WP-Safety

Bus Ticket Booking with Seat Reservation Security & Risk Analysis

wordpress.org/plugins/bus-ticket-booking-with-seat-reservation

Offer the convenience of seat selection and reservation on your WordPress website. A customized solution for efficient bus ticketing.

900 active installs v5.6.0 PHP 7.0+ WP 4.5+ Updated Mar 9, 2026
bus-ticket-booking-for-wordpressbus-ticket-booking-with-seat-reservationwoocommerce-seat-reservation-for-wordpress-woocommerce
64
C · Use Caution
CVEs total5
Unpatched1
Last CVEMar 5, 2026
Plugin page Download
Safety Verdict

Is Bus Ticket Booking with Seat Reservation Safe to Use in 2026?

Use With Caution

Score 64/100

Bus Ticket Booking with Seat Reservation has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

5 known CVEs 1 unpatched Last CVE: Mar 5, 2026Updated 25d ago
Risk Assessment

The "bus-ticket-booking-with-seat-reservation" plugin v5.6.0 exhibits a mixed security posture. On the positive side, the static analysis reveals strong adherence to secure coding practices, with 100% of SQL queries using prepared statements and 99% of output being properly escaped. The plugin also implements nonce checks for all entry points and includes capability checks, which are good security fundamentals. However, a significant concern is the presence of 2 AJAX handlers that lack authentication checks, representing a direct attack vector. While taint analysis did not reveal critical or high-severity issues, the plugin's history is deeply concerning, with 5 known CVEs, one of which remains unpatched. The types of past vulnerabilities, including deserialization, CSRF, and XSS, suggest recurring weaknesses in input validation and secure data handling, even if current static analysis doesn't flag them.

Despite the positive indicators in current code quality, the substantial vulnerability history, especially the unpatched CVE, cannot be overlooked. The lack of authentication on AJAX handlers is a clear and immediate risk. The historical pattern of deserialization, CSRF, and XSS vulnerabilities suggests a potential for similar issues to re-emerge, indicating a need for more robust and continuous security auditing. Therefore, while some aspects of the plugin's security are well-implemented, the past and present vulnerabilities create a significant risk that needs careful consideration and remediation.

Key Concerns

  • Unpatched CVE
  • AJAX handlers without auth checks
  • High number of known CVEs (5 total)
  • Bundled outdated library (Select2 implies potential for known vulnerabilities)
Vulnerabilities
5

Bus Ticket Booking with Seat Reservation Security Vulnerabilities

CVEs by Year

2 CVEs in 2023
2023
1 CVE in 2024
2024
1 CVE in 2025
2025
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

High
2
Medium
3

5 total CVEs

CVE-2026-27095high · 8.1Deserialization of Untrusted Data

Bus Ticket Booking with Seat Reservation <= 5.6.2 - Unauthenticated PHP Object Injection

Mar 5, 2026Unpatched
CVE-2024-49294medium · 4.3Cross-Site Request Forgery (CSRF)

Bus Ticket Booking with Seat Reservation <= 5.4.3 - Cross-Site Request Forgery

Jan 6, 2025 Patched in 5.4.5 (26d)
CVE-2024-43985medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bus Ticket Booking with Seat Reservation <= 5.3.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

Aug 28, 2024 Patched in 5.3.6 (8d)
CVE-2023-30496high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bus Ticket Booking with Seat Reservation <= 5.2.5 - Unauthenticated Cross-Site Scripting

Nov 13, 2023 Patched in 5.2.6 (71d)
CVE-2023-4067medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bus Ticket Booking with Seat Reservation <= 5.2.3 - Reflected Cross-Site Scripting

Aug 1, 2023 Patched in 5.2.4 (175d)
Code Analysis
Analyzed Mar 16, 2026

Bus Ticket Booking with Seat Reservation Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
19
1735 escaped
Nonce Checks
29
Capability Checks
9
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

