WP-Safety

Court Reservation – Manage Your Court Bookings Online Security & Risk Analysis

wordpress.org/plugins/court-reservation

With this plugin, integrating a reservation system for tennis, padel, and other sports is easy and quick.

100 active installs v1.10.12 PHP 5.2.4+ WP 3.0.1+ Updated Apr 15, 2026
court-reservationpadelpickleballtennis
49
D · High Risk
CVEs total4
Unpatched2
Last CVEMay 12, 2026
Plugin page Download
Safety Verdict

Is Court Reservation – Manage Your Court Bookings Online Safe to Use in 2026?

High Risk

Score 49/100

Court Reservation – Manage Your Court Bookings Online carries significant security risk with 4 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

4 known CVEs 2 unpatched Last CVE: May 12, 2026Updated 1mo ago
Risk Assessment

The "court-reservation" plugin v1.10.12 exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query sanitization and output escaping, significant concerns arise from its extensive unprotected attack surface. The static analysis reveals 25 AJAX handlers without authentication checks, posing a substantial risk. Furthermore, the presence of 7 high-severity taint flows, though not categorized as critical, indicates potential for malicious data manipulation. The vulnerability history, with 2 currently unpatched medium-severity CVEs, coupled with past issues including missing authorization and CSRF, suggests recurring security weaknesses. The plugin's reliance on an outdated bundled library (Freemius v1.0) is also a point of concern. In conclusion, despite some robust security implementations, the lack of authorization on numerous entry points and the unresolved vulnerabilities create a notable risk profile that requires immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Unpatched CVEs
  • Bundled outdated library
  • Use of unserialize function
Vulnerabilities
4 published

Court Reservation – Manage Your Court Bookings Online Security Vulnerabilities

CVEs by Year

4 CVEs in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
3

4 total CVEs

CVE-2026-1250high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Court Reservation – Manage Your Court Bookings Online <= 1.10.11 - Unauthenticated SQL Injection

May 12, 2026 Patched in 1.10.12 (1d)
CVE-2026-39675medium · 5.3Missing Authorization

Court Reservation <= 1.10.11 - Missing Authorization

Feb 19, 2026Unpatched
CVE-2026-1508medium · 4.3Cross-Site Request Forgery (CSRF)

Court Reservation – Manage Your Court Bookings Online < 1.10.9 - Cross-Site Request Forgery

Feb 17, 2026 Patched in 1.10.9 (31d)
CVE-2025-68852medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Court Reservation <= 1.10.8 - Reflected Cross-Site Scripting

Feb 5, 2026Unpatched
Version History

Court Reservation – Manage Your Court Bookings Online Release Timeline

v1.10.12Current2 CVEs
CVE-2026-39675 CVE-2025-68852
v1.10.113 CVEs
CVE-2026-39675 CVE-2025-68852 CVE-2026-1250
v1.10.103 CVEs
CVE-2026-39675 CVE-2025-68852 CVE-2026-1250
v1.10.93 CVEs
CVE-2026-39675 CVE-2025-68852 CVE-2026-1250
v1.10.84 CVEs
CVE-2026-39675 CVE-2025-68852 CVE-2026-1508 +1 more
v1.10.74 CVEs
CVE-2026-39675 CVE-2025-68852 CVE-2026-1508 +1 more
v1.10.64 CVEs
CVE-2026-39675 CVE-2025-68852 CVE-2026-1508 +1 more
v1.10.54 CVEs
CVE-2026-39675 CVE-2025-68852 CVE-2026-1508 +1 more
v1.10.44 CVEs
CVE-2026-39675 CVE-2025-68852 CVE-2026-1508 +1 more
v1.10.34 CVEs
CVE-2026-39675 CVE-2025-68852 CVE-2026-1508 +1 more
v1.10.24 CVEs
CVE-2026-39675 CVE-2025-68852 CVE-2026-1508 +1 more
v1.10.14 CVEs
CVE-2026-39675 CVE-2025-68852 CVE-2026-1508 +1 more
v1.10.04 CVEs
CVE-2026-39675 CVE-2025-68852 CVE-2026-1508 +1 more
v1.9.24 CVEs
CVE-2026-39675 CVE-2025-68852 CVE-2026-1508 +1 more
v1.9.14 CVEs
CVE-2026-39675 CVE-2025-68852 CVE-2026-1508 +1 more
v1.9.04 CVEs
CVE-2026-39675 CVE-2025-68852 CVE-2026-1508 +1 more
v1.8.94 CVEs
CVE-2026-39675 CVE-2025-68852 CVE-2026-1508 +1 more
v1.8.84 CVEs
CVE-2026-39675 CVE-2025-68852 CVE-2026-1508 +1 more
v1.8.74 CVEs
CVE-2026-39675 CVE-2025-68852 CVE-2026-1508 +1 more
v1.8.64 CVEs
CVE-2026-39675 CVE-2025-68852 CVE-2026-1508 +1 more
Code Analysis
Analyzed Apr 16, 2026

