Does Salon Booking System – Free Version have any unpatched vulnerabilities?

Yes — Salon Booking System – Free Version currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Salon Booking System – Free Version compatible with WordPress 6.9.4?

According to WordPress.org data, Salon Booking System – Free Version 10.30.22 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Salon Booking System – Free Version compatible with PHP 7.4.8+?

Salon Booking System – Free Version requires PHP 7.4.8 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Salon Booking System – Free Version updated?

Salon Booking System – Free Version was last updated on Mar 13, 2026. Frequent updates are generally a positive security signal.

What is Salon Booking System – Free Version's security score?

Salon Booking System – Free Version has a WP-Safety security score of 39/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Salon Booking System – Free Version Security & Risk Analysis

wordpress.org/plugins/salon-booking-system

Appointment scheduling plugin for salons, spas, and wellness centers to streamline bookings and improve customer satisfaction.

3K active installs v10.30.22 PHP 7.4.8+ WP 4.1+ Updated Mar 13, 2026

appointment-calendarbookingbooking-calendarreservationsscheduling

D · High Risk

CVEs total25

Unpatched1

Last CVEJan 21, 2026

Plugin page Download

Safety Verdict

Is Salon Booking System – Free Version Safe to Use in 2026?

High Risk

Score 39/100

Salon Booking System – Free Version carries significant security risk with 25 known CVEs, 1 still unpatched. Consider switching to a maintained alternative.

25 known CVEs 1 unpatched Last CVE: Jan 21, 2026Updated 21d ago

Risk Assessment

The salon-booking-system plugin version 10.30.22 presents a significant security risk due to a combination of concerning static analysis findings and a troubling vulnerability history. While the plugin demonstrates some good practices such as using prepared statements for a majority of SQL queries and implementing a substantial number of capability checks, these are overshadowed by critical weaknesses. The large attack surface, with 17 unprotected entry points across AJAX handlers and REST API routes, is a major concern. This, coupled with the presence of the `unserialize` function and a critical taint flow with unsanitized paths, opens the door for severe vulnerabilities like Remote Code Execution and unauthorized data manipulation. The plugin's extensive history of 25 CVEs, including 4 critical and 4 high-severity vulnerabilities, with one remaining unpatched, strongly indicates a pattern of recurring security flaws and a lack of consistent security maintenance. This history points to potential systemic issues within the plugin's development process, making it a prime target for attackers seeking to exploit known or newly discovered weaknesses. Although the plugin has strengths, the high number of unprotected entry points, critical taint flow, and a history of severe and unpatched vulnerabilities lead to a very high-risk assessment.

Key Concerns

Large attack surface without authentication
Unprotected REST API routes
Use of dangerous unserialize function
Critical severity taint flow
Flows with unsanitized paths
Unpatched CVE
History of critical CVEs
History of high CVEs
Poor output escaping (54% properly escaped)
Bundled outdated libraries (Select2, jQuery)

Vulnerabilities

Salon Booking System – Free Version Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

3 CVEs in 2022

2022

2 CVEs in 2023

2023

13 CVEs in 2024

2024

5 CVEs in 2025 · unpatched

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

Low

25 total CVEs

CVE-2025-67954low · 3.1Exposure of Sensitive Information to an Unauthorized Actor

Salon booking system <= 10.30.3 - Authenticated (Subscriber+) Information Exposure

Jan 21, 2026 Patched in 10.30.4 (8d)

CVE-2025-66531medium · 4.3Cross-Site Request Forgery (CSRF)

Salon booking system <= 10.30.3 - Cross-Site Request Forgery

Dec 7, 2025 Patched in 10.30.4 (5d)

CVE-2025-8492medium · 5.3Missing Authorization

Salon Booking System <= 10.22 - Missing Authorization to Unauthenticated AJAX Actions Execution

Sep 10, 2025 Patched in 10.24 (56d)

CVE-2025-47583medium · 4.3Cross-Site Request Forgery (CSRF)

Salon booking system <= 10.16 - Cross-Site Request Forgery to Arbitrary Post/Page Deletion

May 15, 2025 Patched in 10.17 (42d)

CVE-2025-32220medium · 4.3Missing Authorization

Salon booking system <= 10.29.6 - Missing Authorization

Apr 4, 2025Unpatched

CVE-2025-31560high · 8.8Incorrect Privilege Assignment

Salon booking system <= 10.11 - Authenticated Privilege Escalation

Apr 1, 2025 Patched in 10.15 (17d)

CVE-2024-47316medium · 4.3Authorization Bypass Through User-Controlled Key

Salon booking system <= 10.9 - Authenticated (Subscriber+) Insecure Direct Object Reference

