WP-Safety

NiftyBukzee – Calendar Booking Plugin for Appointments and Events Security & Risk Analysis

wordpress.org/plugins/niftybukzee

Gain More customers with Quick and Easy 3-step appointment booking with service providers: Calendar, Payments, Google Meet & more.

0 active installs v1.0.3 PHP 7.4+ WP 5.6+ Updated Dec 6, 2025
appointmentsbookingcalendareventsscheduling
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is NiftyBukzee – Calendar Booking Plugin for Appointments and Events Safe to Use in 2026?

Generally Safe

Score 100/100

NiftyBukzee – Calendar Booking Plugin for Appointments and Events has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The niftybukzee v1.0.3 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices concerning SQL queries and output escaping, with a very high percentage of prepared statements and properly escaped outputs. The absence of known CVEs and any recorded vulnerability history is also a significant strength, suggesting a history of stable and secure development.

However, a major concern arises from the substantial attack surface exposed without proper authentication. A significant number of AJAX handlers (8 out of 8) lack authentication checks, representing a considerable risk. This, combined with two identified taint flows with unsanitized paths, particularly those flagged as high severity, points to potential vulnerabilities where user-supplied data could be processed insecurely, leading to unexpected behavior or potential exploits. The presence of bundled libraries, while not explicitly flagged as outdated, warrants further investigation in a production environment.

Overall, while the plugin has a clean vulnerability history and good internal coding practices for SQL and output handling, the lack of authentication on its AJAX endpoints and the presence of high-severity taint flows create significant security risks that need immediate attention. Strengthening authentication and sanitizing all input before processing is crucial to mitigating these identified weaknesses.

Key Concerns

  • AJAX handlers without auth checks
  • Taint flows with unsanitized paths (high severity)
Vulnerabilities
None known

NiftyBukzee – Calendar Booking Plugin for Appointments and Events Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

NiftyBukzee – Calendar Booking Plugin for Appointments and Events Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
36 prepared
Unescaped Output
10
512 escaped
Nonce Checks
11
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
1

Bundled Libraries

DataTables

SQL Query Safety

86% prepared42 total queries

Output Escaping

98% escaped522 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths
niftybkz_handle_delete_holiday (admin\class-niftybukzee-admin.php:810)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

NiftyBukzee – Calendar Booking Plugin for Appointments and Events Attack Surface

Entry Points9
Unprotected8

AJAX Handlers 8

authwp_ajax_niftybkz_onchange_get_appointment_time_availability_frontendincludes\class-niftybukzee.php:161
noprivwp_ajax_niftybkz_onchange_get_appointment_time_availability_frontendincludes\class-niftybukzee.php:162
authwp_ajax_niftybkz_confirm_button_designincludes\class-niftybukzee.php:163
noprivwp_ajax_niftybkz_confirm_button_designincludes\class-niftybukzee.php:164
authwp_ajax_niftybkz_check_user_by_phoneincludes\class-niftybukzee.php:165
noprivwp_ajax_niftybkz_check_user_by_phoneincludes\class-niftybukzee.php:166
authwp_ajax_niftybkz_check_user_by_emailincludes\class-niftybukzee.php:167
noprivwp_ajax_niftybkz_check_user_by_emailincludes\class-niftybukzee.php:168

Shortcodes 1

[niftybkz_appointment_booking_shortcode] public\class-niftybukzee-public.php:96
WordPress Hooks 13
actionadmin_menuincludes\class-niftybukzee.php:137
actionadmin_enqueue_scriptsincludes\class-niftybukzee.php:138
actionadmin_enqueue_scriptsincludes\class-niftybukzee.php:139
actionadmin_initincludes\class-niftybukzee.php:140
actionadmin_initincludes\class-niftybukzee.php:141
actionadmin_initincludes\class-niftybukzee.php:142
actionadmin_noticesincludes\class-niftybukzee.php:143
actionwp_enqueue_scriptsincludes\class-niftybukzee.php:157
actionwp_enqueue_scriptsincludes\class-niftybukzee.php:158
actioninitincludes\class-niftybukzee.php:159
actioninitincludes\class-niftybukzee.php:160
actionadmin_noticesincludes\niftybukzee-functions.php:254
actionuser_registerincludes\niftybukzee-functions.php:263
Maintenance & Trust

NiftyBukzee – Calendar Booking Plugin for Appointments and Events Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 6, 2025
PHP min version7.4
Downloads457

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

NiftyBukzee – Calendar Booking Plugin for Appointments and Events Alternatives

LatePoint – Calendar Booking Plugin for Appointments and Events

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

F
20

Optimize your appointment scheduling with our plugin. Sync calendars, automate reminders, and keep your bookings organized.