Court Reservation – Manage Your Court Bookings Online Code Analysis

Dangerous Functions
6
Raw SQL Queries
3
299 prepared
Unescaped Output
64
2205 escaped
Nonce Checks
26
Capability Checks
63
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$reservation_types = $option_reservation_types->option_value ? unserialize( $option_reservation_typeadmin/class-courtres-admin.php:1176
unserialize$reservationTypes = unserialize( $option_reservation_types->option_value );admin/partials/__courtres-settings.php:442
unserialize$piramid['design'] = unserialize( $piramid['design'] );admin/partials/courtres-piramid.php:146
unserialize$reservationTypes = unserialize( $option_reservation_types->option_value );admin/partials/courtres-settings.php:536
unserialize$results = unserialize( $challenge['results'] );public/partials/courtres-public-challenges.php:111
unserialize$design = isset( $atts['piramid']['design'] ) && $atts['piramid']['design'] ? unserialize( $attpublic/partials/courtres-public-piramid.php:29

Bundled Libraries

Freemius1.0

SQL Query Safety

99% prepared302 total queries

Output Escaping

97% escaped2269 total outputs
Data Flows · Security
14 unsanitized

Data Flow Analysis

25 flows14 with unsanitized paths
get_court_calendar (functions.php:195)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
25 unprotected

Court Reservation – Manage Your Court Bookings Online Attack Surface

Entry Points29
Unprotected25

AJAX Handlers 25

noprivwp_ajax_ajax_loginincludes/class-courtres.php:222
authwp_ajax_edit_reservation_typeincludes/class-courtres.php:228
noprivwp_ajax_edit_reservation_typeincludes/class-courtres.php:229
authwp_ajax_download_csvincludes/class-courtres.php:235
authwp_ajax_ajax_cr_navigatorincludes/class-courtres.php:256
noprivwp_ajax_ajax_cr_navigatorincludes/class-courtres.php:257
authwp_ajax_ajax_cr_navigator2includes/class-courtres.php:258
authwp_ajax_ajax_cr_navigator_full_viewincludes/class-courtres.php:259
noprivwp_ajax_ajax_cr_navigator_full_viewincludes/class-courtres.php:260
authwp_ajax_ajax_cr_navigator_calendarincludes/class-courtres.php:261
noprivwp_ajax_ajax_cr_navigator_calendarincludes/class-courtres.php:262
authwp_ajax_get_more_rows_htmlincludes/class-courtres.php:266
noprivwp_ajax_get_more_rows_htmlincludes/class-courtres.php:267
authwp_ajax_create_challengeincludes/class-courtres.php:274
noprivwp_ajax_create_challengeincludes/class-courtres.php:275
authwp_ajax_accept_challengeincludes/class-courtres.php:277
noprivwp_ajax_accept_challengeincludes/class-courtres.php:278
authwp_ajax_get_courtincludes/class-courtres.php:280
noprivwp_ajax_get_courtincludes/class-courtres.php:281
authwp_ajax_schedule_challengeincludes/class-courtres.php:283
noprivwp_ajax_schedule_challengeincludes/class-courtres.php:284
authwp_ajax_delete_challengeincludes/class-courtres.php:286
noprivwp_ajax_delete_challengeincludes/class-courtres.php:287
authwp_ajax_enter_challenge_resultincludes/class-courtres.php:289
noprivwp_ajax_enter_challenge_resultincludes/class-courtres.php:290

