[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwZXrtGys4biJNne78ITmweDXVNjnYrGqe-5Pgdi2k4Y":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":121,"crawl_stats":38,"alternatives":126,"analysis":221,"fingerprints":476},"beds24-online-booking","Beds24 Online Booking","2.0.30","markkinchin","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarkkinchin\u002F","\u003Ch4>Powerful and Customisable Online Booking System\u003C\u002Fh4>\n\u003Cp>Beds24.com is a full featured online booking engine. The system is very flexible with many options for customization.\u003C\u002Fp>\n\u003Cp>The Beds24.com online booking system and channel manager is suitable for any type of accommodation such as hotels, motels, B&B’s, hostels, vacation rentals, holiday homes and campgrounds as well as selling extras like tickets or tours.\u003C\u002Fp>\n\u003Cp>The plugin is free to use but you do need an account with Beds24.com. A free trial account is available at http:\u002F\u002Fwww.beds24.com\u002Fjoin.html\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Real-time availability and commission free online bookings\u003C\u002Fli>\n\u003Cli>Customisable booking widgets\u003C\u002Fli>\n\u003Cli>Multiple rates and discounts\u003C\u002Fli>\n\u003Cli>Multi language booking page (30+languages)\u003C\u002Fli>\n\u003Cli>Online payments\u003C\u002Fli>\n\u003Cli>Optional channel manager\u003C\u002Fli>\n\u003Cli>Multi-language support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features for Property Managers, Hotel Groups and Agencies\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Agency seach box\u003C\u002Fli>\n\u003Cli>Subaccounts with access control\u003C\u002Fli>\n\u003C\u002Ful>\n","Accept commission free online bookings from your Wordpress website. Suitable for hotels, B&B's, holiday rentals, vacation rentals, apartments &hellip;",2000,98551,86,6,"2025-05-02T06:14:00.000Z","6.7.5","2.0.2","",[20,21,22,23,24],"booking-engine","booking-system","ibe","online-booking-engine","online-booking-system","https:\u002F\u002Fbeds24.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbeds24-online-booking.zip",94,7,0,"2025-05-07 00:00:00","2026-03-15T15:16:48.613Z",[33,47,63,75,84,97,109],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":28},"CVE-2025-47489","beds24-online-booking-authenticated-contributor-stored-cross-site-scripting","Beds24 Online Booking \u003C= 2.0.29 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Beds24 Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bookwidget' shortcode in all versions up to, and including, 2.0.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=2.0.29","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-05-13 14:00:35",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3bfe1d81-9b0a-4998-8702-173795b8f493?source=api-prod",{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":38,"affected_versions":52,"patched_in_version":53,"severity":54,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":59,"references":60,"days_to_patch":62},"CVE-2025-32155","beds24-online-booking-authenticated-contributor-local-file-inclusion","Beds24 Online Booking \u003C= 2.0.28 - Authenticated (Contributor+) Local File Inclusion","The Beds24 Online Booking plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.28. