WP-Safety

Alex Reservations: Smart Restaurant Booking Security & Risk Analysis

wordpress.org/plugins/alex-reservations

Restaurant reservations solution to help you manage your daily bookings.

200 active installs v2.3.5 PHP 8.1+ WP 5.1+ Updated Mar 5, 2026
appointmentsbookingrestaurant-reservationsschedulingtables
96
A · Safe
CVEs total2
Unpatched0
Last CVENov 7, 2025
Plugin page Download
Safety Verdict

Is Alex Reservations: Smart Restaurant Booking Safe to Use in 2026?

Generally Safe

Score 96/100

Alex Reservations: Smart Restaurant Booking has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Nov 7, 2025Updated 29d ago
Risk Assessment

The alex-reservations plugin v2.3.5 exhibits a mixed security posture. On the positive side, a high percentage of SQL queries utilize prepared statements and output escaping is generally well-implemented, indicating good development practices in these areas. However, there are significant concerns regarding the attack surface, with 4 out of 5 entry points lacking authentication checks. This presents a considerable risk for unauthorized access or manipulation of plugin functionality. The taint analysis shows no critical or high severity flows with unsanitized paths, which is a positive indicator, but the presence of 5 flows with unsanitized paths, even if currently assessed as lower severity, warrants attention. The plugin's vulnerability history, with two known CVEs including a high-severity one (Unrestricted File Upload), and a recent vulnerability in late 2025, suggests a recurring pattern of security weaknesses. While no CVEs are currently unpatched, this history raises concerns about the overall robustness of the plugin's security.

Key Concerns

  • Multiple AJAX handlers without auth checks
  • Vulnerability history with high severity CVE
  • Flows with unsanitized paths (though low severity)
  • Bundled library (Guzzle) without version check
Vulnerabilities
2

Alex Reservations: Smart Restaurant Booking Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2025-12399high · 7.2Unrestricted Upload of File with Dangerous Type

Alex Reservations: Smart Restaurant Booking <= 2.2.3 - Authenticated (Admin+) Arbitrary File Upload

Nov 7, 2025 Patched in 2.2.4 (1d)
CVE-2024-13380medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Alex Reservations: Smart Restaurant Booking <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jan 29, 2025 Patched in 2.0.6 (2d)
Code Analysis
Analyzed Mar 16, 2026

Alex Reservations: Smart Restaurant Booking Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
20 prepared
Unescaped Output
19
580 escaped
Nonce Checks
3
Capability Checks
0
File Operations
35
External Requests
5
Bundled Libraries
1

Bundled Libraries

Guzzle

SQL Query Safety

74% prepared27 total queries

Output Escaping

97% escaped599 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths
handleWebhookVerification (includes\application\Alexr\Whatsapp\WhatsappWebhookController.php:165)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Alex Reservations: Smart Restaurant Booking Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 4

noprivwp_ajax_alexr_whatsapp_webhookincludes\application\Alexr\Whatsapp\WhatsappWebhookController.php:26
authwp_ajax_alexr_whatsapp_webhookincludes\application\Alexr\Whatsapp\WhatsappWebhookController.php:27
noprivwp_ajax_alexr_whatsapp_status_callbackincludes\application\Alexr\Whatsapp\WhatsappWebhookController.php:30
authwp_ajax_alexr_whatsapp_status_callbackincludes\application\Alexr\Whatsapp\WhatsappWebhookController.php:31

