Does WP Time Slots Booking Form have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Time Slots Booking Form have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Time Slots Booking Form compatible with WordPress 6.9.4?

According to WordPress.org data, WP Time Slots Booking Form 1.2.45 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is WP Time Slots Booking Form updated?

WP Time Slots Booking Form was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is WP Time Slots Booking Form's security score?

WP Time Slots Booking Form has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Time Slots Booking Form Security & Risk Analysis

wordpress.org/plugins/wp-time-slots-booking-form

WP Time Slots Booking Form is a booking calendar that allows users to reserve time slots on specific dates.

1K active installs v1.2.45 PHP + WP 3.0.5+ Updated Mar 5, 2026

bookingbooking-calendarreservationslottime

A · Safe

CVEs total9

Unpatched0

Last CVEDec 20, 2025

Plugin page Download

Safety Verdict

Is WP Time Slots Booking Form Safe to Use in 2026?

Generally Safe

Score 92/100

WP Time Slots Booking Form has a strong security track record. Known vulnerabilities have been patched promptly.

9 known CVEsLast CVE: Dec 20, 2025Updated 29d ago

Risk Assessment

The "wp-time-slots-booking-form" plugin version 1.2.45 exhibits a mixed security posture. While it demonstrates good practices with a high percentage of prepared SQL statements and properly escaped output, several areas raise concerns. The presence of 26 dangerous function calls, notably 'unserialize', presents a significant risk if not handled with extreme care, especially when dealing with user-supplied input. Furthermore, the taint analysis revealing 4 high-severity flows with unsanitized paths indicates potential vulnerabilities that could be exploited by attackers.

The plugin's history of 9 known CVEs, with 7 classified as medium severity and 1 as high, suggests a pattern of security weaknesses. While there are currently no unpatched vulnerabilities, the historical prevalence of issues like CSRF, XSS, and authorization flaws indicates a recurring need for robust security implementations. The last reported vulnerability date of December 2025 is concerning, suggesting recent or ongoing issues that may have been fixed but highlight the plugin's past susceptibility.

In conclusion, the plugin has strengths in its general code hygiene regarding SQL and output escaping. However, the identified dangerous function usage, high-severity taint flows, and a substantial history of diverse vulnerabilities necessitate a cautious approach. Users should be aware of the potential risks and ensure they are running the absolute latest, patched version of the plugin, while also being vigilant about any future security advisories.

Key Concerns

Dangerous functions (unserialize) detected
High severity taint flows detected
Numerous known CVEs in history
High severity vulnerability in history
Medium severity vulnerabilities in history

Vulnerabilities

WP Time Slots Booking Form Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

3 CVEs in 2023

2023

3 CVEs in 2024

2024

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

Low

9 total CVEs

CVE-2025-68569medium · 4.3Missing Authorization

Time Slots Booking Form <= 1.2.39 - Missing Authorization

Dec 20, 2025 Patched in 1.2.40 (18d)

CVE-2025-49332medium · 4.3Cross-Site Request Forgery (CSRF)

WP Time Slots Booking Form <= 1.2.30 - Cross-Site Request Forgery

Jun 5, 2025 Patched in 1.2.31 (37d)

CVE-2024-35734high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Time Slots Booking Form <= 1.2.10 - Unauthenticated Stored Cross-Site Scripting

Jun 6, 2024 Patched in 1.2.11 (7d)

CVE-2024-35735medium · 5.3Missing Authorization

WP Time Slots Booking Form <= 1.2.11 - Missing Authorization

Jun 6, 2024 Patched in 1.2.12 (7d)

CVE-2024-33543medium · 5.3External Control of Assumed-Immutable Web Parameter

WP Time Slots Booking Form <= 1.2.06 - Unauthenticated Price Manipulation

Apr 25, 2024 Patched in 1.2.07 (7d)

CVE-2022-41790medium · 4.3Missing Authorization

WP Time Slots Booking Form <= 1.1.76 - Missing Authorization to Feedback Submission

Feb 28, 2023 Patched in 1.1.77 (329d)

CVE-2023-23895medium · 4.1Improper Authorization

WP Time Slots Booking Form <= 1.1.82 - Improper Authorization Checks

Jan 20, 2023 Patched in 1.1.83 (368d)

CVE-2023-23971low · 3.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Time Slots Booking Form <= 1.1.81 - Authenticated (Admin+) Stored Cross Site Scripting

Jan 20, 2023 Patched in 1.1.82 (368d)