Sep 25, 2024 Patched in 10.9.1 (8d)

CVE-2024-9882medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Salon Booking System <= 10.9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 13, 2024 Patched in 10.9.4 (64d)

CVE-2024-43280medium · 6.1URL Redirection to Untrusted Site ('Open Redirect')

Salon booking system <= 10.8.1 - Unauthenticated Open Redirect

Aug 16, 2024 Patched in 10.9 (7d)

CVE-2024-39658critical · 9.1Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Salon booking system <= 10.7 - Authenticated (Administrator+) SQL Injection

Aug 1, 2024 Patched in 10.8 (7d)

CVE-2024-3229critical · 9.8Unrestricted Upload of File with Dangerous Type

Salon Booking System <= 10.2 - Unauthenticated Arbitrary File Upload

Jun 18, 2024 Patched in 10.3 (3d)

CVE-2024-4468medium · 4.3Improper Handling of Insufficient Permissions or Privileges

Salon booking system <= 9.9 - Missing Authorization

Jun 7, 2024 Patched in 10.0 (1d)

CVE-2024-4442critical · 9.1Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Salon booking system <= 9.9 - Unauthenticated Arbitrary File Deletion

May 17, 2024 Patched in 10.0 (41d)

CVE-2024-2429medium · 4.3Cross-Site Request Forgery (CSRF)

Salon booking system <= 9.6.5 - Cross-Site Request Forgery to Settings Update

Apr 26, 2024 Patched in 9.6.6 (6d)

CVE-2024-2603medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Salon booking system <= 9.6.5 - Authenticated (Editor+) Stored Cross-Site Scripting via Email Settings

Apr 5, 2024 Patched in 9.6.6 (27d)

CVE-2024-2439medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Salon booking system <= 9.6.5 - Authenticated (Editor+) Stored Cross-Site Scripting

Apr 5, 2024 Patched in 9.6.6 (27d)

CVE-2024-30510critical · 10Unrestricted Upload of File with Dangerous Type

Salon booking system <= 9.5 - Unauthenticated Arbitrary File Upload

Mar 28, 2024 Patched in 9.5.1 (7d)

CVE-2024-2102high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Salon booking system <= 9.6.2 - Authenticated (Customer+) Stored Cross-Site Scripting via 'sms_prefix'

Mar 27, 2024 Patched in 9.6.3 (30d)

CVE-2024-2101medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Salon booking system <= 9.6.2 - Authenticated (Customer+) Stored Cross-Site Scripting

Mar 27, 2024 Patched in 9.6.3 (30d)

CVE-2023-48319high · 7.2Improper Privilege Management

Salon booking system < 8.7 - Authenticated (Editor+) Privilege Escalation

Nov 23, 2023 Patched in 8.7 (61d)

CVE-2023-3427medium · 5.4Cross-Site Request Forgery (CSRF)

Salon Booking System <= 8.4.6 - Cross-Site Request Forgery to Admin Role Change to Customer, User Meta Update via save_customer

Jun 27, 2023 Patched in 8.4.8 (210d)

CVE-2022-43487medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Salon booking system <= 7.9 - Reflected Cross-Site Scripting

Nov 8, 2022 Patched in 7.9.4 (441d)

CVE-2022-0919medium · 5.3Missing Authorization

Salon Booking System and Salon Booking System Pro <= 7.6.2 - Sensitive Data Disclosure

Mar 21, 2022 Patched in 7.6.3 (673d)

CVE-2022-0920high · 7.5Incorrect Authorization

Salon Booking System and Salon Booking System Pro <= 7.6.2 - Sensitive Information Disclosure

Mar 21, 2022 Patched in 7.6.3 (673d)

CVE-2021-24429medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Salon booking system < 6.3.1 - Stored Cross-Site Scripting

Jun 21, 2021 Patched in 6.3.1 (946d)

Code Analysis

Analyzed Mar 16, 2026

Salon Booking System – Free Version Code Analysis

Dangerous Functions

Raw SQL Queries

49 prepared

Unescaped Output

1302

1545 escaped

Nonce Checks

Capability Checks

107

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$unserialized = @unserialize($booking_attendants);src\SLN\Action\Ajax\CheckOverbooking.php:79

unserializereturn unserialize(self::$cache[$key]);src\SLN\Enum\CheckoutFields.php:258

Bundled Libraries

Select2jQuery

SQL Query Safety

70% prepared70 total queries

Output Escaping

54% escaped2847 total outputs

Data Flows

16 unsanitized

Data Flow Analysis

25 flows16 with unsanitized paths

<sln-booking-debug> (sln-booking-debug.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

