WP-Safety

Quill Booking – Appointment Scheduling & Event Management Solution Security & Risk Analysis

wordpress.org/plugins/quillbooking

Enterprise-grade appointment scheduling and event management platform designed for modern businesses and service providers.

80 active installs v1.2.5 PHP 7.1+ WP 5.4+ Updated Feb 15, 2026
appointment-schedulingbooking-systemcalendar-managementcalendlyevent-booking
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Quill Booking – Appointment Scheduling & Event Management Solution Safe to Use in 2026?

Generally Safe

Score 100/100

Quill Booking – Appointment Scheduling & Event Management Solution has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The QuillBooking v1.2.5 plugin exhibits a mixed security posture. On one hand, it demonstrates good practices by predominantly using prepared statements for SQL queries and properly escaping output. The absence of recorded vulnerabilities in its history is also a positive indicator, suggesting a track record of security awareness. However, the plugin presents significant concerns due to a large attack surface with a high number of unprotected entry points, specifically 15 AJAX handlers lacking authentication checks. This means that any user, including unauthenticated ones, could potentially interact with these handlers, opening the door to various attacks if these handlers are not carefully designed to be public-facing and benign. The single nonce check and limited capability checks across such a large number of AJAX endpoints further exacerbate this risk. While taint analysis shows no immediate critical or high-severity flows, the sheer number of unprotected AJAX handlers is a substantial risk that needs to be addressed. The plugin's strengths lie in its query and output sanitization, but its weakness in access control for its AJAX endpoints is a critical oversight.

Key Concerns

  • High number of AJAX handlers without auth checks
  • Limited nonce checks on entry points
  • Low number of capability checks on entry points
Vulnerabilities
None known

Quill Booking – Appointment Scheduling & Event Management Solution Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Quill Booking – Appointment Scheduling & Event Management Solution Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
52 prepared
Unescaped Output
14
213 escaped
Nonce Checks
1
Capability Checks
54
File Operations
1
External Requests
2
Bundled Libraries
0

SQL Query Safety

93% prepared56 total queries

Output Escaping

94% escaped227 total outputs
Attack Surface
15 unprotected

Quill Booking – Appointment Scheduling & Event Management Solution Attack Surface

Entry Points16
Unprotected15

AJAX Handlers 15

authwp_ajax_quillbooking_booking_slotsincludes\booking\class-booking-ajax.php:34
noprivwp_ajax_quillbooking_booking_slotsincludes\booking\class-booking-ajax.php:35
authwp_ajax_quillbooking_bookingincludes\booking\class-booking-ajax.php:36
noprivwp_ajax_quillbooking_bookingincludes\booking\class-booking-ajax.php:37
authwp_ajax_quillbooking_cancel_bookingincludes\booking\class-booking-ajax.php:38
noprivwp_ajax_quillbooking_cancel_bookingincludes\booking\class-booking-ajax.php:39
authwp_ajax_quillbooking_reschedule_bookingincludes\booking\class-booking-ajax.php:40
noprivwp_ajax_quillbooking_reschedule_bookingincludes\booking\class-booking-ajax.php:41
authwp_ajax_quillbooking_process_paymentincludes\booking\class-booking-ajax.php:42
noprivwp_ajax_quillbooking_process_paymentincludes\booking\class-booking-ajax.php:43
authwp_ajax_quillbooking_license_activateincludes\site\class-license.php:75
authwp_ajax_quillbooking_license_updateincludes\site\class-license.php:76
authwp_ajax_quillbooking_license_deactivateincludes\site\class-license.php:77
authwp_ajax_quillbooking_install_proincludes\site\class-license.php:78
authwp_ajax_quillbooking_activate_proincludes\site\class-license.php:79

