WP-Safety

Domilocus Security & Risk Analysis

wordpress.org/plugins/domilocus

Complete booking and property management solution for vacation rentals, apartments, and accommodations with backend administration.

0 active installs v1.0.17 PHP 8.0+ WP 6.0+ Updated Mar 10, 2026
bookingcalendarproperty-managementreservationsvacation-rentals
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Domilocus Safe to Use in 2026?

Generally Safe

Score 100/100

Domilocus has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 24d ago
Risk Assessment

The 'domilocus' plugin v1.0.17 exhibits a generally good security posture, with a strong emphasis on secure coding practices. The plugin demonstrates a high percentage of properly escaped outputs and a significant portion of SQL queries utilizing prepared statements. The absence of known CVEs and a clean vulnerability history further contribute to this positive assessment. The static analysis also indicates robust use of nonce and capability checks for its entry points, which are all protected. However, a notable concern arises from the taint analysis, which identified 13 flows with unsanitized paths, including 7 of high severity. This suggests potential vulnerabilities where user-supplied data might be processed without adequate sanitization, leading to risks like path traversal or unintended file operations, despite the limited number of file operations and external HTTP requests. While the plugin avoids common pitfalls like raw SQL or unescaped output, the unsanitized path flows are a significant weakness that requires immediate attention. Overall, the plugin has strong foundations but has a critical area for improvement in data sanitization, which balances its strengths with potential exploitable weaknesses.

Key Concerns

  • High severity unsanitized path flows
  • Unsanitized path flows identified
  • Some SQL queries not using prepared statements
Vulnerabilities
None known

Domilocus Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Domilocus Code Analysis

Dangerous Functions
0
Raw SQL Queries
41
77 prepared
Unescaped Output
30
872 escaped
Nonce Checks
25
Capability Checks
18
File Operations
1
External Requests
2
Bundled Libraries
0

SQL Query Safety

65% prepared118 total queries

Output Escaping

97% escaped902 total outputs
Data Flows
13 unsanitized

Data Flow Analysis

24 flows13 with unsanitized paths
booking_confirmation_shortcode (includes\frontend\class-domilocus-shortcodes.php:311)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Domilocus Attack Surface

Entry Points28
Unprotected0

AJAX Handlers 22

authwp_ajax_domilocus_generate_access_codeincludes\admin\booking-form.php:816
authwp_ajax_domilocus_send_access_codeincludes\admin\booking-form.php:817
authwp_ajax_domilocus_load_admin_calendarincludes\admin\class-domilocus-admin.php:40
authwp_ajax_domilocus_save_day_detailsincludes\admin\class-domilocus-admin.php:41
authwp_ajax_domilocus_bulk_calendar_actionincludes\admin\class-domilocus-admin.php:42
authwp_ajax_domilocus_create_bookingincludes\class-domilocus-booking.php:17
noprivwp_ajax_domilocus_create_bookingincludes\class-domilocus-booking.php:18
authwp_ajax_domilocus_check_availabilityincludes\class-domilocus-booking.php:19
noprivwp_ajax_domilocus_check_availabilityincludes\class-domilocus-booking.php:20
authwp_ajax_domilocus_calculate_priceincludes\class-domilocus-booking.php:21
noprivwp_ajax_domilocus_calculate_priceincludes\class-domilocus-booking.php:22
authwp_ajax_domilocus_update_booking_datesincludes\class-domilocus-booking.php:23
noprivwp_ajax_domilocus_update_booking_datesincludes\class-domilocus-booking.php:24
authwp_ajax_domilocus_cancel_bookingincludes\class-domilocus-booking.php:25
noprivwp_ajax_domilocus_cancel_bookingincludes\class-domilocus-booking.php:26
authwp_ajax_domilocus_release_pending_bookingincludes\class-domilocus-booking.php:27
noprivwp_ajax_domilocus_release_pending_bookingincludes\class-domilocus-booking.php:28
authwp_ajax_domilocus_get_calendarincludes\class-domilocus-calendar.php:17
noprivwp_ajax_domilocus_get_calendarincludes\class-domilocus-calendar.php:18
authwp_ajax_domilocus_get_calendar_dataincludes\class-domilocus-calendar.php:19
noprivwp_ajax_domilocus_get_calendar_dataincludes\class-domilocus-calendar.php:20
authwp_ajax_domilocus_update_availabilityincludes\class-domilocus-calendar.php:21