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.","\u003C=2.0.28","2.0.29","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Control of Filename for Include\u002FRequire Statement in PHP Program ('PHP Remote File Inclusion')","2025-04-04 00:00:00","2025-04-15 12:23:37",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5c3cefd0-9cbb-4d7a-9fa2-e7a0007fc8b5?source=api-prod",12,{"id":64,"url_slug":65,"title":66,"description":67,"plugin_slug":4,"theme_slug":38,"affected_versions":68,"patched_in_version":69,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":70,"updated_date":71,"references":72,"days_to_patch":74},"CVE-2025-31851","beds24-online-booking-authenticated-contributor-stored-cross-site-scripting-3","Beds24 Online Booking \u003C= 2.0.27 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Beds24 Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.0.27","2.0.28","2025-04-01 00:00:00","2025-04-10 12:39:34",[73],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc3f07ebf-5e8b-42ea-853e-9b28784b14a5?source=api-prod",10,{"id":76,"url_slug":77,"title":78,"description":79,"plugin_slug":4,"theme_slug":38,"affected_versions":68,"patched_in_version":69,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":80,"updated_date":81,"references":82,"days_to_patch":28},"CVE-2024-10177","beds24-online-booking-authenticated-contributor-stored-cross-site-scripting-via-beds24-link-shortcode","Beds24 Online Booking \u003C= 2.0.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via beds24-link Shortcode","The Beds24 Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's beds24-link shortcode in all versions up to, and including, 2.0.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","2024-11-20 13:55:47","2024-11-27 13:44:18",[83],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe2a6d017-93e4-40c6-a7d1-07e00faecf36?source=api-prod",{"id":85,"url_slug":86,"title":87,"description":88,"plugin_slug":4,"theme_slug":38,"affected_versions":89,"patched_in_version":90,"severity":40,"cvss_score":91,"cvss_vector":92,"vuln_type":43,"published_date":93,"updated_date":94,"references":95,"days_to_patch":14},"CVE-2024-51664","beds24-online-booking-authenticated-administrator-stored-cross-site-scripting","Beds24 Online Booking \u003C= 2.0.25 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Beds24 Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.","\u003C=2.0.25","2.0.26",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-11-01 00:00:00","2024-11-06 14:43:41",[96],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7d249bc4-1230-4d85-8b29-e00a9cb80434?source=api-prod",{"id":98,"url_slug":99,"title":100,"description":101,"plugin_slug":4,"theme_slug":38,"affected_versions":102,"patched_in_version":103,"severity":40,"cvss_score":91,"cvss_vector":92,"vuln_type":43,"published_date":104,"updated_date":105,"references":106,"days_to_patch":108},"CVE-2024-24717","beds24-online-booking-authenticatedadministrator-stored-cross-site-scripting","Beds24 Online Booking \u003C= 2.0.23 - Authenticated(Administrator+) Stored Cross-Site Scripting","The Beds24 Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","\u003C=2.0.23","2.0.24","2024-01-31 00:00:00","2024-02-02 16:17:15",[107],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fca5bc2af-394b-4fc1-b6c3-ed9ff0a5959a?source=api-prod",3,{"id":110,"url_slug":111,"title":112,"description":113,"plugin_slug":4,"theme_slug":38,"affected_versions":114,"patched_in_version":115,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":116,"updated_date":117,"references":118,"days_to_patch":120},"CVE-2023-52228","beds24-online-booking-authenticated-contributor-stored-cross-site-scripting-2","Beds24 Online Booking \u003C= 2.0.24 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Beds24 Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 2.0.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.0.24","2.0.25","2024-01-08 00:00:00","2024-01-24 13:36:16",[119],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6fc2b2a5-00b0-424e-8678-c6b5cd76baec?source=api-prod",17,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":122,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":123,"trust_score":124,"computed_at":125},1,9,90,"2026-04-03T21:32:57.853Z",[127,145,163,185,203],{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":135,"num_ratings":122,"last_updated":137,"tested_up_to":138,"requires_at_least":139,"requires_php":140,"tags":141,"homepage":143,"download_link":144,"security_score":135,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"mybooking-reservation-engine","MyBooking Reservation Engine","2.6.0","Juan","https:\u002F\u002Fprofiles.wordpress.org\u002Fjuanmiqueo\u002F","\u003Cp>Mybooking Reservation Engine WordPress plugin is designed for your vehicle, boats, properties or material rental.