Does IdoBooking have any unpatched vulnerabilities?

No. All known vulnerabilities in IdoBooking have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is IdoBooking compatible with WordPress 6.0.11?

According to WordPress.org data, IdoBooking 1.2 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

How often is IdoBooking updated?

IdoBooking was last updated on Nov 14, 2022. Frequent updates are generally a positive security signal.

What is IdoBooking's security score?

IdoBooking has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

IdoBooking Security & Risk Analysis

wordpress.org/plugins/booking-calendar-with-availability-management

Add a calendar to a reservation of: a room, suite, night or an attraction. The system sends emails, calculates payments and updates availability.

100 active installs v1.2 PHP + WP 4.0+ Updated Nov 14, 2022

availability-calendarbooking-calendarbooking-engineonline-bookingreservation-system

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is IdoBooking Safe to Use in 2026?

Generally Safe

Score 85/100

IdoBooking has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The static analysis for booking-calendar-with-availability-management v1.2 reveals a seemingly robust security posture with no direct attack surface through AJAX, REST API, shortcodes, or cron events, and no dangerous functions identified. The absence of any known CVEs in its vulnerability history further suggests a history of responsible security practices or limited past scrutiny.

However, a significant concern arises from the code signals. With 117 total outputs, only 15% are properly escaped. This indicates a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data or dynamic content could be injected into the output without proper sanitization. While taint analysis shows no critical or high severity flows, the poor output escaping is a glaring weakness that could be exploited to execute arbitrary JavaScript in the context of a logged-in user's browser.

In conclusion, while the plugin benefits from a lack of known vulnerabilities and a well-defined, limited attack surface, the critical lack of output escaping represents a substantial security risk. This weakness, if exploited, could lead to client-side attacks like XSS, undermining user trust and potentially compromising sensitive information accessible within the browser session. Developers should prioritize addressing the output escaping issues to improve the plugin's overall security.

Key Concerns

Insufficient output escaping

Vulnerabilities

None known

IdoBooking Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

IdoBooking Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

18 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

15% escaped117 total outputs

Attack Surface

IdoBooking Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_menuadmin\AdminPage.php:12

actionadmin_initadmin\AdminPage.php:13

actioninitidosellbooking.php:22

filterthe_contentidosellbooking.php:60

actionwidgets_initidosellbooking.php:62

actionwidgets_initidosellbooking.php:64

Maintenance & Trust

IdoBooking Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedNov 14, 2022

PHP min version

Downloads10K

Community Trust

Rating100/100

Number of ratings3

Active installs100

Alternatives

IdoBooking Alternatives

Redforts Hotel Booking Engine

oscar-hotel-booking-engine

100

This plugin integrates with Redforts Hotel Software, the all-in-one solution for hotels, hostels, apartments, villas, campings, and more.

300 No CVEs

WP Booking System – Booking Calendar

wp-booking-system

The booking calendar plugin for WordPress. Get easy online booking with this lightweight and powerful booking calendar.

20K 7 CVEs

WP Simple Booking Calendar

wp-simple-booking-calendar

This booking calendar shows when something is booked or available. Use it to show when your holiday home is available for rent, for example.

20K 4 CVEs

Pinpoint Booking System – Version 2

booking-system

Book anything, anytime, anywhere.

3K 13 CVEs

Beds24 Online Booking

beds24-online-booking

Accept commission free online bookings from your Wordpress website. Suitable for hotels, B&B's, holiday rentals, vacation rentals, apartments …

2K 7 CVEs

Developer Profile

IdoBooking Developer Profile

IAI S.A.

1 plugin · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect IdoBooking

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/booking-calendar-with-availability-management/style.css/wp-content/plugins/booking-calendar-with-availability-management/script.js

Script Paths

/wp-content/plugins/booking-calendar-with-availability-management/script.js

Version Parameters

booking-calendar-with-availability-management/style.css?ver=booking-calendar-with-availability-management/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

idosell-booking-widgetidosell-booking-button

HTML Comments

Data Attributes

data-idosellbooking-iddata-idosellbooking-width

JS Globals

window.IdoSellBookingvar idoSellBookingConfig

Shortcode Output

[idosellbooking|button][idosellbooking|widget][idosellbooking|widget|[idosellbooking]

FAQ