Does Ultimate Appointment Booking & Scheduling have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Ultimate Appointment Booking & Scheduling compatible with WordPress 6.9.4?

According to WordPress.org data, Ultimate Appointment Booking & Scheduling 2.2.10 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Ultimate Appointment Booking & Scheduling updated?

Ultimate Appointment Booking & Scheduling was last updated on Dec 2, 2025. Frequent updates are generally a positive security signal.

What is Ultimate Appointment Booking & Scheduling's security score?

Ultimate Appointment Booking & Scheduling has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ultimate Appointment Booking & Scheduling Security & Risk Analysis

wordpress.org/plugins/ultimate-appointment-scheduling

Appointment booking calendar and scheduling plugin that lets you set up different services, service providers, locations and availability

90 active installs v2.2.10 PHP + WP 3.9+ Updated Dec 2, 2025

appointmentappointment-bookingappointment-schedulingappointmentsbooking-calendar

A · Safe

CVEs total1

Unpatched0

Last CVEAug 10, 2020

Plugin page Download

Safety Verdict

Is Ultimate Appointment Booking & Scheduling Safe to Use in 2026?

Generally Safe

Score 100/100

Ultimate Appointment Booking & Scheduling has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Aug 10, 2020Updated 5mo ago

Risk Assessment

The plugin 'ultimate-appointment-scheduling' v2.2.10 exhibits a mixed security posture. On the positive side, it demonstrates good practices by implementing nonce checks on all identified AJAX handlers and capability checks on most of them. The majority of SQL queries utilize prepared statements, and a significant portion of output is properly escaped, indicating an effort to prevent common web vulnerabilities.

However, several concerns warrant attention. The taint analysis revealed two high-severity flows with unsanitized paths, suggesting potential vulnerabilities where user input could be used in sensitive operations without adequate cleaning. While there are no currently unpatched CVEs, the history of one medium-severity Cross-Site Scripting (XSS) vulnerability in 2020 indicates a past weakness in output escaping or input sanitization that, if not thoroughly addressed, could re-emerge. The presence of unsanitized paths in taint flows is a more immediate concern than the historical XSS.

In conclusion, the plugin has a decent foundation for security with its checks and prepared statements. However, the high-severity taint flows present a tangible risk that needs immediate investigation and remediation. While the past XSS is a cautionary tale, the current static analysis points to more pressing, higher-severity issues that should be prioritized for a truly robust security profile.

Key Concerns

High severity taint flow with unsanitized paths
High severity taint flow with unsanitized paths
Medium severity CVE history (XSS)
Some output not properly escaped

Vulnerabilities

1 published

Ultimate Appointment Booking & Scheduling Security Vulnerabilities

CVEs by Year

1 CVE in 2020

2020

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2020-24313medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ultimate Appointment Booking & Scheduling < 1.1.10 - Reflected Cross-Site Scripting

Aug 10, 2020 Patched in 1.1.10 (1261d)

Version History

Ultimate Appointment Booking & Scheduling Release Timeline

v2.2.10Current

v2.2.9

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.1

v2.1.0

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.1.15

v1.1.14

Code Analysis

Analyzed Mar 16, 2026

Ultimate Appointment Booking & Scheduling Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

155

463 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

88% prepared16 total queries

Output Escaping

75% escaped618 total outputs

Data Flows · Security

4 unsanitized

Data Flow Analysis

9 flows4 with unsanitized paths

validate_submission (includes\Appointment.class.php:119)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Ultimate Appointment Booking & Scheduling Attack Surface