CVE-2022-0389medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Time Slots Booking Form <= 1.1.62 - Stored Cross-Site Scripting

Feb 2, 2022 Patched in 1.1.63 (720d)

Code Analysis

Analyzed Mar 16, 2026

WP Time Slots Booking Form Code Analysis

Dangerous Functions

Raw SQL Queries

56 prepared

Unescaped Output

1051 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = unserialize($item->posted_data);addons\dashboard-box.addon.php:96

unserialize$data = unserialize($item->posted_data);addons\icalexport.addon.php:274

unserializeif ( !is_admin() || (!$current_user_access && !@in_array($current_user->ID, unserialize($this->get_ocp-admin-int-add-booking.inc.php:8

unserializeif ($current_user_access || is_array(unserialize($item->cp_user_access)) && (@in_array($current_usercp-admin-int-list.inc.php:186

unserializeif ( !is_admin() || (!$current_user_access && !@in_array($current_user->ID, unserialize($this->get_ocp-admin-int-message-list.inc.php:10

unserialize$params = unserialize($myrows[0]->posted_data);cp-admin-int-message-list.inc.php:69

unserialize$posted_data = unserialize($events[$i]->posted_data);cp-admin-int-message-list.inc.php:374

unserializeif ( !is_admin() || (!$current_user_access && !@in_array($current_user->ID, unserialize($this->get_ocp-admin-int-report.inc.php:13

unserialize$params = unserialize($item->posted_data);cp-admin-int-report.inc.php:86

unserialize$options = unserialize($this->get_option('cp_user_access', serialize(array())));cp-admin-int-report.inc.php:215

unserializeif ( !is_admin() || (!$current_user_access && !@in_array($current_user->ID, unserialize($this->get_ocp-admin-int-schedule.inc.php:10

unserializeif ( !is_admin() || (!$current_user_access && !@in_array($current_user->ID, unserialize($this->get_ocp-admin-int.inc.php:9

unserialize$options = unserialize($this->get_option('cp_user_access', array()));cp-admin-int.inc.php:470

unserializeif ( !is_admin() || (!$current_user_access && !@in_array($current_user->ID, unserialize($this->get_ocp-full-stats.inc.php:14

unserialize$data = unserialize($item->posted_data);cp-full-stats.inc.php:40

unserialize$posted_data = unserialize($events[0]->posted_data);cp-main-class.inc.php:238

unserialize$data = unserialize($item->posted_data);cp-main-class.inc.php:288

unserialize$result = ($current_user_access || (intval($current_user->ID) && @in_array($current_user->ID, unsericp-main-class.inc.php:1102

unserialize$data = unserialize($myrows[$i]->posted_data);cp-main-class.inc.php:1122

unserialize$params = unserialize($myrows[0]->posted_data);cp-main-class.inc.php:1604

unserialize$data = unserialize($item->posted_data);cp-main-class.inc.php:2018

unserialize$data = unserialize($item->posted_data);cp-main-class.inc.php:2144

unserialize$data = unserialize($item->posted_data);cp-main-class.inc.php:2441

unserializeif ( !is_admin() || (!$current_user_access && !@in_array($current_user->ID, unserialize($this->get_ocsseditor.inc.php:13

unserializeif ($current_user_access || @in_array($current_user->ID, unserialize($this->get_option("cp_user_accecsseditor.inc.php:174

SQL Query Safety

69% prepared81 total queries

Output Escaping

95% escaped1106 total outputs

Data Flows

9 unsanitized

Data Flow Analysis

13 flows9 with unsanitized paths

pp_iCalExport_update_status (addons\icalexport.addon.php:237)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Time Slots Booking Form Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 1

authwp_ajax_cptslotsb_feedbackcp-feedback.php:6

Shortcodes 1

[CP_TIME_SLOTS_BOOKING_LIST] wp-time-slots-booking-plugin.php:145

WordPress Hooks 27

actionwp_dashboard_setupaddons\dashboard-box.addon.php:41

actioninitaddons\icalexport.addon.php:171

filtercptslotsb_email_attachmentsaddons\icalexport.addon.php:173

actionadmin_bar_menubanner.php:108

actionelementor/widgets/widgets_registeredcontrollers\elementor\cp-elementor-widget.inc.php:11

actionelementor/elements/categories_registeredcontrollers\elementor\cp-elementor-widget.inc.php:13

actionelementor/editor/after_enqueue_stylescontrollers\elementor\cp-elementor-widget.inc.php:15