17 unprotected

Salon Booking System – Free Version Attack Surface

Entry Points26

Unprotected17

AJAX Handlers 25

authwp_ajax_salon_discountsrc\SLB_Discount\Plugin.php:49

noprivwp_ajax_salon_discountsrc\SLB_Discount\Plugin.php:50

authwp_ajax_sln_discountsrc\SLB_Discount\PostType\Discount.php:18

noprivwp_ajax_sln_cache_warmersrc\SLN\Action\Ajax\CacheWarmer.php:23

authwp_ajax_sln_cache_warmersrc\SLN\Action\Ajax\CacheWarmer.php:24

authwp_ajax_sln_dismiss_ip1sms_migration_noticesrc\SLN\Action\Init.php:140

authwp_ajax_salonsrc\SLN\Action\Init.php:469

noprivwp_ajax_salonsrc\SLN\Action\Init.php:470

authwp_ajax_saloncalendarsrc\SLN\Action\Init.php:471

authwp_ajax_sln_send_feedback_emailsrc\SLN\Action\Init.php:472

authwp_ajax_sln_send_bulk_feedbacksrc\SLN\Action\Init.php:473

authwp_ajax_sln_preview_bulk_feedbacksrc\SLN\Action\Init.php:474

authwp_ajax_sln_ajax_noshowsrc\SLN\Action\Init.php:475

authwp_ajax_sln_refresh_support_statussrc\SLN\Action\InitEnvatoAutomaticPluginUpdate.php:34

authwp_ajax_sln_deactivation_surveysrc\SLN\Admin\DeactivationSurvey.php:20

authwp_ajax_sln_onboarding_save_stepsrc\SLN\Admin\Onboarding.php:13

authwp_ajax_sln_onboarding_completesrc\SLN\Admin\Onboarding.php:14

authwp_ajax_sln_onboarding_upload_logosrc\SLN\Admin\Onboarding.php:15

authwp_ajax_sln_attendantsrc\SLN\PostType\Attendant.php:17

authwp_ajax_sln_resourcesrc\SLN\PostType\Resource.php:27

authwp_ajax_sln_servicesrc\SLN\PostType\Service.php:19

authwp_ajax_googleoauth-callbacksrc\SLN\Third\GoogleScope.php:87

noprivwp_ajax_googleoauth-callbacksrc\SLN\Third\GoogleScope.php:88

authwp_ajax_startsynchsrc\SLN\Third\GoogleScope.php:89

authwp_ajax_deletealleventssrc\SLN\Third\GoogleScope.php:90

REST API Routes 1

GET/wp-json/salon/v1/rollback-versionssalonbookingsystem-api-endpoint.php:29

WordPress Hooks 245

actionplugins_loadedsalon.php:156

filterplugin_localesalon.php:157

actionplugins_loadedsalon.php:180

actioninitsalon.php:186

actioninitsalon.php:223

filterbody_classsalon.php:247

actionrest_api_initsalonbookingsystem-api-endpoint.php:28

actionrest_api_initsalonbookingsystem-api-endpoint.php:311

filterrest_pre_serve_requestsalonbookingsystem-api-endpoint.php:313

filtersln.booking_builder.getCreateStatussrc\SLB_API\Controller\Bookings_Controller.php:1130

filtersln.booking_builder.create.getPostArgssrc\SLB_API\Controller\Bookings_Controller.php:1132

filtersln.repository.booking.processCriteriasrc\SLB_API\Controller\Bookings_Controller.php:1185

actionsln.booking_builder.create.booking_createdsrc\SLB_API\Listener\Events\BookingEventsListener.php:13

actionrest_api_initsrc\SLB_API\Plugin.php:38

filterrest_authentication_errorssrc\SLB_API\Plugin.php:43

filterposts_orderbysrc\SLB_API_Mobile\Controller\Assistants_Controller.php:190

filtersln.booking_builder.getCreateStatussrc\SLB_API_Mobile\Controller\Bookings_Controller.php:1176

filtersln.booking_builder.create.getPostArgssrc\SLB_API_Mobile\Controller\Bookings_Controller.php:1178

filtersln.repository.booking.processCriteriasrc\SLB_API_Mobile\Controller\Bookings_Controller.php:1244

actionsln.booking_builder.create.booking_createdsrc\SLB_API_Mobile\Listener\Events\BookingEventsListener.php:13