99% escaped1754 total outputs
Data Flows
All sanitized

Data Flow Analysis

8 flows
<WBTM_Term_Condition_Setting> (admin\settings\WBTM_Term_Condition_Setting.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Bus Ticket Booking with Seat Reservation Attack Surface

Entry Points29
Unprotected2

AJAX Handlers 26

authwp_ajax_wbtm_reload_pricingadmin\settings\WBTM_Pricing_Routing.php:14
authwp_ajax_wbtm_create_seat_planadmin\settings\WBTM_Seat_Configuration.php:14
authwp_ajax_wbtm_create_seat_plan_ddadmin\settings\WBTM_Seat_Configuration.php:16
authwp_ajax_wtbm_save_term_and_conditionadmin\settings\WBTM_Term_Condition_Setting.php:17
authwp_ajax_wtbm_delete_termadmin\settings\WBTM_Term_Condition_Setting.php:18
authwp_ajax_wtbm_save_bus_featuresadmin\settings\WTBM_Features_Seating.php:13
authwp_ajax_wtbm_save_added_term_conditionadmin\settings\WTBM_Term_Condition_Add_Bus.php:15
authwp_ajax_wbtm_get_bus_detailadmin\WBTM_Admin.php:27
noprivwp_ajax_wbtm_get_bus_detailadmin\WBTM_Admin.php:28
authwp_ajax_get_wbtm_dropping_pointinc\WBTM_Layout.php:14
noprivwp_ajax_get_wbtm_dropping_pointinc\WBTM_Layout.php:15
authwp_ajax_get_wbtm_journey_dateinc\WBTM_Layout.php:17
noprivwp_ajax_get_wbtm_journey_dateinc\WBTM_Layout.php:18
authwp_ajax_get_wbtm_return_dateinc\WBTM_Layout.php:20
noprivwp_ajax_get_wbtm_return_dateinc\WBTM_Layout.php:21
authwp_ajax_get_wbtm_bus_listinc\WBTM_Layout.php:23
noprivwp_ajax_get_wbtm_bus_listinc\WBTM_Layout.php:24
authwp_ajax_get_wbtm_bus_detailsinc\WBTM_Layout.php:26
noprivwp_ajax_get_wbtm_bus_detailsinc\WBTM_Layout.php:27
authwp_ajax_wbtm_get_user_bookingsinc\WBTM_My_Account_Dashboard.php:23
authwp_ajax_wbtm_get_booking_detailsinc\WBTM_My_Account_Dashboard.php:24
authwp_ajax_wbtm_update_attendee_infoinc\WBTM_My_Account_Dashboard.php:25
authwp_ajax_wbtm_load_bus_detailsinc\WBTM_Single_Bus_Details.php:12
noprivwp_ajax_wbtm_load_bus_detailsinc\WBTM_Single_Bus_Details.php:13
authwp_ajax_wbtm_ajax_add_to_cartinc\WBTM_Woocommerce.php:12
noprivwp_ajax_wbtm_ajax_add_to_cartinc\WBTM_Woocommerce.php:13