Shortcodes 1

[rr_form] includes\shortcodes.php:9
WordPress Hooks 33
actionplugins_loadedalex-reservations.php:189
actionplugins_loadedalex-reservations.php:190
actionplugins_loadedalex-reservations.php:191
filterevavel_routes_applicationalex-reservations.php:489
actionrest_api_initincludes\application\Alexr\API\ApiBootstrap.php:13
filterwp_mail_content_typeincludes\application\Alexr\Http\Controllers\SupportController.php:31
filterwp_mailincludes\application\Alexr\Mail\MailManager.php:17
filterwp_mail_content_typeincludes\application\Alexr\Mail\MailManager.php:18
actionphpmailer_initincludes\application\Alexr\Mail\MailManager.php:19
actionwp_mail_failedincludes\application\Alexr\Mail\MailManager.php:20
filterwp_mail_from_nameincludes\application\Alexr\Mail\MailManager.php:22
filterwp_mail_fromincludes\application\Alexr\Mail\MailManager.php:23
actionalexr_booking_createdincludes\application\Alexr\Services\Whatsapp\WhatsappApiUsageExample.php:216
actionalexr_whatsapp_button_confirm_bookingincludes\application\Alexr\Whatsapp\WhatsappButtonHandler.php:25
actionalexr_whatsapp_button_cancel_bookingincludes\application\Alexr\Whatsapp\WhatsappButtonHandler.php:26
actionalexr_whatsapp_button_responseincludes\application\Alexr\Whatsapp\WhatsappButtonHandler.php:29
actionalexr_whatsapp_incoming_messageincludes\application\Alexr\Whatsapp\WhatsappKeywordHandler.php:15
actionrest_api_initincludes\framework\src\Evavel\Http\RegisterRoutes.php:25
actioninitincludes\framework\src\Evavel\Log\Log.php:20
actiontemplate_redirectincludes\front-book-now.php:14
actiontemplate_redirectincludes\front-edit-booking.php:14
actiontemplate_redirectincludes\front-view-booking.php:23
actionadmin_initincludes\install.php:83
actionadmin_initincludes\install.php:84
actionadmin_menuincludes-wp\admin\class-srr-wp-admin.php:28
actionadmin_initincludes-wp\admin\class-srr-wp-admin.php:29
actionadmin_initincludes-wp\admin\class-srr-wp-admin.php:30
actionadmin_enqueue_scriptsincludes-wp\admin\class-srr-wp-admin.php:31
actionadmin_body_classincludes-wp\admin\class-srr-wp-admin.php:32
actionadmin_print_scriptsincludes-wp\admin\class-srr-wp-admin.php:34
filtermanage_users_columnsincludes-wp\admin\users\User_admin.php:7
filtermanage_users_custom_columnincludes-wp\admin\users\User_admin.php:8
actionadmin_bar_menuincludes-wp\banner.php:118
Maintenance & Trust

Alex Reservations: Smart Restaurant Booking Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 5, 2026
PHP min version8.1
Downloads17K

Community Trust

Rating98/100
Number of ratings27
Active installs200
Alternatives

Alex Reservations: Smart Restaurant Booking Alternatives

LatePoint – Calendar Booking Plugin for Appointments and Events

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

F
20

Optimize your appointment scheduling with our plugin. Sync calendars, automate reminders, and keep your bookings organized.

100K 2 unpatched
Booking for Appointments and Events Calendar – Amelia

Booking for Appointments and Events Calendar – Amelia

ameliabooking

A
88

Amelia is a powerful booking plugin for appointments and events. Manage scheduling, calendars, and availability with an all-in-one booking system.

90K 23 CVEs
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

simply-schedule-appointments

A
88

Unlimited appointments, booking calendars, and notifications. Powerful appointment booking plugin and booking system. Start scheduling for free today!

60K 21 CVEs
SimplyBook.me – Booking and reservations calendar

SimplyBook.me – Booking and reservations calendar

simplybook

A
100

Simply add a booking calendar to your site to schedule bookings, reservations, appointments and to collect payments.

20K No CVEs
Bookings for WooCommerce – Create Booking Calendar, Start Scheduling, Manage Bookings And Appointments

Bookings for WooCommerce – Create Booking Calendar, Start Scheduling, Manage Bookings And Appointments

mwb-bookings-for-woocommerce

A
100

This WordPress Booking Plugin lets you manage full-day bookings, service appointments, Accept/reject bookings, show booking availability & much more.

4K No CVEs
Developer Profile

Alex Reservations: Smart Restaurant Booking Developer Profile

Alejandro

1 plugin · 200 total installs

97
trust score
Avg Security Score
96/100
Avg Patch Time
2 days
View full developer profile
Detection Fingerprints

