Book a Room Event Calendar Security & Risk Analysis

wordpress.org/plugins/book-a-room-event-calendar

The Book a Room Event Calendar is a small plugin that works with the Book a Room Plugin to display the event calendar.

20 active installs v1.9 PHP + WP 3.0.1+ Updated Aug 28, 2022
bookaroomcalendarevent-calendarlibrarymeeting-room
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEJun 23, 2026
Safety Verdict

Is Book a Room Event Calendar Safe to Use in 2026?

Use With Caution

Score 63/100

Book a Room Event Calendar has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jun 23, 2026Updated 3yr ago
Risk Assessment

The "book-a-room-event-calendar" v2.0 plugin presents a mixed security profile. On the positive side, it exhibits strong practices regarding database interactions, with 100% of SQL queries utilizing prepared statements, which significantly mitigates SQL injection risks. Furthermore, the absence of known CVEs and a clean vulnerability history suggests a generally well-maintained codebase. However, the analysis reveals several critical security concerns. The presence of the `unserialize` function without any apparent sanitization or validation is a major red flag, as it can lead to remote code execution vulnerabilities if untrusted data is unserialized. A complete lack of output escaping across all identified outputs is also highly problematic, exposing the site to potential cross-site scripting (XSS) attacks. The plugin also has no nonce checks and no capability checks for its entry points, which, while having a small attack surface, leaves these entry points vulnerable to various unauthorized actions and brute-force attacks if they were to interact with sensitive functions. The taint analysis showing zero flows is unusual and may indicate limitations in the analysis itself or that the plugin's code is structured in a way that doesn't trigger typical taint detection patterns, but it doesn't negate the identified risks.

Key Concerns

  • Dangerous function unserialize without checks
  • 0% properly escaped output
  • 0 nonce checks
  • 0 capability checks
Vulnerabilities
1 published

Book a Room Event Calendar Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-9721medium · 4.3Cross-Site Request Forgery (CSRF)

Book a Room Event Calendar <= 1.9 - Cross-Site Request Forgery to Settings Update

Jun 23, 2026Unpatched
Version History

Book a Room Event Calendar Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Book a Room Event Calendar Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
17 prepared
Unescaped Output
119
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$amenityGood = ( empty( $val[ 'room_amenityArr' ] ) ) ? NULL : unserialize( $val[ 'room_amenityArr' bookaroom-events-main.php:812

SQL Query Safety

100% prepared17 total queries

Output Escaping

0% escaped119 total outputs
Attack Surface

Book a Room Event Calendar Attack Surface

Entry Points3
Unprotected0

Shortcodes 3

[showEvents] bookaroom-events.php:51
[showCalendar] bookaroom-events.php:52
[showReg] bookaroom-events.php:53
WordPress Hooks 6
actioninitbookaroom-events.php:25
actionwp_logoutbookaroom-events.php:26
actionwp_loginbookaroom-events.php:27
actioninitbookaroom-events.php:28
actionadmin_menubookaroom-events.php:30
filterthe_contentbookaroom-events.php:32
Maintenance & Trust

Book a Room Event Calendar Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedAug 28, 2022
PHP min version
Downloads6K

Community Trust

Rating100/100
Number of ratings2
Active installs20
Developer Profile

Book a Room Event Calendar Developer Profile

74
trust score
Avg Security Score
71/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Book a Room Event Calendar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/book-a-room-event-calendar/css/calendar.css/wp-content/plugins/book-a-room-event-calendar/js/scripts.js/wp-content/plugins/book-a-room-event-calendar/js/jstree/jquery.jstree.js

HTML / DOM Fingerprints

Shortcode Output
[showEvents][showCalendar][showReg]
FAQ

Frequently Asked Questions about Book a Room Event Calendar