Shortcodes 3

[wbtm-bus-list] inc\WBTM_Shortcodes.php:12
[wbtm-bus-search-form] inc\WBTM_Shortcodes.php:13
[wbtm-bus-search] inc\WBTM_Shortcodes.php:14
WordPress Hooks 131
actionwbtm_add_settings_tab_contentadmin\settings\WBTM_Date_Settings.php:12
actionwbtm_add_settings_tab_contentadmin\settings\WBTM_Extra_Service.php:12
actionwbtm_extra_service_itemadmin\settings\WBTM_Extra_Service.php:13
actionwbtm_add_settings_tab_contentadmin\settings\WBTM_Gallery_Image_Settings.php:12
actionsave_postadmin\settings\WBTM_Gallery_Image_Settings.php:13
actionwbtm_add_settings_tab_contentadmin\settings\WBTM_Pricing_Routing.php:12
actionwbtm_add_settings_tab_contentadmin\settings\WBTM_Seat_Configuration.php:12
actionwbtm_add_settings_tab_contentadmin\settings\WBTM_Settings_General.php:8
actionwbtm_add_settings_tab_contentadmin\settings\WBTM_Settings_Pickup_Point.php:12
actionwbtm_add_settings_tab_contentadmin\settings\WBTM_Tax_Settings.php:12
actionadmin_menuadmin\settings\WBTM_Translation_Settings.php:10
actionadmin_initadmin\settings\WBTM_Translation_Settings.php:11
actionwbtm_add_settings_tab_contentadmin\settings\WTBM_Features_Seating.php:12
actionwbtm_bus_feature_add_form_fieldsadmin\settings\WTBM_Features_Seating.php:15
actionwbtm_bus_feature_edit_form_fieldsadmin\settings\WTBM_Features_Seating.php:16
actioncreated_wbtm_bus_featureadmin\settings\WTBM_Features_Seating.php:17
actionedited_wbtm_bus_featureadmin\settings\WTBM_Features_Seating.php:18
actionwbtm_add_settings_tab_contentadmin\settings\WTBM_Term_Condition_Add_Bus.php:14
actionadmin_initadmin\WBTM_Admin.php:13
actioninitadmin\WBTM_Admin.php:14
filteruse_block_editor_for_post_typeadmin\WBTM_Admin.php:15
actionupgrader_process_completeadmin\WBTM_Admin.php:16
actionadd_meta_boxesadmin\WBTM_Admin.php:19
actionsave_postadmin\WBTM_Admin.php:20
actioninitadmin\WBTM_Admin.php:21
actioninitadmin\WBTM_Admin.php:22
actionadmin_menuadmin\WBTM_Admin.php:23
actiondisplay_post_statesadmin\WBTM_Admin.php:24
filtermanage_wbtm_bus_posts_columnsadmin\WBTM_Admin.php:25
actionmanage_wbtm_bus_posts_custom_columnadmin\WBTM_Admin.php:26
actionwbtm_before_add_to_cartadmin\WBTM_Admin.php:29
actionwbtm_after_add_to_cartadmin\WBTM_Admin.php:30
actionwoocommerce_order_status_changedadmin\WBTM_Admin.php:31
actionadmin_initadmin\WBTM_Admin.php:32
actionadmin_menuadmin\WBTM_Analytics_Dashboard.php:8
actionadmin_enqueue_scriptsadmin\WBTM_Analytics_Dashboard.php:9
actioninitadmin\WBTM_CPT.php:12
actionmanage_wbtm_bus_posts_columnsadmin\WBTM_CPT.php:14
actionmanage_wbtm_bus_posts_custom_columnadmin\WBTM_CPT.php:15
actionwp_headadmin\WBTM_CPT.php:18
filterrobots_txtadmin\WBTM_CPT.php:19
