WP-Safety

VikAppointments Services Booking Calendar Security & Risk Analysis

wordpress.org/plugins/vikappointments

A reliable tool for managing any kind of appointments, scheduling the bookings of various services, and organizing the calendars of several employees.

500 active installs v1.2.18 PHP 7.4+ WP 4.7+ Updated Feb 6, 2026
appointment-bookingappointmentsbooking-calendaremployee-managementzoom-meetings
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 15, 2025
Plugin page Download
Safety Verdict

Is VikAppointments Services Booking Calendar Safe to Use in 2026?

Generally Safe

Score 99/100

VikAppointments Services Booking Calendar has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 15, 2025Updated 3mo ago
Risk Assessment

The VikAppointments plugin v1.2.18 exhibits a mixed security posture. While it demonstrates good practices in SQL query handling by exclusively using prepared statements, several critical vulnerabilities are present. The static analysis reveals a significant attack surface with two AJAX handlers lacking authentication checks, which can be exploited by unauthenticated users. Furthermore, the presence of the `unserialize` function without proper sanitization is a serious concern, potentially leading to Remote Code Execution if untrusted data is passed to it. The plugin also shows a concerning lack of nonces and capability checks on its entry points, increasing its susceptibility to various attacks.

The vulnerability history, while showing no currently unpatched CVEs, does indicate a past medium-severity vulnerability related to Cross-Site Request Forgery (CSRF). This suggests a pattern of past security oversights. The high percentage of improperly escaped output further exacerbates the risks, potentially leading to Cross-Site Scripting (XSS) vulnerabilities. The inclusion of an outdated library (Select2 v3.5.1) also presents a potential attack vector.

In conclusion, while the plugin has strengths in its SQL handling, the identified security weaknesses, particularly the unprotected AJAX handlers, the use of `unserialize`, and the absence of proper authorization and input validation, make it a moderate to high-risk plugin. Immediate attention is required to address these vulnerabilities to prevent potential exploitation.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous function: unserialize
  • Missing nonce checks
  • Missing capability checks
  • Low percentage of properly escaped output
  • Bundled outdated library (Select2 v3.5.1)
  • Past medium severity CVE
Vulnerabilities
1 published

VikAppointments Services Booking Calendar Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-22719medium · 4.3Cross-Site Request Forgery (CSRF)

VikAppointments Services Booking Calendar <= 1.2.16 - Cross-Site Request Forgery

Jan 15, 2025 Patched in 1.2.17 (8d)
Version History

VikAppointments Services Booking Calendar Release Timeline

v1.2.18Current
v1.2.17
Code Analysis
Analyzed Mar 16, 2026

VikAppointments Services Booking Calendar Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
6303
100 escaped
Nonce Checks
0
Capability Checks
0
File Operations
83
External Requests
2
Bundled Libraries
4

Dangerous Functions Found

unserialize$this->discounts = unserialize($list);site\models\subscrcart.php:531

Bundled Libraries

TinyMCESelect23.5.1jQueryTCPDF1.0.004

Output Escaping

2% escaped6403 total outputs
Attack Surface
2 unprotected

VikAppointments Services Booking Calendar Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_vikappointmentsvikappointments.php:236
noprivwp_ajax_vikappointmentsvikappointments.php:237