actionwp_loadedsrc\SLB_API_Mobile\Plugin.php:37

actionrest_api_initsrc\SLB_API_Mobile\Plugin.php:44

filterrest_pre_dispatchsrc\SLB_API_Mobile\Plugin.php:54

actionwp_loadedsrc\SLB_Customization\Plugin.php:22

filtersln_admin_menu_titlesrc\SLB_Customization\Plugin.php:39

filtersln_admin_menu_iconsrc\SLB_Customization\Plugin.php:43

filtersln_default_email_logosrc\SLB_Customization\Plugin.php:47

filterwpo_welcome_page_header_plugin_titlesrc\SLB_Customization\Plugin.php:51

actionsln.tools.export_buttonsrc\SLB_Discount\Admin\ExportDiscountsCsv.php:8

actionsln.tools.export_csvsrc\SLB_Discount\Admin\ExportDiscountsCsv.php:9

filtersln_tools_export_headerssrc\SLB_Discount\Admin\ExportDiscountsCsv.php:10

filtersln_tools_export_booking_valuessrc\SLB_Discount\Admin\ExportDiscountsCsv.php:11

actionadmin_print_styles-edit.phpsrc\SLB_Discount\Metabox\Discount.php:26

actionin_admin_headersrc\SLB_Discount\Metabox\Discount.php:27

actionplugins_loadedsrc\SLB_Discount\Plugin.php:34

actioninitsrc\SLB_Discount\Plugin.php:35

actionadmin_initsrc\SLB_Discount\Plugin.php:71

actionadmin_enqueue_scriptssrc\SLB_Discount\Plugin.php:73

actionwp_enqueue_scriptssrc\SLB_Discount\Plugin.php:74

filtersln.func.isSalonPagesrc\SLB_Discount\Plugin.php:76

actionsln.metabox.booking.pre_evalsrc\SLB_Discount\Plugin.php:78

filtersln.calc_booking_total.get_servicessrc\SLB_Discount\Plugin.php:80

filtersln.calc_booking_total.get_discounts_htmlsrc\SLB_Discount\Plugin.php:81

actionsln.booking_builder.createsrc\SLB_Discount\Plugin.php:83

actionsln.shortcode.summary.dispatchForm.before_booking_creationsrc\SLB_Discount\Plugin.php:85

actionsln.template.summary.before_total_amountsrc\SLB_Discount\Plugin.php:87

actionsln.template.summary.after_total_amountsrc\SLB_Discount\Plugin.php:88

filtersln.template.metabox.booking.total_amount_labelsrc\SLB_Discount\Plugin.php:90

actionsln.template.metabox.booking.total_amount_rowsrc\SLB_Discount\Plugin.php:91

actionsln.booking.setStatussrc\SLB_Discount\Plugin.php:93

actionsln.mail.summary_detailssrc\SLB_Discount\Plugin.php:95

actionsln.mail.specialsrc\SLB_Discount\Plugin.php:96

actionsln.my_account.navsrc\SLB_Discount\Plugin.php:98

actionsln.my_account.contentsrc\SLB_Discount\Plugin.php:99

filtersln.action.ajaxcalendar.wrapBooking.discountAmountsrc\SLB_Discount\Plugin.php:101

