocks\LoadBlock.php:32

actionadmin_enqueue_scriptssrc\blocks\LoadBlock.php:33

actionwp_enqueue_scriptssrc\blocks\LoadBlock.php:34

actionwp_footersrc\blocks\LoadBlock.php:36

filteradmin_footer_textsrc\Managers\AdminManager.php:50

actionadmin_footersrc\Managers\AdminManager.php:55

actionrest_api_initsrc\Managers\ApiManager.php:23

Maintenance & Trust

MySchedulr Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedFeb 18, 2022

PHP min version7.1

Downloads951

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

MySchedulr Alternatives

Events Manager – Calendar, Bookings, Tickets, and more!

events-manager

Events calendar with bookings, scheduling, appointments, event registration, tickets, recurring events, and venue management.

70K 34 CVEs

Booking Calendar

booking

Original "Booking Calendar" plugin. Easily manage full-day bookings, time-slot appointments, or events in our all-in-one, outstanding booking system.

50K 28 CVEs

Bookings for WooCommerce – Create Booking Calendar, Start Scheduling, Manage Bookings And Appointments

mwb-bookings-for-woocommerce

100

This WordPress Booking Plugin lets you manage full-day bookings, service appointments, Accept/reject bookings, show booking availability & much more.

4K No CVEs

Booking Ultra Pro Appointments Booking Calendar Plugin

booking-ultra-pro

Powerful Booking Plugin with amazing dashboard to manage all of your appointments & bookings online.

500 1 unpatched

CP Appointment Calendar

cp-appointment-calendar

CP Appointment Calendar allows you to define "available" time slots that can be booked by the website visitors.

100 1 CVE

Developer Profile

MySchedulr Developer Profile

newfoldaddons

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect MySchedulr

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/myschedulr/assets/js/block/style-ms-block.css/wp-content/plugins/myschedulr/assets/js/block/nsm-frontend.js/wp-content/plugins/myschedulr/assets/js/dependencies/micromodal.min.js/wp-content/plugins/myschedulr/src/views/block/modal.php/wp-content/plugins/myschedulr/src/views/block/no-data-message.php/wp-content/plugins/myschedulr/src/views/block/frontend-render.php

Script Paths

assets/js/block/nsm-frontend.jsassets/js/dependencies/micromodal.min.js

Version Parameters

myschedulr-block-style?ver=myschedulr-frontend-script?ver=myschedulr-dep-micromodal?ver=

HTML / DOM Fingerprints

CSS Classes

ms4wp-modalms4wp-modal-openms-block-content

HTML Comments

Data Attributes

data-micromodal-triggerdata-micromodal-close

JS Globals

ms4wp_form_submit_datanewfoldMyschedulrEditorInit

REST Endpoints

/wp-json/myschedulr/v1/blocks

Shortcode Output

<div class="ms-block-content" data-service-elements-btns="{"<div id="myschedulr-modal" class="ms4wp-modal" aria-hidden="true">

FAQ