Shortcodes 1

[vikappointments] vikappointments.php:269
WordPress Hooks 49
actioninitvikappointments.php:27
actioninitvikappointments.php:28
actionautomatic_updates_completevikappointments.php:38
filterauto_update_pluginvikappointments.php:50
actionin_plugin_update_message-vikappointments/vikappointments.phpvikappointments.php:66
actionvikappointments_before_display_vikappointmentsvikappointments.php:74
actioninitvikappointments.php:84
actionplugins_loadedvikappointments.php:102
actionplugins_loadedvikappointments.php:105
actioncurrent_screenvikappointments.php:108
actioncurrent_screenvikappointments.php:110
filterset-screen-optionvikappointments.php:112
filterset_screen_option_vikappointments_list_limitvikappointments.php:120
actioninitvikappointments.php:123
actionwp_logoutvikappointments.php:124
actionplugins_loadedvikappointments.php:127
actioninitvikappointments.php:170
actionadmin_menuvikappointments.php:255
actionwidgets_initvikappointments.php:258
actionwidgets_initvikappointments.php:266
actionvikappointments_before_dispatchvikappointments.php:355
actionvikappointments_before_display_vikappointmentsvikappointments.php:406
actionvikappointments_before_display_calendarvikappointments.php:426
filtervik_date_default_timezonevikappointments.php:444
actionvikappointments_after_dispatchvikappointments.php:451
actionadmin_post_vikappointmentsvikappointments.php:517
actionadmin_post_nopriv_vikappointmentsvikappointments.php:518
actionsave_postvikappointments.php:530
actiontrashed_postvikappointments.php:613
actionuntrashed_postvikappointments.php:633
actiondeleted_postvikappointments.php:653
filtermce_buttonsvikappointments.php:683
filtermce_external_pluginsvikappointments.php:686
actioninitvikappointments.php:695
actiondeleted_blogvikappointments.php:706
filterdoing_it_wrong_trigger_errorvikappointments.php:721
actionplugins_loadedvikappointments.php:747
filterplugin_action_linksvikappointments.php:764
actionvik_widget_before_dispatch_sitevikappointments.php:776
actionvik_widget_after_dispatch_sitevikappointments.php:792
actionvik_plugin_before_load_languagevikappointments.php:809
filtervik_plugin_load_languagevikappointments.php:851
actionvikappointments_after_display_vikappointmentsvikappointments.php:874
filtervikappointments_display_view_config_globalvikappointments.php:891
actionvikappointments_after_save_configvikappointments.php:902
filtervikappointments_fetch_rss_channelsvikappointments.php:912
actionvikappointments_before_use_rssvikappointments.php:921
filterrun_wptexturizevikappointments.php:933
filterwp_login_errorsvikappointments.php:948
Maintenance & Trust

VikAppointments Services Booking Calendar Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 6, 2026
PHP min version7.4
Downloads20K

Community Trust

Rating100/100
Number of ratings10
Active installs500
Alternatives

VikAppointments Services Booking Calendar Alternatives

Online Scheduling and Appointment Booking System – Bookly

Online Scheduling and Appointment Booking System – Bookly

bookly-responsive-appointment-booking-tool

A
88

Appointment booking system for WordPress — schedule appointments, manage calendars, send reminders, take payments. Start booking today!

70K 10 CVEs
Easy Appointment Booking & Scheduling System – Webba Booking Calendar

Easy Appointment Booking & Scheduling System – Webba Booking Calendar

webba-booking-lite

A
95

Free Appointment Booking Plugin 📅 Unlimited appointments, booking management, calendar sync, notifications, 5* support = powerful booking system!

3K 7 CVEs
Time Slot – Booking and Appointment System

Time Slot – Booking and Appointment System

timeslot

A
98

Book appointments online with a simple booking form and flexible scheduling. Time Slot is a lightweight booking plugin with a powerful booking system.

100 2 CVEs
Ultimate Appointment Booking & Scheduling

Ultimate Appointment Booking & Scheduling

ultimate-appointment-scheduling

A
100

Appointment booking calendar and scheduling plugin that lets you set up different services, service providers, locations and availability

90 1 CVE
Sugar Calendar Bookings Scheduling Appointments Lite

Sugar Calendar Bookings Scheduling Appointments Lite

sugar-calendar-bookings-scheduling-appointments-lite

A
100

The easiest appointment booking plugin for WordPress. Create booking forms, manage services & schedules, and accept Stripe payments.

20 No CVEs
Developer Profile

VikAppointments Services Booking Calendar Developer Profile

e4jvikwp

7 plugins · 15K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
237 days
View full developer profile
Detection Fingerprints

How We Detect VikAppointments Services Booking Calendar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/vikappointments/vikappointments.css/wp-content/plugins/vikappointments/vikappointments.js/wp-content/plugins/vikappointments/admin/assets/css/vikappointments-admin.css/wp-content/plugins/vikappointments/admin/assets/js/vikappointments-admin.js/wp-content/plugins/vikappointments/framework/admin/assets/css/style.css/wp-content/plugins/vikappointments/framework/admin/assets/js/script.js
Script Paths
/wp-content/plugins/vikappointments/vikappointments.js
Version Parameters
vikappointments/vikappointments.css?ver=vikappointments/vikappointments.js?ver=vikappointments-admin.css?ver=vikappointments-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
vikappointmentsvikappointments-admin
HTML Comments
<!-- No direct access --><!-- autoload dependencies --><!-- handle install/uninstall --><!-- init Installer -->+60 more
Data Attributes
data-vikappointments-id
JS Globals
JoomlaJFactoryJUriJModel
FAQ

Frequently Asked Questions about VikAppointments Services Booking Calendar