Shortcodes 6

[domilocus_apartment] includes\frontend\class-domilocus-shortcodes.php:24
[domilocus_apartments] includes\frontend\class-domilocus-shortcodes.php:25
[domilocus_booking_form] includes\frontend\class-domilocus-shortcodes.php:26
[domilocus_calendar] includes\frontend\class-domilocus-shortcodes.php:27
[domilocus_booking_confirmation] includes\frontend\class-domilocus-shortcodes.php:28
[domilocus_search] includes\frontend\class-domilocus-shortcodes.php:29
WordPress Hooks 56
actionplugins_loadeddomilocus.php:73
actioninitdomilocus.php:74
actionadmin_post_domilocus_save_bookingincludes\admin\booking-form.php:18
actionadmin_menuincludes\admin\class-domilocus-admin-menus.php:17
actionadmin_initincludes\admin\class-domilocus-admin-menus.php:18
actionadmin_initincludes\admin\class-domilocus-admin-settings.php:21
actionadmin_post_domilocus_save_settingsincludes\admin\class-domilocus-admin-settings.php:22
actionadmin_post_domilocus_send_test_emailincludes\admin\class-domilocus-admin-settings.php:23
actionadmin_enqueue_scriptsincludes\admin\class-domilocus-admin-settings.php:24
actionadmin_enqueue_scriptsincludes\admin\class-domilocus-admin.php:17
actionadmin_noticesincludes\admin\class-domilocus-admin.php:18
filteradmin_footer_textincludes\admin\class-domilocus-admin.php:19
actionadmin_initincludes\admin\class-domilocus-admin.php:20
actionadmin_post_domilocus_resend_booking_confirmationincludes\admin\class-domilocus-admin.php:21
filtergettext_domilocusincludes\admin\class-domilocus-admin.php:22
filtermanage_domilocus_apartment_posts_columnsincludes\admin\class-domilocus-admin.php:29
actionmanage_domilocus_apartment_posts_custom_columnincludes\admin\class-domilocus-admin.php:30
filtermanage_edit-domilocus_apartment_sortable_columnsincludes\admin\class-domilocus-admin.php:33
actionrestrict_manage_postsincludes\admin\class-domilocus-admin.php:36
filterparse_queryincludes\admin\class-domilocus-admin.php:37
actionwp_dashboard_setupincludes\admin\class-domilocus-dashboard-widget.php:20
actionadmin_post_domilocus_clear_news_cacheincludes\admin\class-domilocus-dashboard-widget.php:21
actionadmin_enqueue_scriptsincludes\admin\class-domilocus-dashboard-widget.php:22
actiondomilocus_settings_pageincludes\admin\license-settings.php:14
actionadmin_initincludes\admin\license-settings.php:59
filterdomilocus_show_premium_menuincludes\admin\license-settings.php:69
actiondomilocus_booking_status_changedincludes\class-domilocus-booking.php:29
actiondomilocus_bank_transfer_auto_cancelincludes\class-domilocus-booking.php:30
actiondomilocus_booking_createdincludes\class-domilocus-emails.php:17
actiondomilocus_booking_status_changedincludes\class-domilocus-emails.php:18
actiondomilocus_payment_status_changedincludes\class-domilocus-emails.php:19
actiondomilocus_send_status_change_emailincludes\class-domilocus-emails.php:20
actionphpmailer_initincludes\class-domilocus-emails.php:21
filterwp_mail_fromincludes\class-domilocus-emails.php:22
filterwp_mail_from_nameincludes\class-domilocus-emails.php:23
actioninitincludes\class-domilocus-license.php:19
actionadmin_initincludes\class-domilocus-license.php:23
actionadmin_post_domilocus_activate_licenseincludes\class-domilocus-license.php:24
actionadmin_post_domilocus_deactivate_licenseincludes\class-domilocus-license.php:25
actionadd_meta_boxesincludes\class-domilocus-metaboxes.php:17
actionsave_postincludes\class-domilocus-metaboxes.php:18
actionsave_postincludes\class-domilocus-metaboxes.php:19
actionadmin_enqueue_scriptsincludes\class-domilocus-metaboxes.php:20
actioninitincludes\class-domilocus-post-types.php:17
actioninitincludes\class-domilocus-post-types.php:18
filterpost_updated_messagesincludes\class-domilocus-post-types.php:19
filterbulk_post_updated_messagesincludes\class-domilocus-post-types.php:20
actioninitincludes\class-domilocus-translation-helper.php:257
actioninitincludes\class-domilocus-translation-helper.php:260
filterdomilocus_get_amenity_nameincludes\class-domilocus-translation-helper.php:263
filterdomilocus_get_room_type_nameincludes\class-domilocus-translation-helper.php:264
filterdomilocus_get_payment_method_nameincludes\class-domilocus-translation-helper.php:265
filterdomilocus_get_booking_status_nameincludes\class-domilocus-translation-helper.php:266
actionwp_enqueue_scriptsincludes\frontend\class-domilocus-frontend.php:115
filterthe_contentincludes\frontend\class-domilocus-frontend.php:116
actionwp_footerincludes\frontend\class-domilocus-frontend.php:117

