WP-Safety

Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle) Security & Risk Analysis

wordpress.org/plugins/bus-booking-manager

The Multipurpose Ticket Booking Manager is a reliable plugin to book tickets for transportation, such as buses, trains, and ferries in one place.

90 active installs v5.0.1 PHP 7.0+ WP 4.5+ Updated Jan 29, 2026
bus-booking-managerbus-ticket-booking-for-wordpress
99
A · Safe
CVEs total1
Unpatched0
Last CVESep 23, 2024
Plugin page Download
Safety Verdict

Is Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle) Safe to Use in 2026?

Generally Safe

Score 99/100

Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle) has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Sep 23, 2024Updated 3mo ago
Risk Assessment

The 'bus-booking-manager' plugin version 5.0.1 exhibits a generally strong security posture, with most entry points protected by authentication checks and a high percentage of SQL queries utilizing prepared statements and output escaping. The absence of unprotected AJAX handlers, REST API routes, and file operations is commendable. However, the presence of the 'unserialize' function poses a potential risk, as it can be a vector for remote code execution if user-supplied data is unserialized without proper validation and sanitization. While the plugin has a history of one medium-severity Cross-Site Scripting (XSS) vulnerability, it is currently patched, indicating the developers address security issues. The taint analysis shows no critical or high-severity unsanitized paths, which is positive. The plugin's overall security is good, but the 'unserialize' function warrants careful monitoring and potentially further review.

Key Concerns

  • Presence of 'unserialize' function
  • One medium CVE in history
Vulnerabilities
1 published

Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle) Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-44037medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multipurpose Ticket Booking Manager <= 4.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 23, 2024 Patched in 4.2.3 (23d)
Version History

Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle) Release Timeline

v3.0.41 CVE
CVE-2024-44037
v3.0.11 CVE
CVE-2024-44037
v2.01 CVE
CVE-2024-44037
v1.01 CVE
CVE-2024-44037
Code Analysis
Analyzed Mar 16, 2026

Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle) Code Analysis

Dangerous Functions
1
Raw SQL Queries
23
69 prepared
Unescaped Output
58
1837 escaped
Nonce Checks
32
Capability Checks
10
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$get_pickpoints_data = unserialize($get_pickpoints_data);inc\wbbm_bus_ticket_meta.php:1105

Bundled Libraries

Select2

SQL Query Safety

75% prepared92 total queries

Output Escaping

97% escaped1895 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

13 flows1 with unsanitized paths
<single-bus> (templates\single-bus.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle) Attack Surface

Entry Points15
Unprotected0

AJAX Handlers 11

authwp_ajax_wbtm_add_bus_stopeinc\class-meta-box.php:24
noprivwp_ajax_wbtm_add_bus_stopeinc\class-meta-box.php:25
authwp_ajax_wbtm_add_bus_featureinc\class-meta-box.php:28
noprivwp_ajax_wbtm_add_bus_featureinc\class-meta-box.php:29
authwp_ajax_wbtm_add_pickupinc\class-meta-box.php:35
noprivwp_ajax_wbtm_add_pickupinc\class-meta-box.php:36
authwp_ajax_wbbm_run_route_migrationinc\class-route-migration.php:23
authwp_ajax_wbbm_dismiss_migration_noticeinc\class-route-migration.php:24
authwp_ajax_wbtm_reload_pricinginc\clean\layout\WBBM_Pricing_Routing.php:15
authwp_ajax_wbbm_load_dropping_pointinc\clean\mage_helper.php:125
noprivwp_ajax_wbbm_load_dropping_pointinc\clean\mage_helper.php:126