\u003Cbr \u002F>\nIt also can be used for accommodation, transfers or tour and activities business.\u003C\u002Fp>\n\u003Cp>It’s easy to use and very powerful. You can manage offers, promotion codes and connect a payment gateway to charge\u003Cbr \u002F>\nfor your reservations. You can insert a search widget on your home page to start the reservation process. You can\u003Cbr \u002F>\nalso include a calendar in each of your products pages.\u003C\u002Fp>\n\u003Cp>This plugin provides a booking engine frontend in your WordPress site connecting to your mybooking account.\u003C\u002Fp>\n\u003Cp>It is very easy to set up:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create your products and prices on your mybooking account.\u003C\u002Fli>\n\u003Cli>Install and configure the plugin on your WordPress website.\u003C\u002Fli>\n\u003Cli>Start receiving and charging reservations.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It has three modules for different reservation needs:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Renting\u002FAccommation\u003C\u002Fli>\n\u003Cli>Activities\u002FAppointments\u003C\u002Fli>\n\u003Cli>Transfer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The reservation engine includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Search widgets to start the reservation process\u003C\u002Fli>\n\u003Cli>Calendar shortcodes to add a calendar to your product page\u003C\u002Fli>\n\u003Cli>Language context adapted to the different business\u003C\u002Fli>\n\u003Cli>Prices by hours and days (defined on your mybooking account)\u003C\u002Fli>\n\u003Cli>Prices by seasons (defined on your mybooking account)\u003C\u002Fli>\n\u003Cli>Offers (defined on your mybooking account)\u003C\u002Fli>\n\u003Cli>Promotion Code (defined on your mybooking accoount)\u003C\u002Fli>\n\u003Cli>Stop sales (defined on your mybooking account)\u003C\u002Fli>\n\u003Cli>Min and max reservation duration (defined on your mybooking account)\u003C\u002Fli>\n\u003Cli>Calendar to define delivery and collection times (defined on your mybooking account)\u003C\u002Fli>\n\u003Cli>Payment gateway connection. Paypal, Redsys and Addon Payments\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The reservation engine can be used for the following businesses:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Vehicles rental (car rental, autocaravanning, motorcycle, scooters, bike)\u003C\u002Fli>\n\u003Cli>Boats rental\u003C\u002Fli>\n\u003Cli>Properties rental\u003C\u002Fli>\n\u003Cli>Sports material rental (Kayak, surf, paddle surf)\u003C\u002Fli>\n\u003Cli>Accommodation (hostels and hotels)\u003C\u002Fli>\n\u003Cli>Sport courts\u003C\u002Fli>\n\u003Cli>Coworking\u003C\u002Fli>\n\u003Cli>Escape Rooms\u003C\u002Fli>\n\u003Cli>Activities\u003C\u002Fli>\n\u003Cli>Tours\u003C\u002Fli>\n\u003Cli>Appointments\u003C\u002Fli>\n\u003Cli>Transfers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Notes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The plugin does not use iframes to build the reservation process. It works directly on your WordPress installation.