actionsln.api.booking.pre_evalsrc\SLB_Discount\Plugin.php:102

filtersln.customer.fidelity_score.discounts_scoresrc\SLB_Discount\Plugin.php:104

actionadmin_head-post-new.phpsrc\SLB_Discount\PostType\Discount.php:15

actionadmin_head-post.phpsrc\SLB_Discount\PostType\Discount.php:16

actionadmin_enqueue_scriptssrc\SLB_Discount\PostType\Discount.php:17

filterpost_row_actionssrc\SLB_Discount\PostType\Discount.php:19

filterposts_joinsrc\SLB_Discount\PostType\Discount.php:20

filterposts_searchsrc\SLB_Discount\PostType\Discount.php:21

filterposts_groupbysrc\SLB_Discount\PostType\Discount.php:22

actionparse_requestsrc\SLB_PWA\Plugin.php:23

actionsln.booking_builder.create.booking_createdsrc\SLB_Zapier\Store.php:10

actionwp_insert_postsrc\SLB_Zapier\Store.php:11

actionparse_requestsrc\SLB_Zapier\Webhook.php:18

filtershow_admin_barsrc\SLN\Action\Ajax\CacheWarmer.php:29

filterupgrader_package_optionssrc\SLN\Action\Ajax\InstallPlugin.php:108

filterupload_dirsrc\SLN\Action\Ajax\UploadFile.php:68

actioninitsrc\SLN\Action\Init.php:12

actiontransition_post_statussrc\SLN\Action\Init.php:48

actiontemplate_redirectsrc\SLN\Action\Init.php:85

actioninitsrc\SLN\Action\Init.php:91

actioninitsrc\SLN\Action\Init.php:93

actionprofile_updatesrc\SLN\Action\Init.php:109

actionadmin_noticessrc\SLN\Action\Init.php:139

actionsln_check_ip1sms_migration_notice_expirysrc\SLN\Action\Init.php:146

actionadmin_initsrc\SLN\Action\Init.php:149

actionadmin_menusrc\SLN\Action\Init.php:157

actionadmin_headsrc\SLN\Action\Init.php:173

actionadmin_bar_menusrc\SLN\Action\Init.php:208

actionwp_before_admin_bar_rendersrc\SLN\Action\Init.php:218

actioncurrent_screensrc\SLN\Action\Init.php:243

filterbulk_actions-edit-sln_attendantsrc\SLN\Action\Init.php:251

filterpost_row_actionssrc\SLN\Action\Init.php:258

filterbulk_actions-edit-sln_bookingsrc\SLN\Action\Init.php:268

actionadmin_head-post.phpsrc\SLN\Action\Init.php:275

actionload-profile.phpsrc\SLN\Action\Init.php:291

actionload-edit-comments.phpsrc\SLN\Action\Init.php:300

actionload-comment.phpsrc\SLN\Action\Init.php:309

actionload-edit.phpsrc\SLN\Action\Init.php:318

actionload-post.phpsrc\SLN\Action\Init.php:327

actionload-post-new.phpsrc\SLN\Action\Init.php:364

filterviews_edit-sln_attendantsrc\SLN\Action\Init.php:373

filterwp_count_postssrc\SLN\Action\Init.php:380

filterdisable_months_dropdownsrc\SLN\Action\Init.php:446

actionparse_requestsrc\SLN\Action\Init.php:457

actionparse_requestsrc\SLN\Action\Init.php:458

actionparse_requestsrc\SLN\Action\Init.php:459

actionparse_requestsrc\SLN\Action\Init.php:461

filtercron_schedulessrc\SLN\Action\Init.php:482

actionsln_sms_remindersrc\SLN\Action\Init.php:502

actionsln_email_remindersrc\SLN\Action\Init.php:503

actionsln_sms_followupsrc\SLN\Action\Init.php:504

actionsln_email_followupsrc\SLN\Action\Init.php:505

actionsln_email_feedbacksrc\SLN\Action\Init.php:506

actionsln_cancel_bookingssrc\SLN\Action\Init.php:507

actionsln_email_weekly_reportsrc\SLN\Action\Init.php:508

actionsln.helper.calendar_link.removesrc\SLN\Action\Init.php:509

actionsln.booking.setStatussrc\SLN\Action\Init.php:512

actionsln_clean_up_databasesrc\SLN\Action\Init.php:518

filterpll_get_post_typessrc\SLN\Action\Init.php:613

filterpre_delete_postsrc\SLN\Action\Init.php:799

actionadmin_enqueue_scriptssrc\SLN\Action\Init.php:807

filtermanage_edit-comments_columnssrc\SLN\Action\InitComments.php:8

filtermanage_comments_custom_columnsrc\SLN\Action\InitComments.php:9

filtercomment_textsrc\SLN\Action\InitComments.php:10

actionplugins_loadedsrc\SLN\Action\InitEnvatoAutomaticPluginUpdate.php:27

actionadmin_menusrc\SLN\Action\InitEnvatoAutomaticPluginUpdate.php:32

actionadmin_noticessrc\SLN\Action\InitEnvatoAutomaticPluginUpdate.php:33

actionadmin_enqueue_scriptssrc\SLN\Action\InitScripts.php:17

actionwp_print_scriptssrc\SLN\Action\InitScripts.php:18

actionsln.view.settings.checkout.additional_fieldssrc\SLN\Action\InitScripts.php:19

