
Book a Room Event Calendar Security & Risk Analysis
wordpress.org/plugins/book-a-room-event-calendarThe Book a Room Event Calendar is a small plugin that works with the Book a Room Plugin to display the event calendar.
Is Book a Room Event Calendar Safe to Use in 2026?
Use With Caution
Score 63/100Book a Room Event Calendar has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The "book-a-room-event-calendar" v2.0 plugin presents a mixed security profile. On the positive side, it exhibits strong practices regarding database interactions, with 100% of SQL queries utilizing prepared statements, which significantly mitigates SQL injection risks. Furthermore, the absence of known CVEs and a clean vulnerability history suggests a generally well-maintained codebase. However, the analysis reveals several critical security concerns. The presence of the `unserialize` function without any apparent sanitization or validation is a major red flag, as it can lead to remote code execution vulnerabilities if untrusted data is unserialized. A complete lack of output escaping across all identified outputs is also highly problematic, exposing the site to potential cross-site scripting (XSS) attacks. The plugin also has no nonce checks and no capability checks for its entry points, which, while having a small attack surface, leaves these entry points vulnerable to various unauthorized actions and brute-force attacks if they were to interact with sensitive functions. The taint analysis showing zero flows is unusual and may indicate limitations in the analysis itself or that the plugin's code is structured in a way that doesn't trigger typical taint detection patterns, but it doesn't negate the identified risks.
Key Concerns
- Dangerous function unserialize without checks
- 0% properly escaped output
- 0 nonce checks
- 0 capability checks
Book a Room Event Calendar Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Book a Room Event Calendar <= 1.9 - Cross-Site Request Forgery to Settings Update
Book a Room Event Calendar Release Timeline
Book a Room Event Calendar Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
Book a Room Event Calendar Attack Surface
Shortcodes 3
WordPress Hooks 6
Maintenance & Trust
Book a Room Event Calendar Maintenance & Trust
Maintenance Signals
Community Trust
Book a Room Event Calendar Alternatives
My Calendar – Accessible Event Manager
my-calendar
Accessible WordPress event calendar plugin. Manage single or recurring events, event venues, and display your calendar anywhere on your site.
Events Widgets For Elementor And The Events Calendar
events-widgets-for-elementor-and-the-events-calendar
The Events Calendar Elementor widgets help you manage and display an upcoming events list with date, time, venue and event ticket booking details.
Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform
sugar-calendar-lite
Easily manage events and sell tickets on your WordPress site. Sugar Calendar is easy-to-use, reliable, and exceptionally powerful. See for yourself.
Events Shortcodes For The Events Calendar
template-events-calendar
Add The Events Calendar shortcode or Gutenberg block to show upcoming events list with event details on any WordPress page using smart event filters.
Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)
wp-event-solution
Events calendar plugin for WordPress to manage events, bookings, registrations, scheduling, virtual events, and tickets sales.
Book a Room Event Calendar Developer Profile
3 plugins · 30 total installs
How We Detect Book a Room Event Calendar
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/book-a-room-event-calendar/css/calendar.css/wp-content/plugins/book-a-room-event-calendar/js/scripts.js/wp-content/plugins/book-a-room-event-calendar/js/jstree/jquery.jstree.jsHTML / DOM Fingerprints
[showEvents][showCalendar][showReg]