Entry Points21

Unprotected0

AJAX Handlers 17

authwp_ajax_ewd_uasp_send_feature_suggestionincludes\AboutUs.class.php:14

authwp_ajax_ewd_uasp_get_eventsincludes\Ajax.class.php:14

noprivwp_ajax_ewd_uasp_get_eventsincludes\Ajax.class.php:15

authwp_ajax_ewd_uasp_delete_appointmentincludes\Ajax.class.php:17

authwp_ajax_ewd_uasp_get_appointmentsincludes\Ajax.class.php:19

noprivwp_ajax_ewd_uasp_get_appointmentsincludes\Ajax.class.php:20

authwp_ajax_ewd_uasp_get_service_providersincludes\Ajax.class.php:22

noprivwp_ajax_ewd_uasp_get_service_providersincludes\Ajax.class.php:23

authwp_ajax_ewd_uasp_send_test_emailincludes\Ajax.class.php:25

authwp_ajax_ewd_uasp_welcome_add_serviceincludes\InstallationWalkthrough.class.php:30

authwp_ajax_ewd_uasp_welcome_add_locationincludes\InstallationWalkthrough.class.php:31

authwp_ajax_ewd_uasp_welcome_add_providerincludes\InstallationWalkthrough.class.php:32

authwp_ajax_ewd_uasp_welcome_add_booking_pageincludes\InstallationWalkthrough.class.php:33

authwp_ajax_ewd_uasp_welcome_set_optionsincludes\InstallationWalkthrough.class.php:34

authwp_ajax_ewd_uasp_hide_review_askincludes\ReviewAsk.class.php:16

authwp_ajax_ewd_uasp_send_feedbackincludes\ReviewAsk.class.php:17

authwp_ajax_ewd_uasp_hide_helper_noticeultimate-appointment-scheduling.php:153

Shortcodes 4

[ultimate-appointment-dropdown] includes\template-functions.php:121

[ultimate-appointment-calendar] includes\template-functions.php:127

[edit-appointment] includes\template-functions.php:133

[confirm-appointment] includes\template-functions.php:134

WordPress Hooks 66

actionadmin_menuincludes\AboutUs.class.php:16

actionadmin_menuincludes\AdminAppointments.class.php:27

actionadmin_headincludes\AdminAppointments.class.php:30

actioninitincludes\Blocks.class.php:14

filterblock_categories_allincludes\Blocks.class.php:16

actionadmin_initincludes\CustomPostTypes.class.php:28

actioninitincludes\CustomPostTypes.class.php:29

actionadd_meta_boxesincludes\CustomPostTypes.class.php:32

actionsave_postincludes\CustomPostTypes.class.php:33

filtermanage_uasp-location_posts_columnsincludes\CustomPostTypes.class.php:36

actionmanage_uasp-location_posts_custom_columnincludes\CustomPostTypes.class.php:37

filtermanage_uasp-service_posts_columnsincludes\CustomPostTypes.class.php:38

actionmanage_uasp-service_posts_custom_columnincludes\CustomPostTypes.class.php:39

filtermanage_uasp-provider_posts_columnsincludes\CustomPostTypes.class.php:40

actionmanage_uasp-provider_posts_custom_columnincludes\CustomPostTypes.class.php:41

filtermanage_uasp-exception_posts_columnsincludes\CustomPostTypes.class.php:42

actionmanage_uasp-exception_posts_custom_columnincludes\CustomPostTypes.class.php:43