filterscript_loader_srcsrc\SLN\Action\InitScripts.php:21

filterstyle_loader_srcsrc\SLN\Action\InitScripts.php:22

actionwp_enqueue_scriptssrc\SLN\Action\InitScripts.php:25

actionwp_mail_failedsrc\SLN\Action\Reminder.php:15

actionadmin_noticessrc\SLN\Action\Update.php:74

actionwp_loadedsrc\SLN\Action\UpdatePhoneCountryDialCode.php:13

actionadmin_menusrc\SLN\Admin\AbstractPage.php:15

filtermanage_users_custom_columnsrc\SLN\Admin\Customers\List.php:24

actionin_admin_headersrc\SLN\Admin\Customers.php:11

actionadmin_enqueue_scriptssrc\SLN\Admin\DeactivationSurvey.php:17

actionadmin_footersrc\SLN\Admin\DeactivationSurvey.php:23

actionin_admin_headersrc\SLN\Admin\Extensions.php:11

actionadmin_noticessrc\SLN\Admin\Extensions.php:76

actionadmin_noticessrc\SLN\Admin\Extensions.php:77

actionall_admin_noticessrc\SLN\Admin\Extensions.php:78

actionall_admin_noticessrc\SLN\Admin\Extensions.php:79

actionadmin_headsrc\SLN\Admin\Onboarding.php:11

actionin_admin_headersrc\SLN\Admin\Onboarding.php:12

filterscript_loader_tagsrc\SLN\Admin\Onboarding.php:103

actionin_admin_headersrc\SLN\Admin\Reports.php:12

actionadmin_menusrc\SLN\Admin\Settings.php:21

filtersln.settings.general.fieldssrc\SLN\Admin\Settings.php:26

filtersln.settings.payments.fieldssrc\SLN\Admin\Settings.php:86

filtersln.settings.general.fieldssrc\SLN\Admin\Settings.php:87

filtersln.settings.checkout.fieldssrc\SLN\Admin\Settings.php:88

filtersln.settings.booking.fieldssrc\SLN\Admin\Settings.php:89

actionadmin_initsrc\SLN\Admin\Tools.php:12

actionin_admin_headersrc\SLN\Admin\Tools.php:13

actionadmin_noticessrc\SLN\Admin\Tools.php:255

actionadmin_noticessrc\SLN\Admin\Tools.php:257

filterdate_i18nsrc\SLN\Formatter.php:66

actioninitsrc\SLN\Helper\CacheWarmerScheduler.php:26

actionadd_meta_boxessrc\SLN\Metabox\Abstract.php:17

actionsave_postsrc\SLN\Metabox\Abstract.php:18

filterwp_insert_post_datasrc\SLN\Metabox\Abstract.php:21

actionadmin_print_styles-post.phpsrc\SLN\Metabox\Abstract.php:23

actionadmin_print_styles-post-new.phpsrc\SLN\Metabox\Abstract.php:24

filterwpseo_use_page_analysissrc\SLN\Metabox\Abstract.php:35

actionadmin_print_styles-edit.phpsrc\SLN\Metabox\Attendant.php:21

actionin_admin_headersrc\SLN\Metabox\Attendant.php:22

actionload-post.phpsrc\SLN\Metabox\Booking.php:51

actiontrashed_postsrc\SLN\Metabox\Booking.php:52

filterwp_untrash_post_statussrc\SLN\Metabox\Booking.php:53

actionadmin_noticessrc\SLN\Metabox\Booking.php:54

actionin_admin_headersrc\SLN\Metabox\Booking.php:57

actionadmin_print_styles-edit.phpsrc\SLN\Metabox\Resource.php:14

actionin_admin_headersrc\SLN\Metabox\Resource.php:15

actionadmin_print_styles-edit.phpsrc\SLN\Metabox\Service.php:35

actionadmin_enqueue_scriptssrc\SLN\Metabox\Service.php:36

actionin_admin_headersrc\SLN\Metabox\Service.php:37

filterwp_mail_content_typesrc\SLN\Plugin.php:184

filterwpseo_use_page_analysissrc\SLN\PostType\Abstract.php:16

filterpost_updated_messagessrc\SLN\PostType\Abstract.php:19

filterenter_title_heresrc\SLN\PostType\Abstract.php:20

filterpost_row_actionssrc\SLN\PostType\Abstract.php:22

actionpre_get_postssrc\SLN\PostType\Attendant.php:9

actionwp_insert_postsrc\SLN\PostType\Attendant.php:10

actionadmin_head-post-new.phpsrc\SLN\PostType\Attendant.php:14

actionadmin_head-post.phpsrc\SLN\PostType\Attendant.php:15

actionadmin_enqueue_scriptssrc\SLN\PostType\Attendant.php:16

actionquick_edit_custom_boxsrc\SLN\PostType\Attendant.php:18

actionsave_postsrc\SLN\PostType\Attendant.php:19

filterposts_orderbysrc\SLN\PostType\Attendant.php:62

actionadmin_footer-post.phpsrc\SLN\PostType\Booking.php:17

actionadmin_footer-post-new.phpsrc\SLN\PostType\Booking.php:18

filterdisplay_post_statessrc\SLN\PostType\Booking.php:19

actionadmin_head-post-new.phpsrc\SLN\PostType\Booking.php:20