100K 2 unpatched
Cal24h

Cal24h

cal24h

A
100

Embed the Cal24h booking experience in WordPress with a shortcode, Gutenberg block, or floating modal.

0 No CVEs
Events Manager – Calendar, Bookings, Tickets, and more!

Events Manager – Calendar, Bookings, Tickets, and more!

events-manager

B
82

Events calendar with bookings, scheduling, appointments, event registration, tickets, recurring events, and venue management.

70K 34 CVEs
Booking Calendar

Booking Calendar

booking

B
82

Original "Booking Calendar" plugin. Easily manage full-day bookings, time-slot appointments, or events in our all-in-one, outstanding booking system.

50K 28 CVEs
SimplyBook.me – Booking and reservations calendar

SimplyBook.me – Booking and reservations calendar

simplybook

A
100

Simply add a booking calendar to your site to schedule bookings, reservations, appointments and to collect payments.

20K No CVEs
Developer Profile

NiftyBukzee – Calendar Booking Plugin for Appointments and Events Developer Profile

NiftySol

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect NiftyBukzee – Calendar Booking Plugin for Appointments and Events

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/niftybukzee/includes/assets/css/niftybukzee-fonts.css/wp-content/plugins/niftybukzee/admin/assets/css/niftybukzee-admin.css/wp-content/plugins/niftybukzee/admin/assets/css/flatpickr.min.css/wp-content/plugins/niftybukzee/admin/assets/css/jquery-ui.css/wp-content/plugins/niftybukzee/admin/assets/css/jquery.dataTables.min.css/wp-content/plugins/niftybukzee/admin/assets/validationEngine/css/validationEngine.jquery.css/wp-content/plugins/niftybukzee/admin/assets/js/niftybukzee-admin.js/wp-content/plugins/niftybukzee/admin/assets/js/moment.min.js+8 more
Script Paths
/wp-content/plugins/niftybukzee/admin/assets/js/niftybukzee-admin.js/wp-content/plugins/niftybukzee/admin/assets/js/moment.min.js/wp-content/plugins/niftybukzee/admin/assets/js/flatpickr.min.js/wp-content/plugins/niftybukzee/admin/assets/js/jquery-ui.js/wp-content/plugins/niftybukzee/admin/assets/js/jquery.dataTables.min.js/wp-content/plugins/niftybukzee/admin/assets/validationEngine/js/jquery.validationEngine.js+3 more
Version Parameters
niftybukzee/includes/assets/css/niftybukzee-fonts.css?ver=niftybukzee/admin/assets/css/niftybukzee-admin.css?ver=niftybukzee/admin/assets/css/flatpickr.min.css?ver=niftybukzee/admin/assets/css/jquery-ui.css?ver=niftybukzee/admin/assets/css/jquery.dataTables.min.css?ver=niftybukzee/admin/assets/validationEngine/css/validationEngine.jquery.css?ver=niftybukzee/admin/assets/js/niftybukzee-admin.js?ver=niftybukzee/admin/assets/js/moment.min.js?ver=niftybukzee/admin/assets/js/flatpickr.min.js?ver=niftybukzee/admin/assets/js/jquery-ui.js?ver=niftybukzee/admin/assets/js/jquery.dataTables.min.js?ver=niftybukzee/admin/assets/validationEngine/js/jquery.validationEngine.js?ver=niftybukzee/admin/assets/validationEngine/js/languages/jquery.validationEngine-en.js?ver=niftybukzee/admin/assets/js/custom.js?ver=niftybukzee/public/assets/css/niftybukzee-public.css?ver=niftybukzee/public/assets/js/niftybukzee-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
niftybkz-main-wrapperniftybkz-custom-input-wrapniftybkz-booking-form-sectionniftybkz-appointment-calendar-wrap
HTML Comments
<!-- NiftyBukzee Booking Form Start --><!-- NiftyBukzee Booking Form End --><!-- NiftyBukzee Appointment Calendar Start --><!-- NiftyBukzee Appointment Calendar End -->
Data Attributes
data-niftybkz-appointment-iddata-niftybkz-service-id
JS Globals
niftybkz_booking_dataNiftyBukzeePublic
REST Endpoints
/wp-json/niftybukzee/v1/appointments/wp-json/niftybukzee/v1/services/wp-json/niftybukzee/v1/providers
Shortcode Output
[niftybukzee_booking_form][niftybukzee_appointment_calendar]
FAQ

Frequently Asked Questions about NiftyBukzee – Calendar Booking Plugin for Appointments and Events