Shortcodes 1

[quillbooking] includes\class-shortcode.php:57
WordPress Hooks 52
actionadmin_enqueue_scriptsincludes\admin\class-admin-loader.php:44
actionadmin_enqueue_scriptsincludes\admin\class-admin-loader.php:45
actionadmin_noticesincludes\admin\class-admin-loader.php:48
actionadmin_noticesincludes\admin\class-admin-loader.php:49
actionadmin_noticesincludes\admin\class-admin-loader.php:50
filteradmin_footer_textincludes\admin\class-admin-loader.php:53
filterupdate_footerincludes\admin\class-admin-loader.php:55
actionadmin_menuincludes\admin\class-admin.php:40
actionadmin_headincludes\admin\class-admin.php:41
actionwp_loadedincludes\booking\class-booking-actions.php:45
actionwp_loadedincludes\booking\class-booking-frontend-handler.php:46
actionwp_enqueue_scriptsincludes\booking\class-booking-frontend-handler.php:47
filtershow_admin_barincludes\booking\class-booking-frontend-handler.php:48
actiontemplate_redirectincludes\booking\class-booking-frontend-handler.php:115
actionquillbooking_payment_statusincludes\booking\class-booking-jobs.php:61
actionquillbooking_booking_createdincludes\booking\class-booking-jobs.php:64
actionquillbooking_booking_rescheduledincludes\booking\class-booking-jobs.php:65
actionquillbooking_booking_createdincludes\booking\class-booking-tasks.php:29
actionquillbooking_booking_confirmedincludes\booking\class-booking-tasks.php:30
actionquillbooking_booking_rescheduledincludes\booking\class-booking-tasks.php:31
actionquillbooking_booking_createdincludes\booking\class-email-notifications.php:61
actionquillbooking_booking_attendee_cancelledincludes\booking\class-email-notifications.php:62
actionquillbooking_booking_organizer_cancelledincludes\booking\class-email-notifications.php:63
actionquillbooking_booking_organizer_rescheduledincludes\booking\class-email-notifications.php:64
actionquillbooking_booking_attendee_rescheduledincludes\booking\class-email-notifications.php:65
actionquillbooking_booking_pendingincludes\booking\class-email-notifications.php:66
actionquillbooking_booking_confirmedincludes\booking\class-email-notifications.php:67
actionquillbooking_booking_rejectedincludes\booking\class-email-notifications.php:68
actioninitincludes\booking\class-email-notifications.php:70
filterquillbooking_configincludes\booking\renderers\class-booking-page-renderer.php:61
filterquillbooking_configincludes\booking\renderers\class-reschedule-page-renderer.php:58
filteruser_has_capincludes\class-capabilities.php:226
actioninitincludes\class-quillbooking.php:136
filterquillbooking_payment_availableincludes\class-quillbooking.php:140
actioninitincludes\class-shortcode.php:46
actionaction_scheduler_deleted_actionincludes\class-tasks.php:57
actioninitincludes\database\class-install.php:41
actionquillbooking_email_send_beforeincludes\emails\class-emails.php:192
actionquillbooking_email_send_afterincludes\emails\class-emails.php:193
filterwp_mail_fromincludes\emails\class-emails.php:479
filterwp_mail_from_nameincludes\emails\class-emails.php:480
filterwp_mail_content_typeincludes\emails\class-emails.php:481
actionquillbooking_after_booking_createdincludes\payment-gateway\class-payment-service.php:63
actionrest_api_initincludes\payment-gateway\rest-api\class-rest-settings-controller.php:52
actioninitincludes\payment-gateway\return-handler.php:64
actionrest_api_initincludes\rest-api\class-rest-api.php:50
actionquillbooking_loadedincludes\site\class-license.php:72
actioninitincludes\site\class-license.php:490
filterdoing_it_wrong_trigger_errorquillbooking.php:57
actionplugins_loadedquillbooking.php:73
actionadmin_noticesquillbooking.php:91
actionadmin_noticesquillbooking.php:97
Maintenance & Trust

Quill Booking – Appointment Scheduling & Event Management Solution Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 15, 2026
PHP min version7.1
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs80
Alternatives

Quill Booking – Appointment Scheduling & Event Management Solution Alternatives

Booking for Appointments and Events Calendar – Amelia

Booking for Appointments and Events Calendar – Amelia

ameliabooking

A
88

Amelia is a powerful booking plugin for appointments and events. Manage scheduling, calendars, and availability with an all-in-one booking system.

90K 23 CVEs
Servv AI Event Booking

Servv AI Event Booking

servvai-event-booking

A
100

Servv AI Event Booking helps you create events with AI, Zoom integration, ticketing, and reminders all in one place. You can add events to any post on …

0 No CVEs
Online Scheduling and Appointment Booking System – Bookly

Online Scheduling and Appointment Booking System – Bookly

bookly-responsive-appointment-booking-tool

A
93

Appointment booking system for WordPress — schedule appointments, manage calendars, send reminders, take payments. Start booking today!

70K 8 CVEs
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

simply-schedule-appointments

A
88

Unlimited appointments, booking calendars, and notifications. Powerful appointment booking plugin and booking system. Start scheduling for free today!

60K 21 CVEs
WP Booking System – Booking Calendar

WP Booking System – Booking Calendar

wp-booking-system

A
89

The booking calendar plugin for WordPress. Get easy online booking with this lightweight and powerful booking calendar.

20K 7 CVEs
Developer Profile

Quill Booking – Appointment Scheduling & Event Management Solution Developer Profile

Mohamed Magdy

2 plugins · 3K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
34 days
View full developer profile
Detection Fingerprints

How We Detect Quill Booking – Appointment Scheduling & Event Management Solution

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/quillbooking/build/client/index.asset.php/wp-content/plugins/quillbooking/build/config/index.asset.php
Script Paths
/wp-content/plugins/quillbooking/build/client/index.js/wp-content/plugins/quillbooking/build/config/index.js
Version Parameters
quillbooking/build/client/index.js?ver=quillbooking/build/config/index.js?ver=

HTML / DOM Fingerprints

CSS Classes
quillbooking-layout__notice-list-hidequillbooking-layout__notice-catcher
HTML Comments
<!-- QuillBooking initialization --><!-- Wrap the notices in a hidden div to prevent flickering before --><!-- they are moved elsewhere in the page by WordPress Core. --><!-- https://github.com/WordPress/WordPress/blob/f6a37e7d39e2534d05b9e542045174498edfe536/wp-admin/js/common.js#L737 . -->+2 more
Data Attributes
data-quillbooking
JS Globals
QuillBooking
REST Endpoints
/wp-json/quillbooking/
FAQ

Frequently Asked Questions about Quill Booking – Appointment Scheduling & Event Management Solution