Last Updated on September 22, 2023 by

Hi *********

We wanted to make you aware about multiple serious vulnerabilities in versions 2.4.3 and below of the Booked – Appointment Booking for WordPress plugin.  

Here is the patched version of the Booked Plugin v2.4.4 >>

This plugin was included with the following theme(s) you purchased on ThemeForest:

  • ANN – Artificial Neural Network AI WordPress Theme + Stable Diffusion
  • Abelle – Beauty Salon Elementor WordPress Theme
  • Agricola – Agriculture and Organic Farm WordPress Theme
  • Belicia – Luxury Resort & Hotel WordPress Theme
  • Brielle – Beauty Salon and Cosmetics Theme
  • Cerebrum – Trauma Counseling & Psychology WordPress Theme
  • Clinical – Plastic Surgery Theme
  • Crafti – Creative Handmade WordPress Theme
  • Dom – House Services Elementor WordPress Theme
  • EasyEat – Street Food Restaurant WordPress Theme
  • Echo – Digital Marketing & Creative Agency WordPress Theme
  • Expo – Modern Art & Photography Gallery WordPress Theme
  • Fabrica – Industrial & Engineering Factory WordPress Theme
  • Facultic – Online Education Courses WordPress Theme
  • Geya – Renewable Energy & Ecology Protection WordPress Theme
  • Good Mood – Wine Shop WordPress Theme
  • Grace – Church, Religion & Charity WordPress Theme
  • Grange – Farm, Bazaar & Food Market WordPress Theme
  • Granola – SEO & Marketing Agency WordPress Theme
  • Grit – Coaching & Online Courses Multiskin WordPress Theme
  • Investex – Corporate Business & Accounting WordPress Theme
  • Joly – Hairdresser & Beauty Salon WordPress Theme
  • Lawyer – WordPress Theme
  • Lesya – Beauty Salon & Spa WordPress Theme
  • Lunna – Creative Portfolio WordPress Theme
  • Medeus – Medical Multipurpose Doctor WordPress Theme
  • Midi – Sound & Music Production WordPress Theme
  • Mission – Church & Religion Multipurpose WordPress Theme
  • Panda – Creative Marketing Agency & SEO WordPress Theme
  • Preservation – NonProfit & Ecology WordPress Theme
  • Prophet – Horoscope,Astrology & Fortune Telling WordPress Theme
  • Quirky – NFT, Token & Blockchain WCFM Marketplace WordPress Theme
  • Reina – Spa and Wellness Theme
  • Richmond – Hotel Booking Theme
  • Splendour – Jewelry & Watches WordPress Theme
  • Spock – Medical Elementor Multi-skin WordPress Theme
  • Strux – Architecture & Interior Design WordPress Theme
  • Towny – Outdoor & Home Services WordPress Theme
  • W&D – Windows & Doors Company WordPress Theme


The future of the Booked plugin 

Booked has now been disabled on our marketplace, and another trusted Power Elite author with a 5-star rating, Themovation, has worked with a security vendor to do a one-off update to address the vulnerabilities.

The patched version (2.4.4) of the Booked plugin can be downloaded free of charge for the next 28 days:

Please note: this is not intended as a long term solution, and there will be no further updates or support provided for installing or using this temporary version. 

Alternatively, QuickCal (also by Themovation) is a new equivalent plugin that will receive ongoing support, maintenance and improvements, and is available for purchase on CodeCanyon.

What to do now 

In order to secure your website from these identified vulnerabilities, we recommend you stop using the Booked plugin immediately. 

The author of the theme(s) you purchased is expected to release a free update containing a permanent solution in the coming weeks. Please ensure you have item update email notifications enabled to watch for this, and do the update as soon as it’s available. For further information about when this update will be available, please contact the author of your theme(s). 

In the meantime, if you need to continue to use Booked, you can use the patched version linked above. Importantly, this must be installed manually—do not attempt to update Booked via the WordPress back end or the Envato Market plugin. We recommend making a back up of your site before doing this, and confirming the update was successful by going to the Plugins screen and making sure the version number is 2.4.4.

If you have used this plugin in projects for clients, please help them to secure their sites as well. 

Your security is our priority 

We take security seriously at Envato. When we receive security vulnerability reports for items sold on our marketplaces, we work as quickly as possible to validate the report, investigate risk and determine the best course of action for the security of our community. 

Thank you in advance for taking the time to secure your website. 

— Envato Market