Shortcodes 4

[courtreservation] includes/class-courtres.php:253
[courtreservation-full-view] includes/class-courtres.php:254
[courtpyramid] includes/class-courtres.php:271
[courtchallenges] includes/class-courtres.php:272
WordPress Hooks 22
filterwpmu_signup_user_notification_emailadmin/partials/courtres-user.php:36
filterwpmu_signup_user_notificationadmin/partials/courtres-user.php:192
filterwpmu_welcome_user_notificationadmin/partials/courtres-user.php:193
actionadmin_headadmin/partials/courtres-users.php:279
actionwoocommerce_checkout_create_order_line_itemfunctions.php:8
actionadmin_noticesincludes/class-courtres-activator.php:493
actionplugins_loadedincludes/class-courtres.php:189
actionadmin_post_add_courtincludes/class-courtres.php:214
actionadmin_post_add_piramidincludes/class-courtres.php:215
actionadmin_enqueue_scriptsincludes/class-courtres.php:217
actionadmin_enqueue_scriptsincludes/class-courtres.php:218
actionadmin_post_add_reservationincludes/class-courtres.php:220
actionadmin_menuincludes/class-courtres.php:225
actionadmin_post_get_players_select_optionsincludes/class-courtres.php:231
actionadmin_post_nopriv_get_players_select_optionsincludes/class-courtres.php:232
actionwp_enqueue_scriptsincludes/class-courtres.php:250
actionwp_enqueue_scriptsincludes/class-courtres.php:251
actiontemplate_redirectincludes/class-courtres.php:292
actionafter_challenge_createdincludes/class-courtres.php:296
actionplugins_loadedincludes/class-courtres.php:309
filterquery_varsincludes/class-courtres.php:370
actionwp_footerpublic/class-piramids-public.php:397
Maintenance & Trust

Court Reservation – Manage Your Court Bookings Online Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version5.2.4
Downloads16K

Community Trust

Rating100/100
Number of ratings10
Active installs100
Alternatives

Court Reservation – Manage Your Court Bookings Online Alternatives

Court Booking System

Court Booking System

court-booking-system

A
100

Complete booking system for tennis and padel courts with flexible time slots, instructor management, and revenue tracking.

0 No CVEs
Hold My Court

Hold My Court

hold-my-court

A
100

Lightweight court reservation plugin for clubs and HOAs. Manage tennis, pickleball, bocce, horseshoes, and more.

0 No CVEs
Sports Court Designer

Sports Court Designer

sports-court-designer

A
100

Interactive sports court designer for tennis, basketball, pickleball, and combo courts with customizable colors for construction companies.

0 No CVEs
Player Leaderboard

Player Leaderboard

player-leaderboard

A
97

With this plugin it is possible to record game results and generate tables and rankings.

30 1 CVE
Tennis booking system, Sport tournament management – TennisThor

Tennis booking system, Sport tournament management – TennisThor

tennisthor

A
85

Tennis court bookings for tennis courts & other sports such as table tennis, football etc. Facility booking system. Sport tournament management so &hellip;

20 No CVEs
Developer Profile

Court Reservation – Manage Your Court Bookings Online Developer Profile

webmuehle

1 plugin · 100 total installs

58
trust score
Avg Security Score
49/100
Avg Patch Time
16 days
View full developer profile
Detection Fingerprints

How We Detect Court Reservation – Manage Your Court Bookings Online

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/court-reservation/admin/css/courtres-admin.css/wp-content/plugins/court-reservation/admin/css/courtres-pricing.css/wp-content/plugins/court-reservation/admin/css/huebee.css/wp-content/plugins/court-reservation/admin/vendor/jquery-ui/jquery-ui.css/wp-content/plugins/court-reservation/admin/js/checkout.min.js/wp-content/plugins/court-reservation/admin/js/huebee.pkgd.min.js/wp-content/plugins/court-reservation/admin/js/courtres-admin.js
Script Paths
/wp-content/plugins/court-reservation/admin/js/courtres-admin.js
Version Parameters
courtres-admin.css?ver=courtres-pricing.css?ver=huebee.css?ver=huebee.pkgd.min.jscourtres-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
courtres-admin-wrap
HTML Comments
<!-- Frontend assets --><!-- Admin assets --><!-- Init color picker --><!-- +RA 2020-05-09 -->+4 more
Data Attributes
data-courtres-selector
JS Globals
js_data
FAQ

Frequently Asked Questions about Court Reservation – Manage Your Court Bookings Online