\u003C\u002Fli>\n\u003Cli>It is ready to use in any theme. But you can customize the components to match your website look and feel\u003C\u002Fli>\n\u003C\u002Ful>\n","Mybooking Reservation Engine WordPress plugin.",100,10915,"2025-12-18T10:21:00.000Z","6.9.4","5.2","7.2",[20,21,142,23,24],"car-rental-reservation","https:\u002F\u002Fwww.mybooking.es\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmybooking-reservation-engine.2.6.0.zip",{"slug":146,"name":147,"version":148,"author":149,"author_profile":150,"description":151,"short_description":152,"active_installs":153,"downloaded":154,"rating":135,"num_ratings":122,"last_updated":155,"tested_up_to":138,"requires_at_least":156,"requires_php":140,"tags":157,"homepage":161,"download_link":162,"security_score":135,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"sirvoy-booking-engine","Sirvoy Booking Engine","5.1","john@sirvoy","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnsirvoy\u002F","\u003Cp>With this plugin you can easily add the Sirvoy booking engine to your WordPress website and accept commission free online bookings.\u003Cbr \u002F>\nThe bookings will be registered in your Sirvoy account, which you can sign up for on \u003Ca href=\"https:\u002F\u002Fsirvoy.com\" rel=\"nofollow ugc\">https:\u002F\u002Fsirvoy.com\u003C\u002Fa>. Sirvoy is an online booking\u003Cbr \u002F>\nsystem for hotels, B&Bs, guest houses, inns and other accommodations. Besides allowing you to receive direct bookings and payments\u003Cbr \u002F>\nthrough your website, Sirvoy can also help you to connect and receive bookings from channels, manage and edit your bookings,\u003Cbr \u002F>\ncommunicate with your clients etc.\u003C\u002Fp>\n\u003Ch3>Booking engine features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Receive direct commission free bookings\u003C\u002Fli>\n\u003Cli>Customisable design\u003C\u002Fli>\n\u003Cli>Adjust rates and restrict availability\u003C\u002Fli>\n\u003Cli>Available in 28 different languages\u003C\u002Fli>\n\u003Cli>Receive online payments\u003C\u002Fli>\n\u003Cli>Connect to leading channels\u003C\u002Fli>\n\u003C\u002Ful>\n","Sirvoy booking engine - Non-Commission Direct Bookings from Your Website. Sirvoy can also help you to receive bookings from channels, and much more.",1000,10733,"2025-10-14T10:35:00.000Z","5.0",[158,20,21,159,160],"accommodation-booking","hotel-booking-system","sirvoy","https:\u002F\u002Fsirvoy.com\u002Ftopic\u002Fbooking-engine\u002Finstalling-on-your-website\u002Finstalling-the-booking-engine-on-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsirvoy-booking-engine.5.1.zip",{"slug":164,"name":165,"version":166,"author":167,"author_profile":168,"description":169,"short_description":170,"active_installs":171,"downloaded":172,"rating":13,"num_ratings":173,"last_updated":174,"tested_up_to":175,"requires_at_least":176,"requires_php":177,"tags":178,"homepage":183,"download_link":184,"security_score":135,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"booking-system-edoobox","Online Buchungssystem – edoobox","3.4.1","edoobox","https:\u002F\u002Fprofiles.wordpress.org\u002Fedoobox\u002F","\u003Cp>The Edoobox booking system simplifies the planning and advertising of courses and events with the online booking solutions.\u003C\u002Fp>\n\u003Ch4>Online Booking System\u003C\u002Fh4>\n\u003Cp>edoobox is the clever online booking system. Customers can book and pay for courses, seminars and events around the clock in real time.\u003C\u002Fp>\n\u003Ch4>Promotion-Campaigns\u003C\u002Fh4>\n\u003Cp>With edoobox you choose a well-rounded online booking system. Efficient management of your courses, seminars, events, congresses and symposia. Increase your success.\u003C\u002Fp>\n\u003Ch4>Integration into your website\u003C\u002Fh4>\n\u003Cp>Integrate the booking system into your website and adapt the design to your web presence. All offer pages are optimised for smartphones, tablets and PC.\u003C\u002Fp>\n\u003Ch4>Participant management\u003C\u002Fh4>\n\u003Cp>Your participants are your most valuable asset. All customer details and offers can easily be viewed and changed anywhere at any time.