WP-Safety

Setmore Appointments Security & Risk Analysis

wordpress.org/plugins/setmore-appointments

The SetMore plugin enables your customers to book appointments with you online via your WordPress website.

4K active installs v12.5 PHP + WP 3.7.2+ Updated May 29, 2025
appointmentsbookingfreeschedulingsetmore
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Setmore Appointments Safe to Use in 2026?

Generally Safe

Score 100/100

Setmore Appointments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago
Risk Assessment

The setmore-appointments plugin version 12.5 presents a mixed security posture. On the positive side, the plugin demonstrates excellent practices by not utilizing dangerous functions, exclusively employing prepared statements for SQL queries, and having no recorded vulnerabilities or CVEs. This indicates a generally well-maintained and secure codebase.

However, several areas raise concerns. The most significant is the lack of proper output escaping, with only 28% of outputs being safely handled. This can leave the plugin susceptible to Cross-Site Scripting (XSS) vulnerabilities, especially if user-supplied data is not adequately sanitized before display. Additionally, the complete absence of nonce checks, capability checks, and any form of authentication on the identified entry points (including the single shortcode) is a critical oversight. This opens the door for various unauthorized actions and information disclosure.

While the plugin's vulnerability history is clean, this can sometimes be a result of limited public scrutiny or the discovery of vulnerabilities being privately disclosed. The static analysis, however, clearly points to exploitable weaknesses in output handling and authentication mechanisms that need immediate attention to ensure a robust security posture.

Key Concerns

  • Low output escaping percentage
  • No nonce checks
  • No capability checks
  • No authentication on entry points
Vulnerabilities
None known

Setmore Appointments Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Setmore Appointments Release Timeline

v12.6
v12.5Current
v12.4
v12.3
v12.2
v12.1
v12.0
v11.9
v11.8
v11.7
v11.6
v11.3
v11.2
v11.0
v10.5
v10.4
v10.3
v10.2
v10.1
v10.0
Code Analysis
Analyzed Mar 16, 2026

Setmore Appointments Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
23
9 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

28% escaped32 total outputs
Attack Surface

Setmore Appointments Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[setmore] setmore.php:129
WordPress Hooks 6
actionadmin_menusetmore.php:90
actionadmin_initsetmore.php:94
actioninitsetmore.php:117
actioninitsetmore.php:118
actionplugins_loadedsetmore.php:119
actionwidgets_initsetmore.php:144
Maintenance & Trust

Setmore Appointments Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 29, 2025
PHP min version
Downloads97K

Community Trust

Rating50/100
Number of ratings4
Active installs4K
Alternatives

Setmore Appointments Alternatives

LatePoint – Calendar Booking Plugin for Appointments and Events

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

F
20

Optimize your appointment scheduling with our plugin. Sync calendars, automate reminders, and keep your bookings organized.

100K 2 unpatched
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

simply-schedule-appointments

A
88

Unlimited appointments, booking calendars, and notifications. Powerful appointment booking plugin and booking system. Start scheduling for free today!

60K 27 CVEs
SimplyBook.me – Booking and reservations calendar

SimplyBook.me – Booking and reservations calendar

simplybook

A
100

Simply add a booking calendar to your site to schedule bookings, reservations, appointments and to collect payments.

20K No CVEs
WPS Bookings for WooCommerce

WPS Bookings for WooCommerce

mwb-bookings-for-woocommerce

A
100

This WordPress Booking Plugin lets you manage full-day bookings, service appointments, Accept/reject bookings, show booking availability & much more.

4K No CVEs
Advanced Appointment Booking & Scheduling

Advanced Appointment Booking & Scheduling

advanced-appointment-booking-scheduling

B
78

Advanced Appointment Booking & Scheduling: Effortlessly manage appointments with a simple, user-friendly scheduling system.

3K 1 unpatched
Developer Profile

Setmore Appointments Developer Profile

davidfull

1 plugin · 4K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Setmore Appointments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/setmore-appointments/sm-wordpress.css/wp-content/plugins/setmore-appointments/setmore.png/wp-content/plugins/setmore-appointments/setmore-logo.svg/wp-content/plugins/setmore-appointments/script/setmoreFancyBox.js
Script Paths
/wp-content/plugins/setmore-appointments/script/setmoreFancyBox.js
Version Parameters
setmore-appointments/sm-wordpress.css?ver=setmore-appointments/script/setmoreFancyBox.js?ver=

HTML / DOM Fingerprints

CSS Classes
container-modmain-headerfxcompany-logoml-autophn-linkhero-wrapbtn-primary+1 more
Data Attributes
id="setmore_script"id="Setmore_button_iframe"id="optionsCreation"id="setmore_booking_page_url"id="languageOption"id="connectBlock"+2 more
JS Globals
window.setmorewindow.setmoreFancyBox
Shortcode Output
<script id="setmore_script" type="text/javascript"<a id="Setmore_button_iframe"
FAQ

Frequently Asked Questions about Setmore Appointments