Does Booking Works have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Booking Works compatible with WordPress 6.6.5?

According to WordPress.org data, Booking Works 1.0.4 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Booking Works compatible with PHP 7.0+?

Booking Works requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Booking Works updated?

Booking Works was last updated on Oct 31, 2024. Frequent updates are generally a positive security signal.

What is Booking Works's security score?

Booking Works has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Booking Works Security & Risk Analysis

wordpress.org/plugins/booking-works

A great plugin to manage bookings and calendar related functions.

0 active installs v1.0.4 PHP 7.0+ WP 4.9+ Updated Oct 31, 2024

bookingscalendarseventshotel-roomsreal-estate

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Booking Works Safe to Use in 2026?

Generally Safe

Score 92/100

Booking Works has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The booking-works plugin version 1.0.4 presents a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and has no recorded vulnerability history, suggesting a potentially well-maintained codebase.

However, significant concerns arise from the static analysis. A large portion of the plugin's attack surface, specifically 10 AJAX handlers, lacks authentication checks. While there are 4 nonce and 4 capability checks, their distribution across 17 entry points, with 10 being unprotected, is a substantial risk. The taint analysis also revealed 5 flows with unsanitized paths, although thankfully none were classified as critical or high severity.

Despite the absence of known CVEs and the use of prepared statements, the presence of numerous unprotected AJAX endpoints and unsanitized paths creates a considerable risk of unauthorized actions or potential vulnerabilities. The plugin's strengths in SQL handling are overshadowed by its weaknesses in input validation and access control for its AJAX endpoints.

Key Concerns

Unprotected AJAX handlers
Unsanitized paths in taint flows
Low percentage of properly escaped output
Limited nonce checks for entry points
Limited capability checks for entry points

Vulnerabilities

None known

Booking Works Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Booking Works Release Timeline

v1.0.4Current

v1.0.3

v1.0.2

v1.0.1

v1.0

Code Analysis

Analyzed Apr 16, 2026

Booking Works Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

228

25 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared11 total queries

Output Escaping

10% escaped253 total outputs

Data Flows · Security

5 unsanitized

Data Flow Analysis

9 flows5 with unsanitized paths

wpbw_next_prev_ajax (inc/functions.php:1377)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

Booking Works Attack Surface

Entry Points17

Unprotected10

AJAX Handlers 10

authwp_ajax_wpbw_confirm_contractinc/functions.php:73

authwp_ajax_wp_ca_next_previnc/functions.php:1410

noprivwp_ajax_wp_ca_next_previnc/functions.php:1411

authwp_ajax_wp_ca_update_chunksinc/functions.php:1482

authwp_ajax_wp_ca_hours_selectioninc/functions.php:1631

authwp_ajax_wp_ca_delete_user_iteminc/functions.php:1729

authwp_ajax_wp_ca_book_confirminc/functions.php:2200

authwp_ajax_wp_ca_confirm_startinc/functions.php:4305

authwp_ajax_wp_ca_confirm_endinc/functions.php:4306

authwp_ajax_wp_ca_add_on_cartinc/functions.php:4849

Shortcodes 7

[WP-CALENDARS] inc/functions.php:1202

[WP-BOOKING-TRACKING] inc/functions.php:1276

[ns-add-product] inc/functions.php:2385

[WP-CA-PRODUCTS-BY-USERS] inc/functions.php:2433

[WP-CA-SALES-BY-USERS] inc/functions.php:2462

[WP-CA-PRODUCT-TYPES] inc/functions.php:2913

[BECOME-A-VENDOR] inc/functions.php:4637

WordPress Hooks 42

actionshow_user_profileinc/functions-user.php:3

actionedit_user_profileinc/functions-user.php:4

actionpersonal_options_updateinc/functions-user.php:26

actionedit_user_profile_updateinc/functions-user.php:27

actionwpinc/functions-user.php:156

actionadmin_initinc/functions.php:218

actionadmin_enqueue_scriptsinc/functions.php:737

actionwp_enqueue_scriptsinc/functions.php:738

actionwoocommerce_order_status_pendinginc/functions.php:2205

actionwoocommerce_order_status_on-holdinc/functions.php:2206

actionwoocommerce_order_status_processinginc/functions.php:2207

actionwoocommerce_order_status_completedinc/functions.php:2208

actionwp_loadedinc/functions.php:2419

actionwp_footerinc/functions.php:2460

actioninitinc/functions.php:2915

actionwoocommerce_before_single_productinc/functions.php:3069

filteradd_to_cart_textinc/functions.php:3087

filterwoocommerce_product_single_add_to_cart_textinc/functions.php:3088

actionwoocommerce_before_checkout_forminc/functions.php:3503

actionwp_headinc/functions.php:3889

actionadmin_headinc/functions.php:3913

actionwoocommerce_order_details_after_order_tableinc/functions.php:4208

filterwoocommerce_add_to_cart_redirectinc/functions.php:4337

actionadmin_footerinc/functions.php:4383

filterwoocommerce_account_menu_itemsinc/functions.php:4517

filterwoocommerce_product_add_to_cart_textinc/functions.php:4520

filterwoocommerce_loop_add_to_cart_linkinc/functions.php:4559

filterthe_titleinc/functions.php:4605

actionwoocommerce_email_customer_detailsinc/functions.php:4645

filterwoocommerce_cart_item_nameinc/functions.php:4680

actionwoocommerce_thankyouinc/functions.php:4682

filterwoocommerce_order_item_nameinc/functions.php:4687

actionwoocommerce_order_details_before_order_table_itemsinc/functions.php:4693

filterwoocommerce_order_item_nameinc/functions.php:4698

filterthe_contentinc/functions.php:4742

filterwoocommerce_thankyou_order_keyinc/functions.php:4746

filterwoocommerce_thankyou_order_keyinc/functions.php:4792

filterwoocommerce_is_purchasableinc/functions.php:4902

actioninitinc/functions.php:4925

actionadd_meta_boxesindex.php:150

actionsave_postindex.php:151

actionadmin_menuindex.php:171

Maintenance & Trust

Booking Works Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedOct 31, 2024

PHP min version7.0

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Booking Works Alternatives

Events Manager – Calendar, Bookings, Tickets, and more!

events-manager

Events calendar with bookings, scheduling, appointments, event registration, tickets, recurring events, and venue management.

70K 34 CVEs

WP Events Manager

wp-events-manager

The all in one Events Manager for WordPress: create and manage events, sell event tickets online easily. No Coding Required.

30K 2 CVEs

WP FullCalendar

wp-fullcalendar

Uses the FullCalendar library to create a stunning calendar view of events, posts and other custom post types

9K 2 unpatched

Registrations for the Events Calendar – Event Registration Plugin

registrations-for-the-events-calendar

Collect and manage event registrations with a customizable form and email template. The best event registration plugin for The Events Calendar.

7K 7 CVEs

WP Events Manager WooCommerce

wp-events-manager-woocommerce-payment-methods-integration

WP Events Manager Woocommerce Plugin - Support paying for booking of WP Events Manager plugin with the payment system provided by WooCommerce.

2K No CVEs

Developer Profile

Booking Works Developer Profile

Fahad Mahmood

44 plugins · 33K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

228 days

View full developer profile

Detection Fingerprints

How We Detect Booking Works

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/booking-works/assets/css/style.css/wp-content/plugins/booking-works/assets/js/booking-works.js/wp-content/plugins/booking-works/assets/js/jquery.nice-select.min.js

Script Paths

/wp-content/plugins/booking-works/assets/js/booking-works.js/wp-content/plugins/booking-works/assets/js/jquery.nice-select.min.js

Version Parameters

booking-works/assets/css/style.css?ver=booking-works/assets/js/booking-works.js?ver=booking-works/assets/js/jquery.nice-select.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

booking-works-wrapperbooking-works-calendar

HTML Comments

Data Attributes

data-bw-typedata-bw-id

JS Globals

window.bookingWorks

Shortcode Output

[WP-CA-PRODUCT-TYPES][ns-add-product][WP-BOOKING-TRACKING][WP-CA-SALES-BY-USERS]

FAQ