\u003C\u002Fp>\n\u003Ch4>Payment systems\u003C\u002Fh4>\n\u003Cp>Your participants pay online by credit card or bank transfer, edoobox itself does not charge a discount. From the many payment systems provided you can activate the desired system and\u002For activate the automatic invoice generation.\u003C\u002Fp>\n\u003Ch4>Real-time price control\u003C\u002Fh4>\n\u003Cp>The online presence\u002Fattendee list is always available in real time. For optimal communication, the provider is informed by e-mail in case of changes.\u003C\u002Fp>\n","Simplify event and course management with Edoobox, an intuitive online booking system.",200,16590,8,"2025-11-25T22:08:00.000Z","6.8.5","6.0","8.2",[179,180,181,24,182],"booking-software","course-administration","event-registration-system","seminar-registration","https:\u002F\u002Fwww.edoobox.com\u002Fwordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbooking-system-edoobox.3.4.1.zip",{"slug":186,"name":186,"version":187,"author":186,"author_profile":188,"description":189,"short_description":190,"active_installs":191,"downloaded":192,"rating":193,"num_ratings":123,"last_updated":194,"tested_up_to":195,"requires_at_least":196,"requires_php":18,"tags":197,"homepage":200,"download_link":201,"security_score":202,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"bookingkit","1.0","https:\u002F\u002Fprofiles.wordpress.org\u002Fbookingkit\u002F","\u003Cp>bookingkit is the smart, German engineered online booking solution for leisure time activity providers.\u003C\u002Fp>\n\u003Cp>You can setup your account on \u003Ca href=\"https:\u002F\u002Finfo.bookingkit.de\u002Fwordpress\" rel=\"nofollow ugc\">bookingkit.de\u003C\u002Fa> and create your events within a few minutes.\u003C\u002Fp>\n\u003Cp>=Why you should use bookingkit:=\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Make your services instantly bookable directly on your website. Sell more tickets through an easy-to-use booking solution for your customers to book and pay your events. All relevant payment-providers like PayPal are included.\u003C\u002Fli>\n\u003Cli>Smart interface for business and customer administration: Keep an overview of your reservations, your bookings, your customers and your income.\u003C\u002Fli>\n\u003Cli>Promote your services and acquire new clients: Advertise easily with marketing partners like TripAdvisor, GetYourGuide or CTS Eventim.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>=Requirements:=\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You need a bookingkit account to use this plugin. Plans start at 0 Euro per month and can be cancelled every month.\u003C\u002Fli>\n\u003C\u002Ful>\n","bookingkit allows you to easily make your events and tours bookable - instantly and directly on your website.",80,3789,98,"2016-10-27T15:07:00.000Z","4.6.30","4.0",[198,20,179,21,199],"booking","booking-tool","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbookingkit\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbookingkit.1.0.zip",85,{"slug":204,"name":205,"version":206,"author":207,"author_profile":208,"description":209,"short_description":210,"active_installs":74,"downloaded":211,"rating":29,"num_ratings":29,"last_updated":212,"tested_up_to":213,"requires_at_least":214,"requires_php":18,"tags":215,"homepage":219,"download_link":220,"security_score":202,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"bookwize-integrated-cinnamon","Bookwize Integrated Cinnamon","2.5","Bookwize","https:\u002F\u002Fprofiles.wordpress.org\u002Fbookwize\u002F","\u003Cp>This Plugin will help you integrate easily Bookwize Hotel Booking Engine in your WordPress hotel website. Bookwize Integrated Cinnamon displays a form for users to choose their travel preferences and check the availability and rates of your hotel.\u003Cbr \u002F>\nWebsite visitors are able to complete a reservation without living your hotel website! In order to use the plugin you will need to have an active subscription with Bookwize Hotel Booking System and the necessary credentials provided by Bookwize Support team.