Does Checkfront Online Booking System have any unpatched vulnerabilities?

No. All known vulnerabilities in Checkfront Online Booking System have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Checkfront Online Booking System compatible with WordPress 6.4.8?

According to WordPress.org data, Checkfront Online Booking System 3.7 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

How often is Checkfront Online Booking System updated?

Checkfront Online Booking System was last updated on Nov 9, 2023. Frequent updates are generally a positive security signal.

What is Checkfront Online Booking System's security score?

Checkfront Online Booking System has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Checkfront Online Booking System Security & Risk Analysis

wordpress.org/plugins/checkfront-wp-booking

The Premier Wordpress Plugin for Easy Online Booking of Tours, Activities, Rentals & Accommodations.

2K active installs v3.7 PHP + WP 2.0+ Updated Nov 9, 2023

bookingbooking-systemonline-bookingreservationreservation-system

A · Safe

CVEs total1

Unpatched0

Last CVESep 21, 2023

Plugin page Download

Safety Verdict

Is Checkfront Online Booking System Safe to Use in 2026?

Generally Safe

Score 85/100

Checkfront Online Booking System has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 21, 2023Updated 2yr ago

Risk Assessment

The checkfront-wp-booking plugin v3.7 exhibits a generally positive security posture with several good practices in place, such as the absence of dangerous functions, file operations, and external HTTP requests. The use of prepared statements for all SQL queries is a significant strength. However, there are areas for improvement. The static analysis revealed a lack of capability checks on entry points, which could be a concern if any of the identified entry points were to handle sensitive data or actions without proper authorization.

The vulnerability history shows one medium-severity Cross-Site Request Forgery (CSRF) vulnerability in the past, which was patched. While the current version has no known unpatched vulnerabilities, the past occurrence of CSRF suggests a potential area of weakness that requires ongoing vigilance. The plugin's attack surface is currently small and appears to have no unprotected entry points, which is a positive sign. Overall, the plugin is reasonably secure but could benefit from implementing capability checks on its shortcode to further harden its security.

Key Concerns

No capability checks on entry points
Output escaping is not fully robust (57% proper)
Past medium CSRF vulnerability

Vulnerabilities

Checkfront Online Booking System Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-44146medium · 4.3Cross-Site Request Forgery (CSRF)

Checkfront Online Booking System <= 3.6 - Cross-Site Request Forgery

Sep 21, 2023 Patched in 3.7 (124d)

Code Analysis

Analyzed Mar 16, 2026

Checkfront Online Booking System Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

57% escaped7 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<setup> (setup.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Checkfront Online Booking System Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[checkfront] checkfront.php:146

WordPress Hooks 7

filterplugin_row_metacheckfront.php:60

filtercomments_opencheckfront.php:85

filtercomments_templatecheckfront.php:86

actionwp_enqueue_scriptscheckfront.php:111

actionadmin_menucheckfront.php:147

actioninitcheckfront.php:148

actionwp_enqueue_scriptsexamples\booking-template.php:45

Maintenance & Trust

Checkfront Online Booking System Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedNov 9, 2023

PHP min version

Downloads99K

Community Trust

Rating82/100

Number of ratings12

Active installs2K

Alternatives

Checkfront Online Booking System Alternatives

IdoBooking

booking-calendar-with-availability-management

Add a calendar to a reservation of: a room, suite, night or an attraction. The system sends emails, calculates payments and updates availability.

100 No CVEs

MyBooking Reservation Engine

mybooking-reservation-engine

100

Mybooking Reservation Engine WordPress plugin.

100 No CVEs

ClockPms

clocksky

Use ClockPms plugin to embed our Web Reservation System in to your wordpress site.

10 No CVEs

Experitus Booking Form

experitus-form

The WordPress Plugin For Embedding Experitus Booking Forms On Your Website.

10 No CVEs

TourSys Connect

toursys-connect

100

Allows visitors to your website to make tour and transfer bookings directly into

0 No CVEs

Developer Profile

Checkfront Online Booking System Developer Profile

checkfront

1 plugin · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

124 days

View full developer profile

Detection Fingerprints

How We Detect Checkfront Online Booking System

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/checkfront-wp-booking/pipe.html

Script Paths

//{$Checkfront->host}/lib/interface--{$Checkfront->interface_version}.js

Version Parameters

checkfront-wp-booking/style.css?ver=checkfront-wp-booking/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

checkfront-booking-widgetcf-booking-widget

HTML Comments

Shortcode [checkfront parameter="value"]

Data Attributes

data-checkfront-hostdata-checkfront-widget-id

JS Globals

CheckfrontWidget

Shortcode Output

[checkfrontcheckfront_func

FAQ