actionadmin_initadmin\WBTM_Dummy_Import.php:8
actionadmin_menuadmin\WBTM_Global_settings.php:15
actionadmin_initadmin\WBTM_Global_settings.php:16
filterwbtm_settings_sec_regadmin\WBTM_Global_settings.php:17
filterwbtm_settings_sec_fieldsadmin\WBTM_Global_settings.php:18
filterwbtm_settings_sec_regadmin\WBTM_Global_settings.php:19
actionwbtm_wsa_form_bottom_wbtm_license_settingsadmin\WBTM_Global_settings.php:20
actionwbtm_basic_license_listadmin\WBTM_Global_settings.php:21
actionwp_insert_postadmin\WBTM_Hidden_Product.php:12
actionsave_postadmin\WBTM_Hidden_Product.php:13
actionparse_queryadmin\WBTM_Hidden_Product.php:14
actionwpadmin\WBTM_Hidden_Product.php:15
actionwp_headadmin\WBTM_Hidden_Product.php:17
actioninitadmin\WBTM_Hidden_Product.php:18
filterwpseo_exclude_from_sitemap_by_post_idsadmin\WBTM_Hidden_Product.php:19
actionwbtm_license_page_plugin_listadmin\WBTM_License.php:12
actionadmin_menuadmin\WBTM_Quick_Setup.php:12
actionadd_meta_boxesadmin\WBTM_Settings.php:12
actionsave_postadmin\WBTM_Settings.php:13
actionwbtm_settings_tabadmin\WBTM_Settings.php:14
actionadmin_menuadmin\WBTM_Status.php:13
actioninitadmin\WBTM_Taxonomy.php:12
actionadmin_menuadmin\WBTM_Welcome.php:11
filterquery_varsinc\class-functions.php:6
filterwoocommerce_account_menu_itemsinc\class-functions.php:21
filterthe_titleinc\class-functions.php:34
actionwoocommerce_account_bus-panel_endpointinc\class-functions.php:41
actioninitinc\WBTM_Dependencies.php:12
actionadmin_initinc\WBTM_Dependencies.php:13
actionwbtm_add_global_enqueueinc\WBTM_Dependencies.php:16
actionwbtm_add_admin_enqueueinc\WBTM_Dependencies.php:17
actionwbtm_add_frontend_enqueueinc\WBTM_Dependencies.php:18
filtersingle_templateinc\WBTM_Dependencies.php:19
filtertemplate_includeinc\WBTM_Dependencies.php:20
filterregister_post_type_argsinc\WBTM_Dependencies.php:21
actionwp_headinc\WBTM_Dependencies.php:23
filterrobots_txtinc\WBTM_Dependencies.php:24
actionwbtm_search_resultinc\WBTM_Layout.php:12
actioninitinc\WBTM_My_Account_Dashboard.php:16
filterquery_varsinc\WBTM_My_Account_Dashboard.php:17
filterwoocommerce_account_menu_itemsinc\WBTM_My_Account_Dashboard.php:18
actionwoocommerce_account_bus-booking-dashboard_endpointinc\WBTM_My_Account_Dashboard.php:19
filterthe_titleinc\WBTM_My_Account_Dashboard.php:20
actionwp_enqueue_scriptsinc\WBTM_My_Account_Dashboard.php:28
filterwoocommerce_add_cart_item_datainc\WBTM_Woocommerce.php:14
actionwoocommerce_before_calculate_totalsinc\WBTM_Woocommerce.php:15
filterwoocommerce_cart_item_thumbnailinc\WBTM_Woocommerce.php:16
filterwoocommerce_get_item_datainc\WBTM_Woocommerce.php:17
