WP-Safety

YOGO Booking Security & Risk Analysis

wordpress.org/plugins/yogo-booking

The easiest way to embed YOGO Booking on your Wordpress website.

200 active installs v1.6.6 PHP + WP 4.6+ Updated May 14, 2025
bookingfitnessscheduletrainingyoga
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 6, 2025
Download
Safety Verdict

Is YOGO Booking Safe to Use in 2026?

Generally Safe

Score 99/100

YOGO Booking has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 6, 2025Updated 10mo ago
Risk Assessment

The static analysis of yogo-booking v1.6.6 reveals a generally strong security posture. The plugin exhibits excellent practices by using prepared statements for all SQL queries and ensuring all output is properly escaped. Furthermore, the absence of dangerous functions, file operations, and external HTTP requests are positive indicators. The limited attack surface is also a good sign. However, the complete absence of nonce checks and the presence of only one capability check across all entry points are significant concerns. This lack of robust authorization mechanisms means that if an attacker can find a way to trigger these entry points, they might be able to perform actions without proper verification.

The vulnerability history indicates a single past medium-severity vulnerability, specifically Cross-site Scripting (XSS). While this vulnerability is reported as patched, the presence of such a vulnerability in the past, coupled with the current lack of nonce checks, suggests a potential for similar issues if input handling is not meticulously reviewed. The fact that the last vulnerability was in the future (2025-01-06) is also highly unusual and likely an error in the provided data. Despite the good practices in SQL and output handling, the oversight in authorization and nonce checks represents a notable weakness that could be exploited.

Key Concerns

  • No nonce checks on entry points
  • Only one capability check across 10 entry points
  • Past medium severity CVE (XSS)
Vulnerabilities
1

YOGO Booking Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-12462medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

YOGO Booking <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 6, 2025 Patched in 1.6.3 (24d)
Code Analysis
Analyzed Mar 16, 2026

YOGO Booking Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
31 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped31 total outputs
Attack Surface

YOGO Booking Attack Surface

Entry Points10
Unprotected0

Shortcodes 10

[yogo-calendar] src\shortcodes.php:6
[yogo-teachers] src\shortcodes.php:20
[yogo-events] src\shortcodes.php:32
[yogo-prices] src\shortcodes.php:38
[yogo-products] src\shortcodes.php:44
[yogo-event-button] src\shortcodes.php:49
[yogo-class-pass-button] src\shortcodes.php:66
[yogo-membership-button] src\shortcodes.php:83
[yogo-membership-button] src\shortcodes.php:103
[yogo-video-group] src\shortcodes.php:123
WordPress Hooks 5
actionadmin_initsrc\admin.php:31
actionadmin_menusrc\admin.php:78
actioninityogo.php:34
actionwp_headyogo.php:72
actioninityogo.php:74
Maintenance & Trust

YOGO Booking Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 14, 2025
PHP min version
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs200
Alternatives

YOGO Booking Alternatives

Yoga Schedule Momoyoga

Yoga Schedule Momoyoga

momoyoga-integration

A
98

Show your Momoyoga class schedule on your WordPress website.

1K 2 CVEs
Gym Builder – Fitness, Gym, Class Schedule Maker Plugin

Gym Builder – Fitness, Gym, Class Schedule Maker Plugin

gym-builder

A
100

GymBuilder simplifies gym management with class schedules,trainer profiles,fitness calculators,member management,and shortcode generators.

100 No CVEs
Appointment Hour Booking – Booking Calendar

Appointment Hour Booking – Booking Calendar

appointment-hour-booking

A
92

Appointment Hour Booking is a plugin for creating booking forms for appointments with a start time and a defined duration within a schedule.

10K 11 CVEs
MotoPress Appointment Booking

MotoPress Appointment Booking

motopress-appointment-lite

A
100

MotoPress Appointment Booking makes it easy for time and service-based businesses to accept bookings and appointments online.

2K No CVEs
Event Tickets Manager for WooCommerce

Event Tickets Manager for WooCommerce

event-tickets-manager-for-woocommerce

A
100

Use this powerful WordPress event plugin to create and sell events, manage tickets, check-ins, recurring schedules, venues, and attendee details with &hellip;

1K No CVEs
Developer Profile

YOGO Booking Developer Profile

Anders Hjort Straarup

1 plugin · 200 total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
24 days
View full developer profile
Detection Fingerprints

How We Detect YOGO Booking

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/yogo-booking/build/yogo-booking.css/wp-content/plugins/yogo-booking/build/yogo-booking.js

HTML / DOM Fingerprints

CSS Classes
yogo-calendaryogo-teachersyogo-eventsyogo-pricesyogo-productsyogo-event-buttonyogo-class-pass-buttonyogo-membership-button+1 more
Data Attributes
data-branchdata-class-typedata-teacherdata-start-datedata-teachersdata-event-group+9 more
JS Globals
YOGO_APP_SERVERyogoWidgetSettings
Shortcode Output
<div class="yogo-calendar"<div class="yogo-teachers"<div class="yogo-events"<div class="yogo-prices"
FAQ

Frequently Asked Questions about YOGO Booking