actionadmin_head-post.phpsrc\SLN\PostType\Booking.php:21

actionrestrict_manage_postssrc\SLN\PostType\Booking.php:22

filterparse_querysrc\SLN\PostType\Booking.php:23

filterpre_get_postssrc\SLN\PostType\Booking.php:24

filterpost_row_actionssrc\SLN\PostType\Booking.php:25

filtermonths_dropdown_resultssrc\SLN\PostType\Booking.php:26

filterposts_joinsrc\SLN\PostType\Booking.php:27

filterposts_wheresrc\SLN\PostType\Booking.php:28

filterposts_distinctsrc\SLN\PostType\Booking.php:29

actionadmin_enqueue_scriptssrc\SLN\PostType\Booking.php:30

filterposts_searchsrc\SLN\PostType\Booking.php:31

filterredirect_post_locationsrc\SLN\PostType\Booking.php:32

filterposts_resultssrc\SLN\PostType\Booking.php:34

actionupdated_post_metasrc\SLN\PostType\Booking.php:42

actiontransition_post_statussrc\SLN\PostType\Booking.php:710

actionsln.booking_builder.new_booking_readysrc\SLN\PostType\Booking.php:711

actionpre_get_postssrc\SLN\PostType\Resource.php:19

actionwp_insert_postsrc\SLN\PostType\Resource.php:20

actionadmin_head-post-new.phpsrc\SLN\PostType\Resource.php:24

actionadmin_head-post.phpsrc\SLN\PostType\Resource.php:25

actionadmin_enqueue_scriptssrc\SLN\PostType\Resource.php:26

actionquick_edit_custom_boxsrc\SLN\PostType\Resource.php:28

actionsave_postsrc\SLN\PostType\Resource.php:29

filterposts_orderbysrc\SLN\PostType\Resource.php:64

actionpre_get_postssrc\SLN\PostType\Service.php:11

actionwp_insert_postsrc\SLN\PostType\Service.php:12

actionadmin_head-post-new.phpsrc\SLN\PostType\Service.php:16

actionadmin_head-post.phpsrc\SLN\PostType\Service.php:17

actionadmin_enqueue_scriptssrc\SLN\PostType\Service.php:18

actionquick_edit_custom_boxsrc\SLN\PostType\Service.php:20

actionsave_postsrc\SLN\PostType\Service.php:21

filterposts_orderbysrc\SLN\PostType\Service.php:56

actionadmin_initsrc\SLN\Privacy.php:42

filterwp_privacy_personal_data_exporterssrc\SLN\Privacy.php:44

filterwp_privacy_personal_data_eraserssrc\SLN\Privacy.php:45

actionsln.booking.setStatussrc\SLN\Service\Messages.php:19

filtersln.attendants.renderSortIconsrc\SLN\Shortcode\Salon\Step.php:27

filterlogin_form_bottomsrc\SLN\Shortcode\SalonMyAccount.php:35

actionwp_loadedsrc\SLN\Shortcode\SalonServices.php:22

actioninitsrc\SLN\TaxonomyType\Abstract.php:14

actionadmin_menusrc\SLN\TaxonomyType\Abstract.php:15

filterterms_clausessrc\SLN\TaxonomyType\ServiceCategory.php:12

actionin_admin_headersrc\SLN\TaxonomyType\ServiceCategory.php:13

actionsln_service_category_add_form_fieldssrc\SLN\TaxonomyType\ServiceCategory.php:14

actionpre_delete_termsrc\SLN\TaxonomyType\ServiceCategory.php:19

filterget_terms_orderbysrc\SLN\TaxonomyType\ServiceCategory.php:83

filterparent_filesrc\SLN\TaxonomyType\ServiceCategory.php:102

actionwp_loadedsrc\SLN\Third\GoogleCalendarImport.php:38

actionwp_loadedsrc\SLN\Third\GoogleCalendarImport.php:39

filteruser_has_capsrc\SLN\Third\GoogleCalendarImport.php:40

actionsave_postsrc\SLN\Third\GoogleCalendarImport.php:374

actionadmin_footersrc\SLN\Third\GoogleScope.php:91

actionsln.booking_builder.create.booking_createdsrc\SLN\Third\GoogleScope.php:1123

Scheduled Events 13

sln_check_ip1sms_migration_notice_expiry

sln_email_weekly_report

sln_clean_up_database

sln_sms_reminder

sln_email_reminder

sln_sms_followup

sln_email_followup

sln_email_feedback

sln_cancel_bookings

sln.helper.calendar_link.remove

Maintenance & Trust

Salon Booking System – Free Version Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version7.4.8

Downloads736K

Community Trust

Rating88/100

Number of ratings179

Active installs3K

Alternatives

Salon Booking System – Free Version Alternatives

Timetics – Appointment Booking Calendar & Scheduling System

timetics

Appointment booking system for Professionals — schedule, manage calendars, accept payments, send reminders & automate bookings easily.