\u003Cbr \u002F>\nAn SSL Certificate is also required.\u003C\u002Fp>\n\u003Ch3>Enable payment gateway JCC redirect\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to the settings page of the plugin.\u003C\u002Fli>\n\u003Cli>Enable the checkbox “Enable JCC” and then save.\u003C\u002Fli>\n\u003Cli>Add the JCC credentials that you have received from JCC and then save.\u003C\u002Fli>\n\u003Cli>Create a new page and select Page Type “Bookwize Integrated Redirect”.\u003C\u002Fli>\n\u003Cli>Add the shortcode [jcc_redirect_page].\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Important — Plugin pages should have ssl.\u003C\u002Fp>\n","Integrate Bookwize Hotel Booking Engine in your WordPress website and let visitors check availability and rates and make a booking directly from your  &hellip;",3140,"2021-10-21T10:10:00.000Z","5.8.13","4.0.1",[198,216,217,218,159],"hotel","hotel-booking","hotel-booking-engine","https:\u002F\u002Fwww.bookwize.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbookwize-integrated-cinnamon.zip",{"attackSurface":222,"codeSignals":311,"taintFlows":459,"riskAssessment":460,"analyzedAt":475},{"hooks":223,"ajaxHandlers":269,"restRoutes":270,"shortcodes":271,"cronEvents":310,"entryPointCount":74,"unprotectedCount":29},[224,231,235,240,244,247,251,255,260,264],{"type":225,"name":226,"callback":227,"priority":228,"file":229,"line":230},"filter","widget_text","do_shortcode",11,"beds24-online-booking.php",14,{"type":225,"name":232,"callback":233,"file":229,"line":234},"query_vars","add_query_vars_filter",15,{"type":236,"name":237,"callback":238,"file":229,"line":239},"action","activated_plugin","save_output_buffer_to_file",34,{"type":236,"name":241,"callback":242,"file":229,"line":243},"wp_enqueue_scripts","beds24_scripts",72,{"type":236,"name":245,"callback":246,"file":229,"line":202},"admin_enqueue_scripts","beds24_admin_scripts",{"type":236,"name":248,"callback":249,"file":250,"line":108},"admin_init","register_beds24_settings","inc\\plugin-options\\beds24-options-page.php",{"type":236,"name":252,"callback":253,"file":250,"line":254},"admin_menu","beds24_menu",13,{"type":236,"name":256,"callback":257,"file":258,"line":259},"vc_before_init","bookwidget_vc","inc\\shortcodes\\b24_jquery_widget_shortcode.php",55,{"type":225,"name":261,"callback":262,"file":258,"line":263},"no_texturize_shortcodes","b24_no_tex",963,{"type":236,"name":265,"callback":266,"file":267,"line":268},"widgets_init","Beds24_Widget","inc\\widgets\\beds24_widget.php",49,[],[],[272,276,280,284,288,292,296,299,303,307],{"tag":273,"callback":274,"file":229,"line":275},"beds24","beds24_booking_page",74,{"tag":277,"callback":278,"file":229,"line":279},"beds24-link","beds24_booking_page_link",75,{"tag":281,"callback":282,"file":229,"line":283},"beds24-button","beds24_booking_page_button",76,{"tag":285,"callback":286,"file":229,"line":287},"beds24-box","beds24_booking_page_box",77,{"tag":289,"callback":290,"file":229,"line":291},"beds24-strip","beds24_booking_page_strip",78,{"tag":293,"callback":294,"file":229,"line":295},"beds24-searchbox","beds24_booking_page_searchbox",79,{"tag":297,"callback":298,"file":229,"line":191},"beds24-searchresult","beds24_booking_page_searchresult",{"tag":300,"callback":301,"file":229,"line":302},"beds24-embed","beds24_booking_page_embed",81,{"tag":304,"callback":305,"file":229,"line":306},"beds24-landing","beds24_booking_page_landing",82,{"tag":308,"callback":308,"file":258,"line":309},"bookwidget",51,[],{"dangerousFunctions":312,"sqlUsage":313,"outputEscaping":315,"fileOperations":122,"externalRequests":122,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":458},[],{"prepared":29,"raw":29,"locations":314},[],{"escaped":316,"rawEcho":317,"locations":318},202,89,[319,323,324,326,327,329,330,332,333,334,335,337,339,341,343,344,346,347,350,351,352,354,356,357,359,360,362,363,364,365,366,368,369,371,373,375,376,378,381,383,385,387,388,389,390,391,392,394,395,396,398,400,401,403,406,407,409,410,413,414,416,418,419,420,421,423,424,425,426,427,428,430,431,433,435,437,439,441,442,444,446,447,448,450,451,452,454,455,456],{"file":320,"line":321,"context":322},"inc\\plugin-options\\plugin-bookingpage.php",31,"raw