actionadmin_initincludes\CustomPostTypes.class.php:46

actionsave_postincludes\CustomPostTypes.class.php:685

actionadmin_menuincludes\Dashboard.class.php:16

actionadmin_enqueue_scriptsincludes\Dashboard.class.php:18

actioncurrent_screenincludes\DeactivationSurvey.class.php:13

actionadmin_enqueue_scriptsincludes\DeactivationSurvey.class.php:18

actionadmin_footerincludes\DeactivationSurvey.class.php:19

actionadmin_menuincludes\Export.class.php:17

actionadmin_menuincludes\Export.class.php:19

actionadmin_enqueue_scriptsincludes\Export.class.php:21

actionadmin_menuincludes\Import.class.php:18

actionadmin_initincludes\Import.class.php:20

actionadmin_enqueue_scriptsincludes\Import.class.php:22

actionadmin_noticesincludes\Import.class.php:81

actionadmin_noticesincludes\Import.class.php:178

actionadmin_menuincludes\InstallationWalkthrough.class.php:24

actionadmin_headincludes\InstallationWalkthrough.class.php:25

actionadmin_initincludes\InstallationWalkthrough.class.php:26

actionadmin_headincludes\InstallationWalkthrough.class.php:28

actionwidgets_initincludes\Notifications.class.php:15

actionewd_uasp_insert_appointmentincludes\Notifications.class.php:17

actionewd_uasp_insert_appointmentincludes\Notifications.class.php:18

actionewd_uasp_insert_appointmentincludes\Notifications.class.php:19

actionewd_uasp_admin_insert_appointmentincludes\Notifications.class.php:21

actionadmin_noticesincludes\ReviewAsk.class.php:14

actionadmin_enqueue_scriptsincludes\ReviewAsk.class.php:19

actioninitincludes\Settings.class.php:33

actioninitincludes\Settings.class.php:35

actioninitincludes\Settings.class.php:37

actioninitincludes\template-functions.php:192

actionshutdownincludes\template-functions.php:193

actioninitincludes\template-functions.php:196

filteruwpm_register_custom_element_sectionincludes\UltimateWPMail.class.php:14

actionuwpm_register_custom_elementincludes\UltimateWPMail.class.php:15

actionwoocommerce_thankyouincludes\WooCommerce.class.php:14

actioninitincludes\WooCommerce.class.php:16

actioninitincludes\WooCommerce.class.php:18

actionsave_postincludes\WooCommerce.class.php:21

actionewd_uasp_appointments_table_topincludes\WP_List_Table.AppointmentsTable.class.php:615

actioninitultimate-appointment-scheduling.php:138

actionplugins_loadedultimate-appointment-scheduling.php:140

actionadmin_noticesultimate-appointment-scheduling.php:142

actionadmin_noticesultimate-appointment-scheduling.php:143

actionadmin_enqueue_scriptsultimate-appointment-scheduling.php:145

actionadmin_enqueue_scriptsultimate-appointment-scheduling.php:146

actionwp_enqueue_scriptsultimate-appointment-scheduling.php:147

actionwp_headultimate-appointment-scheduling.php:148

actionwp_footerultimate-appointment-scheduling.php:149

filterplugin_action_linksultimate-appointment-scheduling.php:151

Maintenance & Trust

Ultimate Appointment Booking & Scheduling Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 2, 2025

PHP min version

Downloads74K

Community Trust

Rating82/100

Number of ratings20

Active installs90

Alternatives

Ultimate Appointment Booking & Scheduling Alternatives

Online Scheduling and Appointment Booking System – Bookly

bookly-responsive-appointment-booking-tool

Appointment booking system for WordPress — schedule appointments, manage calendars, send reminders, take payments. Start booking today!

70K 10 CVEs

Easy Appointment Booking & Scheduling System – Webba Booking Calendar

webba-booking-lite

Free Appointment Booking Plugin 📅 Unlimited appointments, booking management, calendar sync, notifications, 5* support = powerful booking system!

3K 7 CVEs

Appointment Bookings for Zoom GoogleMeet and more – Wappointment

wappointment

Get clients to quickly book a meeting with you by Zoom, GoogleMeet, phone or at your office

2K 1 unpatched

Cal.com

cal-com

Embed Cal.com booking calendar in WordPress with custom UI and admin widget support.

1K 1 CVE

SuperSaaS – online appointment scheduling

supersaas-appointment-scheduling

SuperSaaS is a flexible appointment scheduling system that works with many different businesses. The basic version is free.

1K 2 CVEs

Developer Profile

Ultimate Appointment Booking & Scheduling Developer Profile

Rustaurius

21 plugins · 65K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

682 days

View full developer profile

Detection Fingerprints

How We Detect Ultimate Appointment Booking & Scheduling

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ultimate-appointment-scheduling/assets/css/ewd-uasp-appointments-main.css/wp-content/plugins/ultimate-appointment-scheduling/assets/css/ewd-uasp-appointments-layout.css/wp-content/plugins/ultimate-appointment-scheduling/assets/css/ewd-uasp-appointments-settings.css/wp-content/plugins/ultimate-appointment-scheduling/assets/css/ewd-uasp-appointments-frontend.css/wp-content/plugins/ultimate-appointment-scheduling/assets/css/ewd-uasp-appointments-admin.css/wp-content/plugins/ultimate-appointment-scheduling/assets/css/ewd-uasp-appointments-admin-layout.css/wp-content/plugins/ultimate-appointment-scheduling/assets/css/ewd-uasp-appointments-admin-settings.css/wp-content/plugins/ultimate-appointment-scheduling/assets/css/ewd-uasp-appointments-admin-frontend.css+8 more