actionwoocommerce_after_checkout_validationinc\WBTM_Woocommerce.php:19
actionwoocommerce_checkout_create_order_line_iteminc\WBTM_Woocommerce.php:20
actionwoocommerce_store_api_checkout_order_processedinc\WBTM_Woocommerce.php:21
actionwoocommerce_checkout_order_processedinc\WBTM_Woocommerce.php:22
filterwoocommerce_thankyouinc\WBTM_Woocommerce.php:25
filterwoocommerce_order_status_changedinc\WBTM_Woocommerce.php:26
actionwoocommerce_before_calculate_totalsinc\WBTM_Woocommerce.php:27
filterwoocommerce_add_to_cart_redirectinc\WBTM_Woocommerce.php:29
actionwp_footerinc\WBTM_Woocommerce.php:30
actionwoocommerce_add_to_cartinc\WBTM_Woocommerce.php:31
filterwoocommerce_cart_item_permalinkinc\WBTM_Woocommerce.php:32
filterwoocommerce_cart_item_priceinc\WBTM_Woocommerce.php:33
filterwoocommerce_cart_item_subtotalinc\WBTM_Woocommerce.php:34
filterwc_add_to_cart_message_htmlinc\WBTM_Woocommerce.php:36
actionwbtm_hidden_tablemp_global\class\WBTM_Custom_Layout.php:12
actionwbtm_pagination_sectionmp_global\class\WBTM_Custom_Layout.php:13
actionadd_mp_hidden_tablemp_global\class\WBTM_Custom_Layout.php:331
actionadd_mp_pagination_sectionmp_global\class\WBTM_Custom_Layout.php:332
actionwbtm_add_custom_slidermp_global\class\WBTM_Custom_Slider.php:13
actionwbtm_add_custom_slider_onlymp_global\class\WBTM_Custom_Slider.php:14
actionwbtm_add_custom_slider_icon_indicatormp_global\class\WBTM_Custom_Slider.php:15
actionwbtm_load_date_picker_jsmp_global\class\WBTM_Global_Function.php:12
actionwp_headmp_global\class\WBTM_Global_Style.php:12
actionadmin_headmp_global\class\WBTM_Global_Style.php:13
actionwbtm_input_add_iconmp_global\class\WBTM_Select_Icon_image.php:13
actionwbtm_add_single_imagemp_global\class\WBTM_Select_Icon_image.php:14
actionwbtm_add_multi_imagemp_global\class\WBTM_Select_Icon_image.php:15
actionwbtm_add_icon_imagemp_global\class\WBTM_Select_Icon_image.php:16
actionadmin_footermp_global\class\WBTM_Select_Icon_image.php:38
actionadmin_footermp_global\class\WBTM_Select_Icon_image.php:170
actionadmin_enqueue_scriptsmp_global\WBTM_Global_File_Load.php:14
actiontransporter_panel_admin_enqueue_scriptsmp_global\WBTM_Global_File_Load.php:15
actionwp_enqueue_scriptsmp_global\WBTM_Global_File_Load.php:16
actionadmin_headmp_global\WBTM_Global_File_Load.php:17
actionwp_headmp_global\WBTM_Global_File_Load.php:18
filterplugin_action_linkswoocommerce-bus.php:37
filterplugin_row_metawoocommerce-bus.php:38
actionactivated_pluginwoocommerce-bus.php:41
actionadmin_initwoocommerce-bus.php:42
actionactivated_pluginwoocommerce-bus.php:45
actionadmin_initwoocommerce-bus.php:46
actionrest_api_initwoocommerce-bus.php:146
Maintenance & Trust

Bus Ticket Booking with Seat Reservation Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 9, 2026
PHP min version7.0
Downloads64K

Community Trust

Rating98/100
Number of ratings40
Active installs900
Alternatives

Bus Ticket Booking with Seat Reservation Alternatives

Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle)

Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle)

bus-booking-manager

A
99

The Multipurpose Ticket Booking Manager is a reliable plugin to book tickets for transportation, such as buses, trains, and ferries in one place.

80 1 CVE
Developer Profile

Bus Ticket Booking with Seat Reservation Developer Profile

magepeopleteam

10 plugins · 12K total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
97 days
View full developer profile
Detection Fingerprints

How We Detect Bus Ticket Booking with Seat Reservation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bus-ticket-booking-with-seat-reservation/mp_global/css/select2.min.css/wp-content/plugins/bus-ticket-booking-with-seat-reservation/mp_global/css/wbtm_custom_style.css/wp-content/plugins/bus-ticket-booking-with-seat-reservation/mp_global/css/wbtm_front_end.css/wp-content/plugins/bus-ticket-booking-with-seat-reservation/mp_global/js/select2.full.js/wp-content/plugins/bus-ticket-booking-with-seat-reservation/mp_global/js/wbtm_front_end.js/wp-content/plugins/bus-ticket-booking-with-seat-reservation/mp_global/js/wbtm_seat_layout.js/wp-content/plugins/bus-ticket-booking-with-seat-reservation/assets/css/bootstrap-datepicker.min.css/wp-content/plugins/bus-ticket-booking-with-seat-reservation/assets/js/bootstrap-datepicker.min.js+9 more
Script Paths
/wp-content/plugins/bus-ticket-booking-with-seat-reservation/mp_global/js/select2.full.js/wp-content/plugins/bus-ticket-booking-with-seat-reservation/mp_global/js/wbtm_front_end.js/wp-content/plugins/bus-ticket-booking-with-seat-reservation/mp_global/js/wbtm_seat_layout.js/wp-content/plugins/bus-ticket-booking-with-seat-reservation/assets/js/bootstrap-datepicker.min.js/wp-content/plugins/bus-ticket-booking-with-seat-reservation/assets/js/date_picker.js/wp-content/plugins/bus-ticket-booking-with-seat-reservation/assets/js/wbtm-bootstrap-datetimepicker.min.js+3 more
Version Parameters
/wp-content/plugins/bus-ticket-booking-with-seat-reservation/mp_global/css/select2.min.css?ver=/wp-content/plugins/bus-ticket-booking-with-seat-reservation/mp_global/css/wbtm_custom_style.css?ver=/wp-content/plugins/bus-ticket-booking-with-seat-reservation/mp_global/css/wbtm_front_end.css?ver=/wp-content/plugins/bus-ticket-booking-with-seat-reservation/mp_global/js/select2.full.js?ver=/wp-content/plugins/bus-ticket-booking-with-seat-reservation/mp_global/js/wbtm_front_end.js?ver=/wp-content/plugins/bus-ticket-booking-with-seat-reservation/mp_global/js/wbtm_seat_layout.js?ver=/wp-content/plugins/bus-ticket-booking-with-seat-reservation/assets/css/bootstrap-datepicker.min.css?ver=/wp-content/plugins/bus-ticket-booking-with-seat-reservation/assets/js/bootstrap-datepicker.min.js?ver=/wp-content/plugins/bus-ticket-booking-with-seat-reservation/assets/js/date_picker.js?ver=/wp-content/plugins/bus-ticket-booking-with-seat-reservation/assets/js/wbtm-bootstrap-datetimepicker.min.js?ver=/wp-content/plugins/bus-ticket-booking-with-seat-reservation/assets/css/wbtm-bootstrap-datetimepicker.min.css?ver=/wp-content/plugins/bus-ticket-booking-with-seat-reservation/assets/js/wbtm_admin_custom.js?ver=/wp-content/plugins/bus-ticket-booking-with-seat-reservation/assets/css/wbtm_admin_custom.css?ver=/wp-content/plugins/bus-ticket-booking-with-seat-reservation/assets/js/wbtm_booking.js?ver=/wp-content/plugins/bus-ticket-booking-with-seat-reservation/assets/css/wbtm_booking.css?ver=/wp-content/plugins/bus-ticket-booking-with-seat-reservation/assets/js/wbtm_seat_selection.js?ver=/wp-content/plugins/bus-ticket-booking-with-seat-reservation/assets/css/wbtm_seat_selection.css?ver=

HTML / DOM Fingerprints

CSS Classes
wbtm_seats_layoutwbtm_seat_map_wrapperwbtm_seat_boxwbtm_booking_seat_mapwbtm_seat_select_containerwbtm_seat_selection_gridwbtm_bus_search_formwbtm_booking_form
HTML Comments
<!-- WBTMBUSBOOKING --><!-- WBTMPROBOOKING --><!-- WBTMSUPPORT --><!-- WBTMDOCS -->
Data Attributes
data-seat-mapdata-post-id
JS Globals
wbtm_seat_layout_paramswbtm_booking_paramswbtm_seat_selection_params
REST Endpoints
/wp-json/wbtm/v1/bookings
Shortcode Output
[wbtm-bus-search-form][wbtm-bus-search-form style="flix"]
FAQ

Frequently Asked Questions about Bus Ticket Booking with Seat Reservation