Shortcodes 4

[bus-search-form] inc\BusBookingManagerClass.php:65
[bus-search] inc\BusBookingManagerClass.php:66
[bus-list] inc\wbbm_shortcode.php:4
[destination] inc\wbbm_shortcode.php:99
WordPress Hooks 97
actionmage_next_dateinc\BusBookingManagerClass.php:33
actionsave_postinc\BusBookingManagerClass.php:35
actionwbbm_active_dateinc\BusBookingManagerClass.php:36
actionmage_search_from_onlyinc\BusBookingManagerClass.php:38
actionwbbm_prevent_form_resubmissioninc\BusBookingManagerClass.php:39
actionwoocommerce_before_add_to_cart_buttoninc\BusBookingManagerClass.php:40
filtertemplate_includeinc\BusBookingManagerClass.php:55
filterwoocommerce_add_cart_item_datainc\BusBookingManagerClass.php:56
filterwoocommerce_get_item_datainc\BusBookingManagerClass.php:57
actionadmin_enqueue_scriptsinc\class-mage-settings.php:41
actionadd_meta_boxesinc\class-meta-box.php:9
actionwbbm_meta_box_tab_labelinc\class-meta-box.php:12
actionwbbm_meta_box_tab_contentinc\class-meta-box.php:15
actionadmin_initinc\class-meta-box.php:21
actionedited_wbbm_bus_featureinc\class-meta-box.php:31
actioncreate_wbbm_bus_featureinc\class-meta-box.php:32
actiontemplate_redirectinc\class-remove-bus-info-to-cart.php:7
actionadmin_noticesinc\class-route-migration.php:20
actionwbtm_add_settings_tab_contentinc\clean\layout\WBBM_Pricing_Routing.php:14
actionwp_footerinc\clean\mage_helper.php:554
filtermanage_edit-wbbm_bus_cat_columnsinc\clean\mage_helper.php:597
filtermanage_wbbm_bus_cat_custom_columninc\clean\mage_helper.php:604
filtermanage_edit-wbbm_bus_stops_columnsinc\clean\mage_helper.php:616
filtermanage_wbbm_bus_stops_custom_columninc\clean\mage_helper.php:623
filtermanage_edit-wbbm_bus_pickpoint_columnsinc\clean\mage_helper.php:682
filtermanage_wbbm_bus_pickpoint_custom_columninc\clean\mage_helper.php:689
actionwp_loadedinc\clean\mage_helper.php:866
actionmp_load_date_picker_jsinc\MP_Global_Function.php:13
actionwp_headinc\MP_Global_Style.php:13
actionadmin_headinc\MP_Global_Style.php:14
actionadmin_noticesinc\wbbm-required-plugins.php:18
actionadmin_menuinc\wbbm-required-plugins.php:19
actionadmin_initinc\wbbm-required-plugins.php:20
actionadmin_initinc\wbbm_admin_settings.php:14
actionadmin_menuinc\wbbm_admin_settings.php:15
actionadd_meta_boxesinc\wbbm_bus_ticket_meta.php:6
actionsave_postinc\wbbm_bus_ticket_meta.php:103
actionsave_postinc\wbbm_bus_ticket_meta.php:205
actionsave_postinc\wbbm_bus_ticket_meta.php:310
actionsave_postinc\wbbm_bus_ticket_meta.php:830
actionsave_postinc\wbbm_bus_ticket_meta.php:1248
actionsave_postinc\wbbm_bus_ticket_meta.php:1338
actionsave_postinc\wbbm_bus_ticket_meta.php:1387
actionsave_postinc\wbbm_bus_ticket_meta.php:1519
actionsave_postinc\wbbm_bus_ticket_meta.php:1777
actioninitinc\wbbm_cpt.php:73
actiondeactivate_plugininc\wbbm_dummy_import.php:17
actionactivated_plugininc\wbbm_dummy_import.php:18
actionadmin_initinc\wbbm_dummy_import.php:19
actionadmin_enqueue_scriptsinc\wbbm_enque.php:5
actionadmin_enqueue_scriptsinc\wbbm_enque.php:82
actionadmin_footerinc\wbbm_enque.php:88
actionwp_footerinc\wbbm_enque.php:89
actionwp_footerinc\wbbm_enque.php:101
actionwp_enqueue_scriptsinc\wbbm_enque.php:119
actionwp_headinc\wbbm_enque.php:151
actionadmin_headinc\wbbm_enque.php:152
actionwoocommerce_before_calculate_totalsinc\wbbm_extra_price.php:7
actionwoocommerce_after_checkout_validationinc\wbbm_extra_price.php:67
actionwoocommerce_checkout_create_order_line_iteminc\wbbm_extra_price.php:217
filterwoocommerce_add_to_cart_validationinc\wbbm_extra_price.php:281
filterwbbm_settings_sec_reginc\wbbm_license.php:127
actionwsa_form_bottom_wbbm_basic_license_settingsinc\wbbm_license.php:140
actionadmin_initinc\wbbm_migration.php:96
actionwbbm_bus_feature_add_form_fieldsinc\wbbm_tax.php:128
actionwbbm_bus_feature_edit_form_fieldsinc\wbbm_tax.php:129
actionedited_wbbm_bus_featureinc\wbbm_tax.php:140
actioncreate_wbbm_bus_featureinc\wbbm_tax.php:141
actionwbbm_bus_feature_add_form_fieldsinc\wbbm_tax.php:165
actionwbbm_bus_feature_edit_form_fieldsinc\wbbm_tax.php:192
actioninitinc\wbbm_tax.php:4961
actionadmin_initinc\wbbm_upgrade.php:7
actionadmin_enqueue_scriptsinc\WBTM_Quick_Setup.php:11
actionadmin_menuinc\WBTM_Quick_Setup.php:12
actioninitwoocommerce-bus.php:91
actionactivated_pluginwoocommerce-bus.php:166
actionplugins_loadedwoocommerce-bus.php:535
filterwoocommerce_data_storeswoocommerce-bus.php:587
actionadmin_noticeswoocommerce-bus.php:594
actionwoocommerce_before_checkout_formwoocommerce-bus.php:597
actionrestrict_manage_postswoocommerce-bus.php:604
filterparse_querywoocommerce-bus.php:626
filtertemplate_includewoocommerce-bus.php:638
actionwoocommerce_store_api_checkout_order_processedwoocommerce-bus.php:1406
actionwoocommerce_checkout_order_processedwoocommerce-bus.php:1407
actionwoocommerce_thankyouwoocommerce-bus.php:1599
actionwoocommerce_order_status_changedwoocommerce-bus.php:1636
actionshow_seat_formwoocommerce-bus.php:1797
filterwoocommerce_cart_item_pricewoocommerce-bus.php:1891
actionwp_insert_postwoocommerce-bus.php:2037
actionsave_postwoocommerce-bus.php:2062
actionsave_postwoocommerce-bus.php:2102
actionparse_querywoocommerce-bus.php:2106
actionactivated_pluginwoocommerce-bus.php:2127
actionwoocommerce_order_item_get_formatted_meta_datawoocommerce-bus.php:2148
filterplugin_action_linkswoocommerce-bus.php:2185
filterplugin_row_metawoocommerce-bus.php:2199
Maintenance & Trust

Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 29, 2026
PHP min version7.0
Downloads19K

Community Trust

Rating86/100
Number of ratings7
Active installs90
Alternatives

Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle) Alternatives

Bus Ticket Booking with Seat Reservation

Bus Ticket Booking with Seat Reservation

bus-ticket-booking-with-seat-reservation

C
62

Offer the convenience of seat selection and reservation on your WordPress website. A customized solution for efficient bus ticketing.

900 1 unpatched
Developer Profile

Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle) Developer Profile

magepeopleteam

11 plugins · 12K total installs

78
trust score
Avg Security Score
85/100
Avg Patch Time
90 days
View full developer profile
Detection Fingerprints

How We Detect Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bus-booking-manager/inc/css/wbbm-admin.css/wp-content/plugins/bus-booking-manager/inc/css/wbbm-style.css/wp-content/plugins/bus-booking-manager/inc/js/wbbm-admin.js/wp-content/plugins/bus-booking-manager/inc/js/wbbm-frontend.js/wp-content/plugins/bus-booking-manager/inc/js/wbbm-frontend-script.js
Script Paths
/wp-content/plugins/bus-booking-manager/inc/js/wbbm-admin.js/wp-content/plugins/bus-booking-manager/inc/js/wbbm-frontend.js/wp-content/plugins/bus-booking-manager/inc/js/wbbm-frontend-script.js
Version Parameters
bus-booking-manager/inc/css/wbbm-admin.css?ver=bus-booking-manager/inc/css/wbbm-style.css?ver=bus-booking-manager/inc/js/wbbm-admin.js?ver=bus-booking-manager/inc/js/wbbm-frontend.js?ver=bus-booking-manager/inc/js/wbbm-frontend-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
wbbm-admin-sectionwbbm-field-wrapwbbm-date-pickerwbbm-time-pickerwbbm-booking-formwbbm-bus-selection
HTML Comments
<!-- Added by Sumon --><!-- Language Load --><!-- Added by sumon --><!---------------- -->
Data Attributes
data-wbbm-action
JS Globals
wbbm_frontend_objWBBM_ADMIN_OBJ
REST Endpoints
/wp-json/bus-booking-manager/v1/get_cities
Shortcode Output
[wbbm_booking_form][wbbm_booking_list][wbbm_search_form]
FAQ

Frequently Asked Questions about Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle)