Bookwize Form Security & Risk Analysis
wordpress.org/plugins/bookwize-booking-formConnect easily Bookwize Hotel Booking System with your WordPress website and let visitors search availability and rates directly from your website.
Is Bookwize Form Safe to Use in 2026?
Generally Safe
Score 85/100Bookwize Form has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The bookwize-booking-form plugin version 1.9.7 exhibits a mixed security posture. On the positive side, there are no recorded vulnerabilities (CVEs) and the plugin doesn't perform file operations or external HTTP requests. The total attack surface is minimal, with only one shortcode identified and no unprotected entry points based on the static analysis. However, significant concerns arise from the code analysis. A substantial portion of output (94%) is not properly escaped, presenting a high risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, 50% of SQL queries are not using prepared statements, which could lead to SQL injection flaws. The taint analysis reveals two flows with unsanitized paths, although they are not flagged as critical or high severity. The absence of nonce checks and a concerningly low capability check count also contribute to the overall risk.
Key Concerns
- High percentage of unescaped output
- Raw SQL queries without prepared statements
- Taint flows with unsanitized paths
- No nonce checks detected
- Low number of capability checks
Bookwize Form Security Vulnerabilities
Bookwize Form Release Timeline
Bookwize Form Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Bookwize Form Attack Surface
Shortcodes 1
WordPress Hooks 17
Maintenance & Trust
Bookwize Form Maintenance & Trust
Maintenance Signals
Community Trust
Bookwize Form Alternatives
Beds24 Online Booking
beds24-online-booking
Accept commission free online bookings from your Wordpress website. Suitable for hotels, B&B's, holiday rentals, vacation rentals, apartments …
Sirvoy Booking Engine
sirvoy-booking-engine
Sirvoy booking engine - Non-Commission Direct Bookings from Your Website. Sirvoy can also help you to receive bookings from channels, and much more.
MyBooking Reservation Engine
mybooking-reservation-engine
Mybooking Reservation Engine WordPress plugin.
bookingkit
bookingkit
bookingkit allows you to easily make your events and tours bookable - instantly and directly on your website.
Bookwize Integrated Cinnamon
bookwize-integrated-cinnamon
Integrate Bookwize Hotel Booking Engine in your WordPress website and let visitors check availability and rates and make a booking directly from your …
Bookwize Form Developer Profile
2 plugins · 20 total installs
How We Detect Bookwize Form
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/bookwize-booking-form/admin/css/bookwize-form-admin.css/wp-content/plugins/bookwize-booking-form/js/bookwize-form-admin.jswp-color-picker-script.jsbookwize-booking-form/js/bookwize-form-admin.js?ver=wp-color-picker-script.js?ver=HTML / DOM Fingerprints
bookwize-formbookwize-calendarbookwize-date-pickerbookwize-time-pickerbookwize-field-wrapper<!-- BEGIN: Bookwize Booking Form --><!-- END: Bookwize Booking Form --><!-- Bookwize Date Picker --><!-- Bookwize Time Picker -->+1 moredata-bwf-actiondata-bwf-form-iddata-bwf-date-formatdata-bwf-time-formatBookwizeFormbookwize_admin_params/wp-json/bookwize/v1/booking/wp-json/bookwize/v1/availability[bookwize_booking_form][bookwize_booking_form id=1]