Scheduled Events 1

domilocus_bank_transfer_auto_cancel
Maintenance & Trust

Domilocus Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version8.0
Downloads639

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Domilocus Alternatives

SimplyBook.me – Booking and reservations calendar

SimplyBook.me – Booking and reservations calendar

simplybook

A
100

Simply add a booking calendar to your site to schedule bookings, reservations, appointments and to collect payments.

20K No CVEs
FareHarbor for WordPress

FareHarbor for WordPress

fareharbor

A
99

Easily add FareHarbor reservation calendars, booking embeds, and buttons to your site.

9K 2 CVEs
Pinpoint Booking System – Version 2

Pinpoint Booking System – Version 2

booking-system

A
93

Book anything, anytime, anywhere.

3K 13 CVEs
Salon Booking System – Free Version

Salon Booking System – Free Version

salon-booking-system

D
39

Appointment scheduling plugin for salons, spas, and wellness centers to streamline bookings and improve customer satisfaction.

3K 1 unpatched
SuperSaaS – online appointment scheduling

SuperSaaS – online appointment scheduling

supersaas-appointment-scheduling

A
99

SuperSaaS is a flexible appointment scheduling system that works with many different businesses. The basic version is free.

1K 2 CVEs
Developer Profile

Domilocus Developer Profile

consulinfolm

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Domilocus

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/domilocus/assets/css/styles.css/wp-content/plugins/domilocus/assets/js/domilocus-script.js/wp-content/plugins/domilocus/assets/css/customizer.css/wp-content/plugins/domilocus/assets/js/customizer.js/wp-content/plugins/domilocus/assets/js/domilocus-frontend.js
Script Paths
/wp-content/plugins/domilocus/assets/js/domilocus-script.js/wp-content/plugins/domilocus/assets/js/customizer.js/wp-content/plugins/domilocus/assets/js/domilocus-frontend.js
Version Parameters
domilocus/assets/css/styles.css?ver=domilocus/assets/js/domilocus-script.js?ver=domilocus/assets/css/customizer.css?ver=domilocus/assets/js/customizer.js?ver=domilocus/assets/js/domilocus-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
domilocus-booking-formdomilocus-calendar-wrapperdomilocus-property-details
HTML Comments
<!-- Domilocus Booking Form Start --><!-- Domilocus Calendar Start -->
Data Attributes
data-domilocus-property-iddata-domilocus-booking-id
JS Globals
window.domilocusConfigvar domilocus_params
REST Endpoints
/wp-json/domilocus/v1/bookings/wp-json/domilocus/v1/properties
Shortcode Output
[domilocus_booking_form][domilocus_calendar][domilocus_property_details]
FAQ

Frequently Asked Questions about Domilocus