How We Detect Alex Reservations: Smart Restaurant Booking

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/alex-reservations/public/css/alex-reservations-public.css/wp-content/plugins/alex-reservations/public/js/alex-reservations-public.js/wp-content/plugins/alex-reservations/admin/css/alex-reservations-admin.css/wp-content/plugins/alex-reservations/admin/js/alex-reservations-admin.js/wp-content/plugins/alex-reservations/includes/framework/assets/css/backend.css/wp-content/plugins/alex-reservations/includes/framework/assets/js/backend.js/wp-content/plugins/alex-reservations/includes/framework/assets/css/frontend.css/wp-content/plugins/alex-reservations/includes/framework/assets/js/frontend.js+81 more
Script Paths
/wp-content/plugins/alex-reservations/public/js/alex-reservations-public.js/wp-content/plugins/alex-reservations/admin/js/alex-reservations-admin.js/wp-content/plugins/alex-reservations/includes/framework/assets/js/backend.js/wp-content/plugins/alex-reservations/includes/framework/assets/js/frontend.js/wp-content/plugins/alex-reservations/includes/framework/assets/js/admin_menu.js/wp-content/plugins/alex-reservations/includes/framework/assets/js/menu.js+75 more
Version Parameters
alex-reservations/public/css/alex-reservations-public.css?ver=alex-reservations/public/js/alex-reservations-public.js?ver=alex-reservations/admin/css/alex-reservations-admin.css?ver=alex-reservations/admin/js/alex-reservations-admin.js?ver=alex-reservations/includes/framework/assets/css/backend.css?ver=alex-reservations/includes/framework/assets/js/backend.js?ver=alex-reservations/includes/framework/assets/css/frontend.css?ver=alex-reservations/includes/framework/assets/js/frontend.js?ver=alex-reservations/includes/framework/assets/js/admin_menu.js?ver=alex-reservations/includes/framework/assets/js/menu.js?ver=alex-reservations/includes/framework/assets/js/dashboard.js?ver=alex-reservations/includes/framework/assets/js/user.js?ver=alex-reservations/includes/framework/assets/js/media-upload.js?ver=alex-reservations/includes/framework/assets/js/admin_ajax.js?ver=alex-reservations/includes/framework/assets/js/chart.min.js?ver=alex-reservations/includes/framework/assets/js/moment.min.js?ver=alex-reservations/includes/framework/assets/js/daterangepicker.min.js?ver=alex-reservations/includes/framework/assets/js/fullcalendar.min.js?ver=alex-reservations/includes/framework/assets/js/select2.min.js?ver=alex-reservations/includes/framework/assets/js/select2_locale_en.js?ver=alex-reservations/includes/framework/assets/js/bootstrap-datepicker.min.js?ver=alex-reservations/includes/framework/assets/js/bootstrap-timepicker.min.js?ver=alex-reservations/includes/framework/assets/js/jquery.validate.min.js?ver=alex-reservations/includes/framework/assets/js/jquery.validate.methods.min.js?ver=alex-reservations/includes/framework/assets/js/bootstrap-notify.min.js?ver=alex-reservations/includes/framework/assets/js/pace.min.js?ver=alex-reservations/includes/framework/assets/js/sweetalert.min.js?ver=alex-reservations/includes/framework/assets/js/magnific-popup.min.js?ver=alex-reservations/includes/framework/assets/js/datatables.min.js?ver=alex-reservations/includes/framework/assets/js/dataTables.buttons.min.js?ver=alex-reservations/includes/framework/assets/js/buttons.html5.min.js?ver=alex-reservations/includes/framework/assets/js/buttons.print.min.js?ver=alex-reservations/includes/framework/assets/js/summernote.min.js?ver=alex-reservations/includes/framework/assets/js/jquery.sortable.min.js?ver=alex-reservations/includes/framework/assets/js/prism.min.js?ver=alex-reservations/includes/framework/assets/js/app.js?ver=alex-reservations/includes/framework/assets/js/form-wizard.js?ver=alex-reservations/includes/framework/assets/js/custom.js?ver=alex-reservations/includes/framework/assets/js/jquery.nestable.js?ver=alex-reservations/includes/framework/assets/js/dragula.min.js?ver=alex-reservations/includes/framework/assets/js/jquery.sparkline.min.js?ver=alex-reservations/includes/framework/assets/js/jquery.counterup.min.js?ver=alex-reservations/includes/framework/assets/js/jquery.easing.min.js?ver=alex-reservations/includes/framework/assets/js/waypoints.min.js?ver=alex-reservations/includes/framework/assets/js/echarts.min.js?ver=alex-reservations/includes/framework/assets/js/echarts.init.js?ver=alex-reservations/includes/framework/assets/js/jquery.flot.tooltip.min.js?ver=alex-reservations/includes/framework/assets/js/jquery.flot.js?ver=alex-reservations/includes/framework/assets/js/jquery.flot.resize.js?ver=alex-reservations/includes/framework/assets/js/jquery.flot.categories.js?ver=alex-reservations/includes/framework/assets/js/chartist.min.js?ver=alex-reservations/includes/framework/assets/js/chartist.init.js?ver=alex-reservations/includes/framework/assets/js/raphael.min.js?ver=alex-reservations/includes/framework/assets/js/morris.min.js?ver=alex-reservations/includes/framework/assets/js/morris.init.js?ver=alex-reservations/includes/framework/assets/js/peity.js?ver=alex-reservations/includes/framework/assets/js/peity.init.js?ver=alex-reservations/includes/framework/assets/js/isotope.pkgd.min.js?ver=alex-reservations/includes/framework/assets/js/jquery.magnific-popup.min.js?ver=alex-reservations/includes/framework/assets/js/isotope.init.js?ver=alex-reservations/includes/framework/assets/js/masonry.pkgd.min.js?ver=alex-reservations/includes/framework/assets/js/imagesloaded.pkgd.min.js?ver=alex-reservations/includes/framework/assets/js/parsley.min.js?ver=alex-reservations/includes/framework/assets/js/parsley.init.js?ver=alex-reservations/includes/framework/assets/js/gmaps.min.js?ver=alex-reservations/includes/framework/assets/js/gmaps.init.js?ver=alex-reservations/includes/framework/assets/js/ckeditor.js?ver=alex-reservations/includes/framework/assets/js/ckeditor.init.js?ver=alex-reservations/includes/framework/assets/js/ckeditor-classic.js?ver=alex-reservations/includes/framework/assets/js/ckeditor-classic.init.js?ver=alex-reservations/includes/framework/assets/js/jquery-repeater.js?ver=alex-reservations/includes/framework/assets/js/jquery-repeater.init.js?ver=alex-reservations/includes/framework/assets/js/jquery.bootstrap-growl.js?ver=alex-reservations/includes/framework/assets/js/admin-form.js?ver=alex-reservations/includes/framework/assets/js/chart-morris.init.js?ver=alex-reservations/includes/framework/assets/js/chart-echarts.init.js?ver=alex-reservations/includes/framework/assets/js/form-wizard.init.js?ver=alex-reservations/includes/framework/assets/js/form-elements.init.js?ver=alex-reservations/includes/framework/assets/js/form-advanced.init.js?ver=alex-reservations/includes/framework/assets/js/form-editor.init.js?ver=alex-reservations/includes/framework/assets/js/form-validation.init.js?ver=alex-reservations/includes/framework/assets/js/form-mask.init.js?ver=alex-reservations/includes/framework/assets/js/form-xeditable.init.js?ver=alex-reservations/includes/framework/assets/js/form-repeater.js?ver=alex-reservations/includes/framework/assets/js/form-repeater.init.js?ver=

HTML / DOM Fingerprints

CSS Classes
alex-reservationsalexr_booking_formalexr_restaurant_sectionalexr_restaurant_listalexr_single_restaurantalexr_booking_calendaralexr_admin_dashboardalexr_settings_page+6 more
HTML Comments
<!-- ALEX RESERVATIONS START --><!-- ALEX RESERVATIONS END --><!-- ALEXR FRAMEWORK START --><!-- ALEXR FRAMEWORK END -->
Data Attributes
data-alexr-plugin-urldata-alexr-restaurant-iddata-alexr-booking-iddata-alexr-nonce
JS Globals
alexr_paramsalexr_translationsalex_reservations_admin_paramsalex_reservations_public_paramsalexr_framework_params
REST Endpoints
/wp-json/alexreservations/v1/booking/wp-json/alexreservations/v1/restaurant/wp-json/alexreservations/v1/settings/wp-json/alexreservations/v1/users
Shortcode Output
[alex_reservations_booking_form][alex_reservations_restaurant_list][alex_reservations_single_restaurant][alex_reservations_dashboard]
FAQ

Frequently Asked Questions about Alex Reservations: Smart Restaurant Booking