Hydra Booking — Appointment Scheduling & Booking Calendar

A complete appointment scheduling and booking calendar for WordPress — integrates with WooCommerce, Google Calendar, Zoom, and more.

v1.2.0ThemeficUpdated yesterdayAdded 2 years ago2k+ installs88% rating

appointment booking appointments booking calendar scheduling

Score

238

Errors

707

Warnings

Change

Category Scores

Security0

Repo100

Performance100

Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

945 findings

Maintainability

568

10 issue groups

Security

306

11 issue groups

I18n

4 issue groups

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$Bookmark".236

Category: Maintainability
Occurrences: 236
Severity: warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$Bookmark".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.120

Category: Maintainability
Occurrences: 120
Severity: warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().112

Category: Maintainability
Occurrences: 112
Severity: warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching

ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $query53

Category: Security
Occurrences: 53
Severity: error

Sample message

Use placeholders and $wpdb->prepare(); found $query

WordPress.DB.PreparedSQL.NotPrepared

WARNINGSecurityRequest data is not unslashed$_GET['hash'] not unslashed before sanitization. Use wp_unslash() or similar53

Category: Security
Occurrences: 53
Severity: warning

Sample message

$_GET['hash'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash

WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $booking_table at "SELECT $table_name.*, COUNT($booking_table.id) as total_booking, $host_table.first_name as host_first_name, $host_table.last_name as host_last_name FROM $table_name\n52

Category: Security
Occurrences: 52
Severity: warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $booking_table at "SELECT $table_name.*, COUNT($booking_table.id) as total_booking, $host_table.first_name as host_first_name, $host_table.last_name as host_last_name FROM $table_name\n

WordPress.DB.PreparedSQL.InterpolatedNotPrepared

ERRORSecurityDatabase parameter is not escapedUnescaped parameter $booking_table used in $wpdb->get_results()\n$booking_table assigned unsafely at line 176.45

Category: Security
Occurrences: 45
Severity: error

Sample message

Unescaped parameter $booking_table used in $wpdb->get_results()\n$booking_table assigned unsafely at line 176.

PluginCheck.Security.DirectDB.UnescapedDBParameter

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$bookmark['title']'.33

Category: Security
Occurrences: 33
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$bookmark['title']'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

WARNINGMaintainabilitySchema ChangeAttempting a database schema change is discouraged.28

Category: Maintainability
Occurrences: 28
Severity: warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange

ERRORI18nText Domain MismatchMismatched text domain. Expected 'hydra-booking' but got 'fluent-booking'.24

Category: I18n
Occurrences: 24
Severity: error

Sample message

Mismatched text domain. Expected 'hydra-booking' but got 'fluent-booking'.

WordPress.WP.I18n.TextDomainMismatch Reference

Show 15 more

WARNINGMaintainabilityslow db query meta key23

Category: Maintainability
Occurrences: 23
Severity: warning

Sample message

Detected usage of meta_key, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_key

ERRORMaintainabilitycurl curl setopt23

Category: Maintainability
Occurrences: 23
Severity: error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_setopt

WARNINGSecurityNonce verification recommended20

Category: Security
Occurrences: 20
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended

WARNINGSecurityInput is not validated19

Category: Security
Occurrences: 19
Severity: warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['attendee_time_zone']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated

WARNINGSecurityInput is not sanitized18

Category: Security
Occurrences: 18
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['code']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

ERRORMaintainabilitydate date11

Category: Maintainability
Occurrences: 11
Severity: error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date

ERRORI18nMissing Translators Comment11

Category: I18n
Occurrences: 11
Severity: error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsComment Reference

WARNINGSecuritywp redirect wp redirect5

Category: Security
Occurrences: 5
Severity: warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirect Reference

ERRORMaintainabilitycurl curl close5

Category: Maintainability
Occurrences: 5
Severity: error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_close

ERRORMaintainabilitycurl curl exec5

Category: Maintainability
Occurrences: 5
Severity: error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_exec

ERRORMaintainabilitycurl curl init5

Category: Maintainability
Occurrences: 5
Severity: error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_init

WARNINGSecurityDatabase parameter is not escaped4

Category: Security
Occurrences: 4
Severity: warning

Sample message

Unescaped parameter $table used in $wpdb->get_results()\n$table assigned unsafely at line 167.

PluginCheck.Security.DirectDB.UnescapedDBParameter

WARNINGSecurityMissing nonce verification4

Category: Security
Occurrences: 4
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing

ERRORI18nNon Singular String Literal Text3

Category: I18n
Occurrences: 3
Severity: error

Sample message

The $text parameter must be a single text string literal. Found: 'This is an automated email from ' . get_bloginfo( 'name' ) . ', please do not reply.'

WordPress.WP.I18n.NonSingularStringLiteralText Reference

WARNINGI18nDiscouraged text-domain loading2

Category: I18n
Occurrences: 2
Severity: warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound Reference

External Connections

Potential connections found in static code analysis.

35 domains

Outbound calls

167

External assets

Incoming endpoints

100

Notable Domains

hydrabooking.com16 · outbound

api.zoom.us12 · outbound

googleapis.com8 · outbound

loading.io6 · outbound

appsero.com4 · outbound

portal.themefic.com4 · outbound

Platform / Reference Domains

w3.org77 · platform/reference

ps.w.org4 · platform/reference

github.com3 · platform/reference

gnu.org1 · platform/reference

External Asset Domains

fonts.googleapis.com1 · asset

Incoming Endpoints

/wp-json/hydra-booking/v1/booking/(?P<id>[0-9]+)REST

register_rest_route

/wp-json/hydra-booking/v1/booking/availabletimeREST

register_rest_route

/wp-json/hydra-booking/v1/booking/bulk-updateREST

register_rest_route

/wp-json/hydra-booking/v1/booking/cancel-booking-attendeeREST

register_rest_route

/wp-json/hydra-booking/v1/booking/change-attendee-statusREST

register_rest_route

/wp-json/hydra-booking/v1/booking/change-booking-statusREST

register_rest_route

Admin AJAX endpoints4

admin_post_hydra-booking_fupcauthenticated

admin_post

admin_post_HydraBooking_el_activate_licenseauthenticated

admin_post

admin_post_HydraBooking_el_deactivate_licenseauthenticated

admin_post

wp_ajax_appsero_refresh_license_authenticated

wp_ajax

Score History

2 score snapshots

yesterday

v1.2.0

Latest

Findings: 945
Errors: 238
Warnings: 707
Check: 2.0.0

4 days ago

v1.1.45

Score

Findings: 945
Errors: 238
Warnings: 707
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
yesterdayLatest	25	945	238	707	v1.2.0	2.0.0
4 days ago	25	945	238	707	v1.1.45	2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Loading map

PluginAuthorCategoryIssueDomainRelated

Relationship links

Issue

Domain

hydrabooking.com16 signals api.zoom.us12 signals googleapis.com8 signals loading.io6 signals appsero.com4 signals portal.themefic.com4 signals themefic.com4 signals app.loopedin.io2 signals

Related Plugins

EMC – Easily Embed Calendly Scheduling

10k+ active installs

100

Events Shortcodes For The Events Calendar

10k+ active installs

100

Cal.com

1k+ active installs

Calendar

4k+ active installs

Hydrogen Calendar Embeds

900 active installs

ICS Calendar

10k+ active installs