Does BookServe Online Booking Calendar have any unpatched vulnerabilities?

No. All known vulnerabilities in BookServe Online Booking Calendar have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BookServe Online Booking Calendar compatible with PHP 8.0+?

BookServe Online Booking Calendar requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BookServe Online Booking Calendar updated?

BookServe Online Booking Calendar was last updated on Jun 28, 2022. Frequent updates are generally a positive security signal.

What is BookServe Online Booking Calendar's security score?

BookServe Online Booking Calendar has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BookServe Online Booking Calendar Security & Risk Analysis

wordpress.org/plugins/book-serve-reservations

Makes a calendar and booking form widget to take the user to the Book Serve Hotel Booking Engine.

10 active installs v3.2RC PHP 8.0+ WP 6.0+ Updated Jun 28, 2022

accommodationsavailabilityavailability-calendarbed-and-breakfasthotels

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BookServe Online Booking Calendar Safe to Use in 2026?

Generally Safe

Score 85/100

BookServe Online Booking Calendar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The book-serve-reservations v3.2RC plugin presents a mixed security posture. On the positive side, there are no known CVEs, and the plugin appears to have a limited attack surface with no exposed AJAX handlers, REST API routes, or shortcodes without apparent authentication. All SQL queries are also using prepared statements, which is a strong indicator of good practice in database interaction. However, significant concerns arise from the static analysis of the code itself. A critical finding is that 100% of output is not properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the taint analysis revealed a flow with an unsanitized path, suggesting a potential for directory traversal or other file system manipulation vulnerabilities, even if no critical or high severity issues were flagged in the taint analysis itself. The single file operation also warrants attention given the lack of sanitization in the taint analysis.

Key Concerns

100% of output is not properly escaped
Taint analysis shows unsanitized path flow
File operation present without clear sanitization context
No nonce checks on potential entry points
No capability checks on potential entry points

Vulnerabilities

None known

BookServe Online Booking Calendar Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

BookServe Online Booking Calendar Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped48 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<booking_form> (book_serve_booking_form\booking_form.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

BookServe Online Booking Calendar Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionwidgets_initvm_wordpress_widget.php:69

actionwp_enqueue_scriptsvm_wordpress_widget.php:72

actionadmin_menuvm_wordpress_widget.php:85

actionadmin_initvm_wordpress_widget.php:115

Maintenance & Trust

BookServe Online Booking Calendar Maintenance & Trust

Maintenance Signals

WordPress version tested

Last updatedJun 28, 2022

PHP min version8.0

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

BookServe Online Booking Calendar Alternatives

eZee Online Hotel Booking Engine

online-booking-engine

eZee Reservation plugin is solutions for hotel, resorts, B&B, hotel chains, to get commission free online bookings from their own hotel website.

100 1 unpatched

WP Booking System – Booking Calendar

wp-booking-system

The booking calendar plugin for WordPress. Get easy online booking with this lightweight and powerful booking calendar.

20K 7 CVEs

WP Simple Booking Calendar

wp-simple-booking-calendar

This booking calendar shows when something is booked or available. Use it to show when your holiday home is available for rent, for example.

20K 4 CVEs

Pinpoint Booking System – Version 2

booking-system

Book anything, anytime, anywhere.

3K 13 CVEs

Booking System Trafft

booking-system-trafft

Trafft is a next-level booking system offering limitless opportunities for scheduling appointments and managing your calendar & all of your bookings.

500 2 CVEs

Developer Profile

BookServe Online Booking Calendar Developer Profile

bryanmceleney

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BookServe Online Booking Calendar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/book-serve-reservations/book_serve_booking_form/booking_form.css/wp-content/plugins/book-serve-reservations/book_serve_booking_form/booking_form.js

Script Paths

/wp-content/plugins/book-serve-reservations/book_serve_booking_form/booking_form.js

HTML / DOM Fingerprints

CSS Classes

vmbfWordpressWidget

Data Attributes

vmbf_plugin_options

FAQ