WP-Safety

Vollstart Appointment Desk Security & Risk Analysis

wordpress.org/plugins/vollstart-appointment-desk

Appointment booking plugin with walk-in queue, reception cockpit, and double-booking prevention.

0 active installs v1.0.3 PHP 7.4+ WP 6.2+ Updated Apr 13, 2026
appointment-bookingbooking-systemqueue-managementschedulingwalk-in-queue
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Vollstart Appointment Desk Safe to Use in 2026?

Generally Safe

Score 100/100

Vollstart Appointment Desk has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "vollstart-appointment-desk" v1.0.5 plugin exhibits a generally good security posture with several strong indicators. The extensive use of prepared statements for all SQL queries, coupled with a very high percentage of properly escaped output, demonstrates a commitment to fundamental security practices. The plugin also incorporates a reasonable number of nonce and capability checks, and its vulnerability history is clean, with no recorded CVEs. This suggests a mature and well-maintained codebase.

However, a significant concern arises from the presence of a single unprotected AJAX handler. This entry point, without authentication or capability checks, represents a direct avenue for potential abuse if it handles user-supplied data in an insecure manner. Furthermore, the taint analysis, while reporting no critical or high severity flows, did identify four flows with unsanitized paths. While the severity might be low, these represent potential areas where input validation could be improved to prevent unforeseen issues.

In conclusion, while the plugin has many strengths, particularly in its SQL handling and output escaping, the unprotected AJAX endpoint is a notable weakness. The presence of unsanitized paths in the taint analysis also warrants attention. Addressing the unprotected AJAX handler and further scrutinizing the identified taint flows would significantly enhance the plugin's overall security.

Key Concerns

  • Unprotected AJAX handler
  • Taint flows with unsanitized paths
  • Use of unserialize function
Vulnerabilities
None known

Vollstart Appointment Desk Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Vollstart Appointment Desk Release Timeline

v1.0.3Current
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

Vollstart Appointment Desk Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
22 prepared
Unescaped Output
14
812 escaped
Nonce Checks
6
Capability Checks
9
File Operations
10
External Requests
3
Bundled Libraries
2

Dangerous Functions Found

unserialize$obj = unserialize($data);vendors/chillerlan-qrcode/settings-container/SettingsContainerAbstract.php:227

Bundled Libraries

DataTablesSelect2

SQL Query Safety

100% prepared22 total queries

Output Escaping

98% escaped826 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
handleAjax (includes/class-admin.php:259)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Vollstart Appointment Desk Attack Surface

Entry Points7
Unprotected1

AJAX Handlers 1

authwp_ajax_vollstart_dismiss_promovollstart-cross-promo.php:138

REST API Routes 1

POST/wp-json/vollstart-appointment-desk/v1/check-inincludes/class-frontend.php:2478

Shortcodes 5

[vollstart_adesk_cockpit] includes/class-cockpit.php:21
[vollstart-appointment-desk] includes/class-frontend.php:20
[vollstart_adesk_booking_page] includes/class-frontend.php:21
[vollstart_adesk_queue] includes/class-frontend.php:22
[vollstart_adesk_queue_display] includes/class-frontend.php:23
WordPress Hooks 54
actionadmin_menuincludes/class-admin.php:21
actionadmin_enqueue_scriptsincludes/class-admin.php:22
actionadmin_noticesincludes/class-admin.php:23
actionrest_api_initincludes/class-cockpit.php:18
actiontemplate_redirectincludes/class-cockpit.php:24
filterquery_varsincludes/class-frontend.php:31
actionwpincludes/class-frontend.php:32
actionwpincludes/class-frontend.php:33
actionwpincludes/class-frontend.php:34
actionwpincludes/class-frontend.php:35
actionwpincludes/class-frontend.php:36
actionwpincludes/class-frontend.php:37
actionwpincludes/class-frontend.php:38
actionwpincludes/class-frontend.php:39
actionwpincludes/class-frontend.php:40
actionwpincludes/class-frontend.php:41
actionrest_api_initincludes/class-frontend.php:44
filtertemplate_includeincludes/class-frontend.php:1155
filtertemplate_includeincludes/class-frontend.php:1182
filtertemplate_includeincludes/class-frontend.php:1196
filtertemplate_includeincludes/class-frontend.php:1210
filtertemplate_includeincludes/class-frontend.php:1229
filtertemplate_includeincludes/class-frontend.php:1273
filtertemplate_includeincludes/class-frontend.php:1340
filtertemplate_includeincludes/class-frontend.php:1355
filtertemplate_includeincludes/class-frontend.php:2003
filtertemplate_includeincludes/class-frontend.php:2160
filtertemplate_includeincludes/class-frontend.php:2183
filtertemplate_includeincludes/class-frontend.php:2243
filtertemplate_includeincludes/class-frontend.php:2263
filtertemplate_includeincludes/class-frontend.php:2386
actioninitincludes/class-ics-feed.php:16
filterquery_varsincludes/class-ics-feed.php:17
actionparse_requestincludes/class-ics-feed.php:18
filtervollstart_adesk_setting_writableincludes/class-main.php:48
actioninitincludes/class-main.php:51
actionvollstart_adesk_cleanup_filesincludes/class-main.php:54
actionvollstart_adesk_appointment_createdincludes/class-notification.php:16
actionvollstart_adesk_appointment_cancelledincludes/class-notification.php:17
actionvollstart_adesk_appointment_cancelled_by_adminincludes/class-notification.php:18
actionvollstart_adesk_appointment_rescheduledincludes/class-notification.php:19
actionvollstart_adesk_appointment_declinedincludes/class-notification.php:20
actionvollstart_adesk_appointment_completedincludes/class-notification.php:21
actionvollstart_adesk_send_rating_emailincludes/class-notification.php:22
actionwoocommerce_order_status_changedincludes/class-woocommerce.php:45
actionwoocommerce_checkout_create_order_line_itemincludes/class-woocommerce.php:48
filterwoocommerce_order_item_display_meta_keyincludes/class-woocommerce.php:51
filterwoocommerce_order_item_display_meta_valueincludes/class-woocommerce.php:52
filterwoocommerce_cart_item_nameincludes/class-woocommerce.php:55
actionwoocommerce_before_calculate_totalsincludes/class-woocommerce.php:58
filterwoocommerce_get_item_dataincludes/class-woocommerce.php:61
filterwoocommerce_update_cart_validationincludes/class-woocommerce.php:64
actionadmin_menuvollstart-cross-promo.php:69
actionadmin_noticesvollstart-cross-promo.php:89

