WP-Safety

SimplyBook.me – Booking and reservations calendar Security & Risk Analysis

wordpress.org/plugins/simplybook

Simply add a booking calendar to your site to schedule bookings, reservations, appointments and to collect payments.

20K active installs v3.3.0 PHP 7.4+ WP 6.6+ Updated Feb 16, 2026
appointmentsbookingcalendarreservationsscheduling
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SimplyBook.me – Booking and reservations calendar Safe to Use in 2026?

Generally Safe

Score 100/100

SimplyBook.me – Booking and reservations calendar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "simplybook" plugin version 3.3.0 demonstrates a generally strong security posture with several positive indicators. The static analysis reveals a minimal attack surface, with no unprotected entry points found. Notably, the plugin utilizes prepared statements for all SQL queries, has a very high percentage of properly escaped output, and implements nonce and capability checks, which are crucial for preventing common WordPress vulnerabilities. The absence of file operations and a lack of recorded past vulnerabilities further contribute to this positive assessment.

However, the presence of the `unserialize` function, even without a direct critical taint flow identified, represents a potential area of concern. While not flagged as a critical risk in this specific analysis, `unserialize` is inherently dangerous if user-supplied data is not meticulously sanitized and validated before being passed to it. The plugin also makes a significant number of external HTTP requests, which could introduce risks if the target endpoints are compromised or if the plugin fails to validate responses properly.

In conclusion, "simplybook" v3.3.0 appears to be a well-developed plugin from a security perspective, prioritizing secure coding practices. The primary area for vigilance lies in the careful management of the `unserialize` function and the security of its external HTTP requests. With no historical vulnerabilities, the plugin has a good track record, but the potential risks associated with `unserialize` warrant continued monitoring.

Key Concerns

  • Use of unserialize()
  • External HTTP requests (9)
Vulnerabilities
None known

SimplyBook.me – Booking and reservations calendar Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

SimplyBook.me – Booking and reservations calendar Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
4 prepared
Unescaped Output
2
93 escaped
Nonce Checks
4
Capability Checks
6
File Operations
0
External Requests
9
Bundled Libraries
0

Dangerous Functions Found

unserialize$unserializedValue = @unserialize($decryptedValue); // Suppress unserialize errorsapp\Traits\LegacySave.php:49

SQL Query Safety

100% prepared4 total queries

Output Escaping

98% escaped95 total outputs
Attack Surface

SimplyBook.me – Booking and reservations calendar Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[simplybook_widget] app\Controllers\WidgetController.php:31
WordPress Hooks 53
actionadmin_noticesapp\Controllers\AdminController.php:38
actionadmin_initapp\Controllers\AdminController.php:39
actionenqueue_block_editor_assetsapp\Controllers\BlockController.php:26
actioninitapp\Controllers\BlockController.php:27
actionsimplybook_activationapp\Controllers\BlockController.php:28
actionelementor/widgets/registerapp\Controllers\BlockController.php:30
actiontemplate_redirectapp\Controllers\BookingPageController.php:26
actionsimplybook_activationapp\Controllers\CapabilityController.php:19
actionsimplybook_plugin_version_upgradeapp\Controllers\CapabilityController.php:20
actionwp_initialize_siteapp\Controllers\CapabilityController.php:21
actionsimplybook_dailyapp\Controllers\CompanyInfoController.php:20
actionadmin_menuapp\Controllers\DashboardController.php:44
actionadmin_initapp\Controllers\DashboardController.php:45
actionadmin_enqueue_scriptsapp\Controllers\DashboardController.php:46
actionsimplybook_activationapp\Controllers\DashboardController.php:49
actionsimplybook_plugin_version_upgradeapp\Controllers\DesignSettingsController.php:20
actionsimplybook_save_onboarding_widget_styleapp\Controllers\DesignSettingsController.php:21
actionsimplybook_save_design_settingsapp\Controllers\DesignSettingsController.php:22
filtersimplybook_fieldapp\Controllers\DesignSettingsController.php:23
actionadmin_enqueue_scriptsapp\Controllers\OnboardingNoticeController.php:38
actionadmin_noticesapp\Controllers\OnboardingNoticeController.php:39
actionadmin_initapp\Controllers\OnboardingNoticeController.php:40
actionadmin_enqueue_scriptsapp\Controllers\ReviewController.php:43
actionadmin_noticesapp\Controllers\ReviewController.php:44
actionadmin_initapp\Controllers\ReviewController.php:45
actioninitapp\Controllers\ScheduleController.php:11
actionsimplybook_deactivationapp\Controllers\ScheduleController.php:12
actionsimplybook_after_company_registeredapp\Controllers\ServiceProvidersController.php:25
actionsimplybook_after_company_registeredapp\Controllers\ServicesController.php:32
actionsimplybook_activationapp\Controllers\SettingsController.php:15
actionsimplybook_plugin_version_upgradeapp\Controllers\SettingsController.php:16
actionadmin_enqueue_scriptsapp\Controllers\TrialExpirationController.php:37
actionadmin_noticesapp\Controllers\TrialExpirationController.php:38
actionsimplybook_controllers_loadedapp\Controllers\UpgradeController.php:23
actionsave_postapp\Controllers\WidgetTrackingController.php:29
actiondelete_postapp\Controllers\WidgetTrackingController.php:30
actiontrashed_postapp\Controllers\WidgetTrackingController.php:31
actionsimplybook_plugin_version_upgradeapp\Features\Notifications\NotificationsController.php:27
filtersimplybook_rest_routesapp\Features\Notifications\NotificationsEndpoints.php:22
filtersimplybook_rest_routesapp\Features\Onboarding\OnboardingController.php:51
actionsimplybook_plugin_version_upgradeapp\Features\TaskManagement\TaskManagementController.php:27
actionsimplybook_plugin_version_upgradeapp\Features\TaskManagement\TaskManagementController.php:28
filtersimplybook_rest_routesapp\Features\TaskManagement\TaskManagementEndpoints.php:22
actionadmin_initapp\Features\TaskManagement\TaskManagementListener.php:27
actionsimplybook_save_design_settingsapp\Features\TaskManagement\TaskManagementListener.php:40
actioninitapp\Http\ApiClient.php:108
actionplugins_loadedbootstrap\Plugin.php:42
actionplugins_loadedbootstrap\Plugin.php:43
actionsimplybook_providers_loadedbootstrap\Plugin.php:44
actionsimplybook_features_loadedbootstrap\Plugin.php:45
actionrest_api_initbootstrap\Plugin.php:46
actionadmin_initbootstrap\Plugin.php:47
actionshutdownbootstrap\Plugin.php:75