actionelementor/frontend/after_enqueue_stylescontrollers\elementor\cp-elementor-widget.inc.php:17

actionadmin_enqueue_scriptscp-feedback.php:5

actionadmin_footercp-feedback.php:21

actionmedia_buttonswp-time-slots-booking-plugin.php:113

actioninitwp-time-slots-booking-plugin.php:114

actionwp_loadedwp-time-slots-booking-plugin.php:115

actionadmin_bar_menuwp-time-slots-booking-plugin.php:116

actionplugins_loadedwp-time-slots-booking-plugin.php:117

actionwidgets_initwp-time-slots-booking-plugin.php:120

actionadmin_enqueue_scriptswp-time-slots-booking-plugin.php:139

actionadmin_menuwp-time-slots-booking-plugin.php:141

actionenqueue_block_editor_assetswp-time-slots-booking-plugin.php:142

filterautoptimize_filter_js_excludewp-time-slots-booking-plugin.php:175

filterlitespeed_cache_optimize_js_excludeswp-time-slots-booking-plugin.php:236

filteroption_sbp_settingswp-time-slots-booking-plugin.php:298

actioninitwp-time-slots-booking-plugin.php:312

filterget_post_metadatawp-time-slots-booking-plugin.php:313

filtercontent_save_prewp-time-slots-booking-plugin.php:325

filtersgo_javascript_combine_excludewp-time-slots-booking-plugin.php:343

filtersgo_js_minify_excludewp-time-slots-booking-plugin.php:351

Maintenance & Trust

WP Time Slots Booking Form Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 5, 2026

PHP min version

Downloads130K

Community Trust

Rating98/100

Number of ratings39

Active installs1K

Alternatives

WP Time Slots Booking Form Alternatives

WP Booking System – Booking Calendar

wp-booking-system

The booking calendar plugin for WordPress. Get easy online booking with this lightweight and powerful booking calendar.

20K 7 CVEs

Booking Package

booking-package

Booking Package is the simplest solution for integrating an online appointment booking calendar system and event calendar into your WordPress website.

10K 6 CVEs

FareHarbor for WordPress

fareharbor

Easily add FareHarbor reservation calendars, booking embeds, and buttons to your site.

9K 2 CVEs

Booking calendar, Appointment Booking System

booking-calendar

Booking calendar plugin is an awesome tool for creating appointment booking calendars and Scheduling systems in a few minutes.

4K 17 CVEs

Pinpoint Booking System – Version 2

booking-system

Book anything, anytime, anywhere.

3K 13 CVEs

Developer Profile

WP Time Slots Booking Form Developer Profile

codepeople

34 plugins · 89K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

964 days

View full developer profile

Detection Fingerprints

How We Detect WP Time Slots Booking Form

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-time-slots-booking-form/css/style.css/wp-content/plugins/wp-time-slots-booking-form/css/datepicker.css/wp-content/plugins/wp-time-slots-booking-form/js/jquery-ui.min.js/wp-content/plugins/wp-time-slots-booking-form/js/scripts.js/wp-content/plugins/wp-time-slots-booking-form/js/scripts_public.js/wp-content/plugins/wp-time-slots-booking-form/js/dpicker.js

Script Paths

/wp-content/plugins/wp-time-slots-booking-form/js/scripts.js/wp-content/plugins/wp-time-slots-booking-form/js/scripts_public.js

Version Parameters

wp-time-slots-booking-form/style.css?ver=wp-time-slots-booking-form/css/datepicker.css?ver=wp-time-slots-booking-form/js/jquery-ui.min.js?ver=wp-time-slots-booking-form/js/scripts.js?ver=wp-time-slots-booking-form/js/scripts_public.js?ver=wp-time-slots-booking-form/js/dpicker.js?ver=

HTML / DOM Fingerprints

CSS Classes

cpt-date-time-pickercpt-time-slots-booking-containercpt-tsb-date-picker

HTML Comments

Data Attributes

data-form-identifierdata-time-slots-booking-form

JS Globals

CP_TSLOTSBOOK_DEFER_SCRIPTS_LOADINGCP_TSLOTSBOOK_DEFAULT_form_structureCP_TSLOTSBOOK_DEFAULT_track_IPCP_TSLOTSBOOK_DEFAULT_fp_subjectCP_TSLOTSBOOK_DEFAULT_fp_inc_additional_infoCP_TSLOTSBOOK_DEFAULT_fp_return_page+32 more

Shortcode Output

[CP_TSLOTS_BOOKING_FORM]

FAQ