Scheduled Events 2

vollstart_adesk_cleanup_files
vollstart_adesk_send_rating_email
Maintenance & Trust

Vollstart Appointment Desk Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 13, 2026
PHP min version7.4
Downloads156

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Vollstart Appointment Desk Alternatives

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

simply-schedule-appointments

A
88

Unlimited appointments, booking calendars, and notifications. Powerful appointment booking plugin and booking system. Start scheduling for free today!

60K 27 CVEs
WPS Bookings for WooCommerce

WPS Bookings for WooCommerce

mwb-bookings-for-woocommerce

A
100

This WordPress Booking Plugin lets you manage full-day bookings, service appointments, Accept/reject bookings, show booking availability & much more.

4K No CVEs
Advanced Appointment Booking & Scheduling

Advanced Appointment Booking & Scheduling

advanced-appointment-booking-scheduling

B
78

Advanced Appointment Booking & Scheduling: Effortlessly manage appointments with a simple, user-friendly scheduling system.

3K 1 unpatched
Easy Appointment Booking & Scheduling System – Webba Booking Calendar

Easy Appointment Booking & Scheduling System – Webba Booking Calendar

webba-booking-lite

A
95

Free Appointment Booking Plugin 📅 Unlimited appointments, booking management, calendar sync, notifications, 5* support = powerful booking system!

3K 7 CVEs
Timetics – Appointment Booking & Scheduling

Timetics – Appointment Booking & Scheduling

timetics

A
86

Appointment booking and scheduling system with online booking calendar, payments, automated reminders, and calendar sync.

2K 10 CVEs
Developer Profile

Vollstart Appointment Desk Developer Profile

Vollstart

3 plugins · 2K total installs

84
trust score
Avg Security Score
94/100
Avg Patch Time
41 days
View full developer profile
Detection Fingerprints

How We Detect Vollstart Appointment Desk

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/vollstart-appointment-desk/css/backend.css/wp-content/plugins/vollstart-appointment-desk/js/libs/select2/select2.min.css/wp-content/plugins/vollstart-appointment-desk/js/libs/fullcalendar/index.global.min.js/wp-content/plugins/vollstart-appointment-desk/js/libs/datatables/dataTables.dataTables.min.css/wp-content/plugins/vollstart-appointment-desk/js/libs/datatables/dataTables.min.js/wp-content/plugins/vollstart-appointment-desk/js/libs/html5-qrcode/html5-qrcode.min.js/wp-content/plugins/vollstart-appointment-desk/js/backend.js
Script Paths
/wp-content/plugins/vollstart-appointment-desk/js/libs/select2/select2.min.js/wp-content/plugins/vollstart-appointment-desk/js/libs/fullcalendar/index.global.min.js/wp-content/plugins/vollstart-appointment-desk/js/libs/datatables/dataTables.min.js/wp-content/plugins/vollstart-appointment-desk/js/libs/html5-qrcode/html5-qrcode.min.js/wp-content/plugins/vollstart-appointment-desk/js/backend.js
Version Parameters
vollstart-appointment-desk/css/backend.css?ver=vollstart-appointment-desk/js/libs/select2/select2.min.js?ver=vollstart-appointment-desk/js/libs/fullcalendar/index.global.min.js?ver=vollstart-appointment-desk/js/libs/datatables/dataTables.min.js?ver=vollstart-appointment-desk/js/libs/html5-qrcode/html5-qrcode.min.js?ver=vollstart-appointment-desk/js/backend.js?ver=

HTML / DOM Fingerprints

CSS Classes
select2-containerfcdataTables_wrapper
Data Attributes
data-prefixdata-ajaxurldata-nonce
JS Globals
vollstartAdeskAdmin
FAQ

Frequently Asked Questions about Vollstart Appointment Desk