Scheduled Events 1

simplybook_daily
Maintenance & Trust

SimplyBook.me – Booking and reservations calendar Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 16, 2026
PHP min version7.4
Downloads111K

Community Trust

Rating90/100
Number of ratings17
Active installs20K
Alternatives

SimplyBook.me – Booking and reservations calendar Alternatives

SuperSaaS – online appointment scheduling

SuperSaaS – online appointment scheduling

supersaas-appointment-scheduling

A
99

SuperSaaS is a flexible appointment scheduling system that works with many different businesses. The basic version is free.

1K 2 CVEs
Reservation.Studio widget

Reservation.Studio widget

reservation-studio-widget

A
99

Reservation.Studio WordPress booking widget

10 2 CVEs
Next Open – Appointment Booking for Multi-Location Businesses

Next Open – Appointment Booking for Multi-Location Businesses

next-open-location-booking

A
100

Professional appointment booking system for WordPress. Manage locations, schedule appointments, and automate customer notifications.

0 No CVEs
LatePoint – Calendar Booking Plugin for Appointments and Events

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

F
20

Optimize your appointment scheduling with our plugin. Sync calendars, automate reminders, and keep your bookings organized.

100K 2 unpatched
Pinpoint Booking System – Version 2

Pinpoint Booking System – Version 2

booking-system

A
93

Book anything, anytime, anywhere.

3K 13 CVEs
Developer Profile

SimplyBook.me – Booking and reservations calendar Developer Profile

Really Simple Plugins

2 plugins · 3.0M total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect SimplyBook.me – Booking and reservations calendar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/simplybook/app/Controllers/../assets/img/preview.png/wp-content/plugins/simplybook/app/Controllers/../assets/block/build/index.asset.php/wp-content/plugins/simplybook/app/Controllers/../assets/block/build/index.js/wp-content/plugins/simplybook/app/Controllers/../assets/block/build/index.css
Script Paths
/wp-content/plugins/simplybook/app/Controllers/../assets/block/build/index.js/wp-content/plugins/simplybook/app/Controllers/../assets/block/build/index.css
Version Parameters
simplybook/app/Controllers/../assets/block/build/index.asset.php?ver=simplybook/app/Controllers/../assets/block/build/index.js?ver=simplybook/app/Controllers/../assets/block/build/index.css?ver=

HTML / DOM Fingerprints

Data Attributes
simplybook/widget
JS Globals
simplybook
Shortcode Output
[simplybook_widget
FAQ

Frequently Asked Questions about SimplyBook.me – Booking and reservations calendar