output",{"file":320,"line":321,"context":322},{"file":320,"line":325,"context":322},44,{"file":320,"line":325,"context":322},{"file":320,"line":328,"context":322},58,{"file":320,"line":328,"context":322},{"file":320,"line":331,"context":322},70,{"file":320,"line":331,"context":322},{"file":320,"line":306,"context":322},{"file":320,"line":306,"context":322},{"file":320,"line":336,"context":322},92,{"file":320,"line":338,"context":322},101,{"file":320,"line":340,"context":322},110,{"file":320,"line":342,"context":322},121,{"file":320,"line":342,"context":322},{"file":320,"line":345,"context":322},139,{"file":320,"line":345,"context":322},{"file":348,"line":349,"context":322},"inc\\plugin-options\\plugin-widgets.php",87,{"file":348,"line":349,"context":322},{"file":348,"line":193,"context":322},{"file":348,"line":353,"context":322},106,{"file":348,"line":355,"context":322},116,{"file":348,"line":355,"context":322},{"file":258,"line":358,"context":322},39,{"file":258,"line":358,"context":322},{"file":258,"line":361,"context":322},43,{"file":258,"line":361,"context":322},{"file":267,"line":120,"context":322},{"file":267,"line":120,"context":322},{"file":267,"line":120,"context":322},{"file":267,"line":367,"context":322},21,{"file":267,"line":367,"context":322},{"file":267,"line":370,"context":322},22,{"file":267,"line":372,"context":322},37,{"file":267,"line":374,"context":322},40,{"file":267,"line":325,"context":322},{"file":267,"line":377,"context":322},45,{"file":379,"line":380,"context":322},"theme-files\\beds24-box.php",18,{"file":379,"line":382,"context":322},20,{"file":379,"line":384,"context":322},24,{"file":379,"line":386,"context":322},26,{"file":379,"line":386,"context":322},{"file":379,"line":321,"context":322},{"file":379,"line":239,"context":322},{"file":379,"line":239,"context":322},{"file":379,"line":239,"context":322},{"file":379,"line":393,"context":322},41,{"file":379,"line":377,"context":322},{"file":379,"line":377,"context":322},{"file":379,"line":397,"context":322},52,{"file":379,"line":399,"context":322},56,{"file":379,"line":399,"context":322},{"file":379,"line":402,"context":322},64,{"file":404,"line":405,"context":322},"theme-files\\beds24-prop-post.php",5,{"file":404,"line":173,"context":322},{"file":404,"line":408,"context":322},19,{"file":404,"line":370,"context":322},{"file":411,"line":412,"context":322},"theme-files\\beds24-prop-xml.php",4,{"file":411,"line":173,"context":322},{"file":415,"line":380,"context":322},"theme-files\\beds24-searchbox.php",{"file":415,"line":417,"context":322},73,{"file":415,"line":279,"context":322},{"file":415,"line":279,"context":322},{"file":415,"line":191,"context":322},{"file":415,"line":422,"context":322},83,{"file":415,"line":422,"context":322},{"file":415,"line":124,"context":322},{"file":415,"line":27,"context":322},{"file":415,"line":27,"context":322},{"file":415,"line":338,"context":322},{"file":415,"line":429,"context":322},105,{"file":415,"line":429,"context":322},{"file":415,"line":432,"context":322},113,{"file":415,"line":434,"context":322},124,{"file":436,"line":408,"context":322},"theme-files\\beds24-strip.php",{"file":436,"line":438,"context":322},23,{"file":436,"line":440,"context":322},25,{"file":436,"line":440,"context":322},{"file":436,"line":443,"context":322},30,{"file":436,"line":445,"context":322},33,{"file":436,"line":445,"context":322},{"file":436,"line":445,"context":322},{"file":436,"line":449,"context":322},42,{"file":436,"line":325,"context":322},{"file":436,"line":325,"context":322},{"file":436,"line":453,"context":322},53,{"file":436,"line":259,"context":322},{"file":436,"line":259,"context":322},{"file":436,"line":457,"context":322},63,[],[],{"summary":461,"deductions":462},"The \"beds24-online-booking\" plugin version 2.0.30 exhibits a mixed security posture. While the static analysis shows no direct vulnerabilities like SQL injection or untrusted paths, and all identified entry points appear to have authorization checks, several concerning signals are present. The plugin has a history of 7 known CVEs, with a significant number of medium-severity vulnerabilities related to Cross-site Scripting (XSS) and PHP Remote File Inclusion (RFI). The fact that the last vulnerability was reported very recently (May 2025) and there are currently no unpatched vulnerabilities is a positive sign, suggesting the vendor actively addresses security issues. However, the code analysis reveals potential weaknesses: 69% of output is properly escaped, leaving a substantial portion unescaped, which could lead to XSS if malicious input is not handled correctly. The absence of nonce checks across all entry points is a major concern, as it leaves the plugin vulnerable to Cross-Site Request Forgery (CSRF) attacks. Furthermore, the plugin performs file operations and external HTTP requests, which, without proper sanitization and validation, can introduce security risks.",[463,465,467,469,471,473],{"reason":464,"points":234},"No nonce checks found",{"reason":466,"points":62},"Substantial unescaped output (31%)",{"reason":468,"points":74},"History of 7 CVEs, including RFI and XSS",{"reason":470,"points":405},"File operation detected",{"reason":472,"points":405},"External HTTP request detected",{"reason":474,"points":74},"No capability checks found","2026-03-16T18:32:51.336Z",{"wat":477,"direct":491},{"assetPaths":478,"generatorPatterns":483,"scriptPaths":484,"versionParams":486},[479,480,481,482],"\u002Fwp-content\u002Fplugins\u002Fbeds24-online-booking\u002Ftheme-files\u002Fbeds24.css","\u002Fwp-content\u002Fplugins\u002Fbeds24-online-booking\u002Fjs\u002Fbeds24-datepicker.js","\u002Fwp-content\u002Fplugins\u002Fbeds24-online-booking\u002Fcss\u002Fbeds24-admin.css","\u002Fwp-content\u002Fplugins\u002Fbeds24-online-booking\u002Fjs\u002Fbeds24-admin.js",[],[485],"\u002F\u002Fmedia.xmlcal.com\u002Fwidget\u002F1.00\u002Fjs\u002FbookWidget.min.js",[487,488,489,490],"beds24-online-booking\u002Ftheme-files\u002Fbeds24.css?ver=","beds24-online-booking\u002Fjs\u002Fbeds24-datepicker.js?ver=","beds24-online-booking\u002Fcss\u002Fbeds24-admin.css?ver=","beds24-online-booking\u002Fjs\u002Fbeds24-admin.js?ver=",{"cssClasses":492,"htmlComments":494,"htmlAttributes":495,"restEndpoints":525,"jsGlobals":526,"shortcodeOutput":528},[493],"beds24_bookbutton",[],[496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524],"data-beds24-ownerid","data-beds24-propid","data-beds24-roomid","data-beds24-advancedays","data-beds24-noselection","data-beds24-numdisplayed","data-beds24-hidecalendar","data-beds24-daysahead","data-beds24-hidedates","data-beds24-showprices","data-beds24-showavailability","data-beds24-showcheckout","data-beds24-showbooking","data-beds24-showonlyavailability","data-beds24-showavailablespots","data-beds24-showfullavailability","data-beds24-showmonth","data-beds24-showbookbutton","data-beds24-showbooklink","data-beds24-showbookingform","data-beds24-showbookingstrip","data-beds24-showbookingbox","data-beds24-showbookingsearch","data-beds24-showbookingsearchresult","data-beds24-showbookingembed","data-beds24-showbookinglanding","data-beds24-days","data-beds24-month","data-beds24-year",[],[527],"WPURLS",[529,530,531,532,533,534,535,536,537],"[beds24]","[beds24-link]","[beds24-button]","[beds24-box]","[beds24-strip]","[beds24-searchbox]","[beds24-searchresult]","[beds24-embed]","[beds24-landing]"]