WP-Safety

Bookwize Integrated Cinnamon Security & Risk Analysis

wordpress.org/plugins/bookwize-integrated-cinnamon

Integrate Bookwize Hotel Booking Engine in your WordPress website and let visitors check availability and rates and make a booking directly from your …

10 active installs v2.5 PHP + WP 4.0.1+ Updated Oct 21, 2021
bookinghotelhotel-bookinghotel-booking-enginehotel-booking-system
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Bookwize Integrated Cinnamon Safe to Use in 2026?

Generally Safe

Score 85/100

Bookwize Integrated Cinnamon has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The 'bookwize-integrated-cinnamon' v2.5 plugin exhibits a mixed security posture. While the absence of known CVEs and critical taint flows is positive, several concerning practices were identified in the static analysis. The presence of two AJAX handlers without authentication checks represents a significant attack vector, as these entry points could be exploited by unauthenticated users. Furthermore, the plugin utilizes raw SQL queries without prepared statements, which is a common source of SQL injection vulnerabilities. The low percentage of properly escaped output (11%) also indicates a high risk of cross-site scripting (XSS) vulnerabilities, as user-supplied data might be directly rendered without adequate sanitization.

Despite these critical areas for improvement, the plugin does implement some basic security measures, as evidenced by the presence of nonce and capability checks in a few instances. The lack of external HTTP requests and file operations without clear context also mitigates some potential risks. The vulnerability history being clean is a good sign, suggesting either diligent development or a lack of targeted discovery. However, the identified code-level weaknesses mean that the plugin is vulnerable even without past reported issues. In conclusion, while the plugin has a clean history, the identified static analysis issues, particularly the unprotected AJAX handlers and lack of prepared statements for SQL queries, present a substantial risk that requires immediate attention.

Key Concerns

  • AJAX handlers without auth checks
  • Raw SQL queries without prepared statements
  • Low percentage of properly escaped output
  • One instance of missing nonce check for AJAX
Vulnerabilities
None known

Bookwize Integrated Cinnamon Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Bookwize Integrated Cinnamon Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
0 prepared
Unescaped Output
31
4 escaped
Nonce Checks
1
Capability Checks
3
File Operations
3
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared2 total queries

Output Escaping

11% escaped35 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths
http_response_code (functions.php:4)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Bookwize Integrated Cinnamon Attack Surface

Entry Points6
Unprotected2

AJAX Handlers 2

authwp_ajax_wp_dynamic_cssincludes\bootstrap.php:47
noprivwp_ajax_wp_dynamic_cssincludes\bootstrap.php:48

Shortcodes 4

[jcc_redirect_page] functions.php:382
[bw_myreservation] includes\class-bookwize-integrated-cinnamon-shortcodes.php:17
[bw_form] includes\class-bookwize-integrated-cinnamon-shortcodes.php:18
[bw_integrated] includes\class-bookwize-integrated-cinnamon-shortcodes.php:19
WordPress Hooks 28
actionadmin_headadmin\class-bookwize-integrated-cinnamon-admin.php:56
actionload-post.phpadmin\class-bookwize-integrated-cinnamon-admin.php:127
actionload-post-new.phpadmin\class-bookwize-integrated-cinnamon-admin.php:128
actionplugins_loadedbookwize-integrated-cinnamon.php:89
filterthe_contentfunctions.php:322
actioninitfunctions.php:379
actionwp_enqueue_scriptsincludes\bootstrap.php:46
actioninitincludes\class-bookwize-integrated-cinnamon-meta.php:29
actionadd_meta_boxesincludes\class-bookwize-integrated-cinnamon-meta.php:44
actionsave_postincludes\class-bookwize-integrated-cinnamon-meta.php:45
actioninitincludes\class-bookwize-integrated-cinnamon-shortcodes.php:9
actionplugins_loadedincludes\class-bookwize-integrated-cinnamon.php:211
actionadmin_initincludes\class-bookwize-integrated-cinnamon.php:227
actionadmin_initincludes\class-bookwize-integrated-cinnamon.php:228
actionadmin_menuincludes\class-bookwize-integrated-cinnamon.php:229
actionadmin_enqueue_scriptsincludes\class-bookwize-integrated-cinnamon.php:232
actionadmin_enqueue_scriptsincludes\class-bookwize-integrated-cinnamon.php:233
actionload-post.phpincludes\class-bookwize-integrated-cinnamon.php:235
actionload-post-new.phpincludes\class-bookwize-integrated-cinnamon.php:236
actionwp_enqueue_scriptsincludes\class-bookwize-integrated-cinnamon.php:253
actionwp_enqueue_scriptsincludes\class-bookwize-integrated-cinnamon.php:254
actioninitincludes\class-bookwize-integrated-cinnamon.php:257
actionwp_headpublic\class-bookwize-public.php:79
filterredirect_canonicalpublic\class-bookwize-public.php:80
filterbody_classpublic\class-bookwize-public.php:81
actiontemplate_redirectpublic\class-bookwize-public.php:82
filterthe_contentpublic\class-bookwize-public.php:84
actionbookwize_enqueue_scripts_and_stylespublic\class-bookwize-public.php:86
Maintenance & Trust

Bookwize Integrated Cinnamon Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedOct 21, 2021
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Bookwize Integrated Cinnamon Alternatives

Sirvoy Booking Engine

Sirvoy Booking Engine

sirvoy-booking-engine

A
100

Sirvoy booking engine - Non-Commission Direct Bookings from Your Website. Sirvoy can also help you to receive bookings from channels, and much more.

1K No CVEs
Astro Booking Engine

Astro Booking Engine

astro-booking-engine

A
100

Use shortcode [astro-booking-engine] to display the booking form. Configure with 5Stelle, Iperbooking, Passepartout, Simple booking, or Vertical booki …

10 No CVEs
Softinn Hotel Booking Engine

Softinn Hotel Booking Engine

softinn-booking-engine

A
92

Unlock room booking power on your WP site with Softinn Hotel Booking Engine, tailored for boutique hotels in Southeast Asia.

10 No CVEs
MotoPress Hotel Booking

MotoPress Hotel Booking

motopress-hotel-booking-lite

A
86

The #1 Hotel Booking and Vacation Rental Plugin for WordPress. Online payments, seasons, rates, free or paid extras, coupons, taxes & fees.

10K 4 CVEs
MotoPress Hotel Booking for Elementor

MotoPress Hotel Booking for Elementor

mphb-elementor

A
100

Build your property rental website visually with MotoPress Hotel Booking plugin shortcodes and Elementor.

10K No CVEs
Developer Profile

Bookwize Integrated Cinnamon Developer Profile

Bookwize

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Bookwize Integrated Cinnamon

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bookwize-integrated-cinnamon/css/bookwize-integrated-cinnamon-admin.css/wp-content/plugins/bookwize-integrated-cinnamon/js/bookwize-integrated-cinnamon-admin.js
Version Parameters
bookwize-integrated-cinnamon-admin.css?ver=bookwize-integrated-cinnamon-admin.js?ver=

HTML / DOM Fingerprints

Data Attributes
bookwize_integrated_page_type
JS Globals
bw
FAQ

Frequently Asked Questions about Bookwize Integrated Cinnamon