Script Paths

/wp-content/plugins/ultimate-appointment-scheduling/assets/js/ewd-uasp-appointments-main.js/wp-content/plugins/ultimate-appointment-scheduling/assets/js/ewd-uasp-appointments-frontend.js/wp-content/plugins/ultimate-appointment-scheduling/assets/js/ewd-uasp-appointments-admin.js/wp-content/plugins/ultimate-appointment-scheduling/assets/js/ewd-uasp-appointments-admin-layout.js/wp-content/plugins/ultimate-appointment-scheduling/assets/js/ewd-uasp-appointments-admin-settings.js/wp-content/plugins/ultimate-appointment-scheduling/assets/js/ewd-uasp-appointments-admin-frontend.js+1 more

Version Parameters

ultimate-appointment-scheduling/assets/css/ewd-uasp-appointments-main.css?ver=ultimate-appointment-scheduling/assets/css/ewd-uasp-appointments-layout.css?ver=ultimate-appointment-scheduling/assets/css/ewd-uasp-appointments-settings.css?ver=ultimate-appointment-scheduling/assets/css/ewd-uasp-appointments-frontend.css?ver=ultimate-appointment-scheduling/assets/css/ewd-uasp-appointments-admin.css?ver=ultimate-appointment-scheduling/assets/css/ewd-uasp-appointments-admin-layout.css?ver=ultimate-appointment-scheduling/assets/css/ewd-uasp-appointments-admin-settings.css?ver=ultimate-appointment-scheduling/assets/css/ewd-uasp-appointments-admin-frontend.css?ver=ultimate-appointment-scheduling/assets/css/ewd-uasp-helper-install-notice.css?ver=ultimate-appointment-scheduling/assets/js/ewd-uasp-appointments-main.js?ver=ultimate-appointment-scheduling/assets/js/ewd-uasp-appointments-frontend.js?ver=ultimate-appointment-scheduling/assets/js/ewd-uasp-appointments-admin.js?ver=ultimate-appointment-scheduling/assets/js/ewd-uasp-appointments-admin-layout.js?ver=ultimate-appointment-scheduling/assets/js/ewd-uasp-appointments-admin-settings.js?ver=ultimate-appointment-scheduling/assets/js/ewd-uasp-appointments-admin-frontend.js?ver=ultimate-appointment-scheduling/assets/js/ewd-uasp-helper-install-notice.js?ver=

HTML / DOM Fingerprints

CSS Classes

ewd-uasp-appointments-mainewd-uasp-appointments-frontendewd-uasp-appointments-adminewd-uasp-appointments-settingsewd-uasp-appointment-frontend-wrapperewd-uasp-admin-appointment-wrapperewd-uasp-appointment-form-wrapperewd-uasp-appointment-calendar-wrapper+6 more

HTML Comments

+10 more

Data Attributes

data-ewd-uasp-appointment-iddata-ewd-uasp-service-iddata-ewd-uasp-provider-iddata-ewd-uasp-location-iddata-ewd-uasp-datedata-ewd-uasp-time+1 more

JS Globals

ewd_uasp_appointments_main_scriptewd_uasp_appointments_frontend_scriptewd_uasp_appointments_admin_scriptewd_uasp_appointments_admin_layout_scriptewd_uasp_appointments_admin_settings_scriptewd_uasp_appointments_admin_frontend_script+1 more

REST Endpoints

/wp-json/ewd-uasp/v1/appointments/wp-json/ewd-uasp/v1/services/wp-json/ewd-uasp/v1/providers/wp-json/ewd-uasp/v1/locations/wp-json/ewd-uasp/v1/settings/wp-json/ewd-uasp/v1/availability/wp-json/ewd-uasp/v1/booking

Shortcode Output

[ewd_appointment_calendar][ewd_appointment_booking_form][ewd_appointment_details][ewd_appointment_service_providers]

FAQ