2K 8 CVEs

SuperSaaS – online appointment scheduling

supersaas-appointment-scheduling

SuperSaaS is a flexible appointment scheduling system that works with many different businesses. The basic version is free.

1K 2 CVEs

SimplyBook.me – Booking and reservations calendar

simplybook

100

Simply add a booking calendar to your site to schedule bookings, reservations, appointments and to collect payments.

20K No CVEs

FareHarbor for WordPress

fareharbor

Easily add FareHarbor reservation calendars, booking embeds, and buttons to your site.

9K 2 CVEs

Bookit — Booking & Appointment Calendar

bookit

Appointment booking and event calendar for WordPress. Services, staff, availability, shortcodes, and email notifications. Prevents double-booking.

5K 5 CVEs

Developer Profile

Salon Booking System – Free Version Developer Profile

Dimitri Grassi

1 plugin · 3K total installs

trust score

Avg Security Score

39/100

Avg Patch Time

141 days

View full developer profile

Detection Fingerprints

How We Detect Salon Booking System – Free Version

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/salon-booking-system/assets/css/frontend.css/wp-content/plugins/salon-booking-system/assets/css/frontend-override.css/wp-content/plugins/salon-booking-system/assets/css/frontend-rtl.css/wp-content/plugins/salon-booking-system/assets/css/frontend-rtl-override.css/wp-content/plugins/salon-booking-system/assets/css/admin.css/wp-content/plugins/salon-booking-system/assets/css/admin-rtl.css/wp-content/plugins/salon-booking-system/assets/js/frontend.js/wp-content/plugins/salon-booking-system/assets/js/frontend-rtl.js+2 more

Script Paths

/wp-content/plugins/salon-booking-system/assets/js/frontend.js/wp-content/plugins/salon-booking-system/assets/js/admin.js

Version Parameters

salon-booking-system/assets/css/frontend.css?ver=salon-booking-system/assets/css/frontend-override.css?ver=salon-booking-system/assets/css/frontend-rtl.css?ver=salon-booking-system/assets/css/frontend-rtl-override.css?ver=salon-booking-system/assets/css/admin.css?ver=salon-booking-system/assets/css/admin-rtl.css?ver=salon-booking-system/assets/js/frontend.js?ver=salon-booking-system/assets/js/frontend-rtl.js?ver=salon-booking-system/assets/js/admin.js?ver=salon-booking-system/assets/js/admin-rtl.js?ver=

HTML / DOM Fingerprints

CSS Classes

sln-booking-step-itemsln-booking-step-descriptionsln-booking-step-item--currentsln-booking-step-item--completedsln-booking-step-item--disabledsln-booking-step-item--firstsln-booking-step-item--lastsln-booking-form-section+92 more

HTML Comments

+6 more

Data Attributes

data-sln-booking-stepdata-sln-booking-formdata-sln-booking-fielddata-sln-booking-datedata-sln-booking-timedata-sln-booking-service+12 more

JS Globals

SLNSLN_FrontendSLN_BackendSLN_Adminsln_booking_paramssln_admin_params+12 more

REST Endpoints

/wp-json/salon-booking-system/v1/appointments/wp-json/salon-booking-system/v1/services/wp-json/salon-booking-system/v1/staff/wp-json/salon-booking-system/v1/availability/wp-json/salon-booking-system/v1/booking/wp-json/salon-booking-system/v1/settings

Shortcode Output

[salon_booking_form][salon_booking_calendar][salon_booking_appointments][salon_booking_staff_list]

FAQ

Salon Booking System – Free Version Security & Risk Analysis

Is Salon Booking System – Free Version Safe to Use in 2026?

High Risk

Key Concerns

Salon Booking System – Free Version Security Vulnerabilities

CVEs by Year

Severity Breakdown

Salon Booking System – Free Version Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Salon Booking System – Free Version Attack Surface

AJAX Handlers 25

REST API Routes 1

Scheduled Events 13

Salon Booking System – Free Version Maintenance & Trust

Maintenance Signals

Community Trust

Salon Booking System – Free Version Alternatives

Timetics – Appointment Booking Calendar & Scheduling System

SuperSaaS – online appointment scheduling

SimplyBook.me – Booking and reservations calendar

FareHarbor for WordPress

Bookit — Booking & Appointment Calendar

Salon Booking System – Free Version Developer Profile

How We Detect Salon Booking System – Free Version

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Salon Booking System – Free Version