Practo Security & Risk Analysis
wordpress.org/plugins/practoLooking for appointment booking widgets? Practo Instant Appointment Booking Widget for your website.
Is Practo Safe to Use in 2026?
Generally Safe
Score 85/100Practo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'practo' plugin v1.0.0 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, SQL queries, file operations, external HTTP requests, and crucially, the lack of any identified taint flows or vulnerability history, are all positive indicators. The plugin also boasts a very small attack surface, with only one shortcode and no AJAX handlers or REST API routes exposed without authentication or permission checks. This suggests a well-developed and secure codebase.
However, a significant concern arises from the "Output escaping" signal. With 1 total output and 0% properly escaped, this indicates a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. Any data rendered by the shortcode that originates from user input or external sources without proper sanitization could be exploited. The absence of nonce checks and capability checks, while potentially mitigated by the small attack surface, still represents a potential oversight that could become a risk if the plugin's functionality were to expand or if other security layers were to fail.
In conclusion, while the plugin demonstrates excellent development practices in many areas, the glaring lack of output escaping is a critical weakness that overshadows its strengths. The vulnerability history being clear is a positive sign, but it should not lead to complacency, especially given the identified XSS risk. Addressing the output escaping is paramount to improving the plugin's overall security.
Key Concerns
- Unescaped output detected
- Missing nonce checks
- Missing capability checks
Practo Security Vulnerabilities
Practo Code Analysis
Output Escaping
Practo Attack Surface
Shortcodes 1
WordPress Hooks 1
Maintenance & Trust
Practo Maintenance & Trust
Maintenance Signals
Community Trust
Practo Alternatives
KiviCare – Clinic & Patient Management System (EHR)
kivicare-clinic-management-system
KiviCare is an impressive clinic and patient management plugin (EHR).
DocBooker – Doctor Appointment & Hospital Management
doc-booker
DocBooker simplifies hospital and clinic management, making it an essential tool for healthcare professionals and administrators.
Exly WP
exly-wp
A WordPress plugin to Launch, Manage and Grow Your Business Online Thoughtfully Designed for Professionals and Artists and managed by Exly.
Appointment Buddy Widget By Accrete
appointment-buddy-online-appointment-booking-by-accrete
Appointment Buddy Widget allows you to book appointment online from a set of available time-slots quickly and easily.
Book Doctor Appointments – iCliniq
book-doctor-appointments-icliniq
This plugin uses https://www.icliniq.com 's doctor search API to list doctors in your website. Users can book doctor appointments directly from y …
Practo Developer Profile
4 plugins · 70 total installs
How We Detect Practo
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/practo/assets/css/practo_style.css/wp-content/plugins/practo/assets/js/practo_script.jshttps://www.practo.com/bundles/practopractoapp/js/abs_widget_helper.jspracto/assets/css/practo_style.css?ver=practo/assets/js/practo_script.js?ver=HTML / DOM Fingerprints
<practo:abs_widget widget="