WP-Safety

Ultimate Booking Manager Security & Risk Analysis

wordpress.org/plugins/dt-booking-manager

Ultimate Booking Manager is built to be used for booking or reservation functionality. It can be used for any business or niche websites.

10 active installs v1.6 PHP 7.1+ WP 5.5.3+ Updated Sep 17, 2021
appointmentsavailablity-calendarbookingbooking-serviceselementor
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Ultimate Booking Manager Safe to Use in 2026?

Generally Safe

Score 85/100

Ultimate Booking Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "dt-booking-manager" plugin version 1.6 presents a mixed security posture. While it has a clean vulnerability history with no recorded CVEs, indicating a potentially stable codebase, the static analysis reveals significant areas of concern. A large portion of the plugin's attack surface, specifically all 21 AJAX handlers, lacks authentication checks. This is a critical vulnerability, as any unauthenticated user could potentially trigger these handlers, leading to unexpected behavior or data manipulation. The presence of the `unserialize` function, even though not flagged as a direct critical taint flow in this analysis, is a known risk for deserialization vulnerabilities if user-supplied data is involved in constructing serialized strings. Furthermore, a substantial percentage of output is not properly escaped, increasing the risk of cross-site scripting (XSS) vulnerabilities. The plugin's reliance on prepared statements for SQL queries is a positive practice, but the high number of unprotected entry points and the unescaped output are major security weaknesses that require immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • Unescaped output
  • Dangerous function: unserialize
  • Limited capability checks
Vulnerabilities
None known

Ultimate Booking Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Ultimate Booking Manager Code Analysis

Dangerous Functions
3
Raw SQL Queries
5
10 prepared
Unescaped Output
324
145 escaped
Nonce Checks
3
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserializereturn unserialize( $string );cs-framework\functions\helpers.php:85
unserialize$data = unserialize($row->option_value);functions\reservation-functions.php:128
unserialize$data = unserialize($row->option_value);functions\reservation-functions.php:266

SQL Query Safety

67% prepared15 total queries

Output Escaping

31% escaped469 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

8 flows8 with unsanitized paths
dt_set_customer (reservation\dt-calender-menu.php:294)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
21 unprotected

Ultimate Booking Manager Attack Surface

Entry Points27
Unprotected21

AJAX Handlers 21

authwp_ajax_cs-get-iconscs-framework\functions\actions.php:44
authwp_ajax_cs-export-optionscs-framework\functions\actions.php:68
authwp_ajax_dt_booking_fill_staffsfunctions\reservation-functions.php:2
noprivwp_ajax_dt_booking_fill_staffsfunctions\reservation-functions.php:3
authwp_ajax_dt_booking_generate_schedulefunctions\reservation-functions.php:55
noprivwp_ajax_dt_booking_generate_schedulefunctions\reservation-functions.php:56
authwp_ajax_dt_booking_available_timesfunctions\reservation-functions.php:201
noprivwp_ajax_dt_booking_available_timesfunctions\reservation-functions.php:202
authwp_ajax_dt_booking_new_reservationfunctions\reservation-functions.php:566
noprivwp_ajax_dt_booking_new_reservationfunctions\reservation-functions.php:567
authwp_ajax_dt_booking_paypal_requestfunctions\reservation-functions.php:714
noprivwp_ajax_dt_booking_paypal_requestfunctions\reservation-functions.php:715
authwp_ajax_dt_booking_new_reservation2functions\reservation-functions.php:908
noprivwp_ajax_dt_booking_new_reservation2functions\reservation-functions.php:909
authwp_ajax_dt_list_member_reservationsreservation\dt-calender-menu.php:12
authwp_ajax_dt_new_reservation_idreservation\dt-calender-menu.php:18
authwp_ajax_dt_load_servicesreservation\dt-calender-menu.php:24
authwp_ajax_dt_set_customerreservation\dt-calender-menu.php:30
authwp_ajax_dt_add_new_reservationreservation\dt-calender-menu.php:36
authwp_ajax_dt_update_reservationreservation\dt-calender-menu.php:42
authwp_ajax_dt_delete_reservationreservation\dt-calender-menu.php:48

Shortcodes 6

[dt_sc_social] vc\shortcodes\base.php:7
[dt_sc_person_item] vc\shortcodes\person_item.php:8
[dt_sc_reservation_form] vc\shortcodes\reservation_form.php:8
[dt_sc_reserve_appointment] vc\shortcodes\reserve_appointment.php:8
[dt_sc_service_item] vc\shortcodes\service_item.php:8
[dt_sc_service_list] vc\shortcodes\service_list.php:8
WordPress Hooks 84
actioninitcs-framework\cs-framework.php:72
actionadmin_footercs-framework\functions\actions.php:88
actioncustomize_controls_print_footer_scriptscs-framework\functions\actions.php:89
actionadmin_enqueue_scriptscs-framework\functions\enqueue.php:43
filtercs_sanitize_textcs-framework\functions\sanitize.php:14
filtercs_sanitize_textareacs-framework\functions\sanitize.php:32
filtercs_sanitize_checkboxcs-framework\functions\sanitize.php:58
filtercs_sanitize_switchercs-framework\functions\sanitize.php:59
filtercs_sanitize_image_selectcs-framework\functions\sanitize.php:88
filtercs_sanitize_groupcs-framework\functions\sanitize.php:104
filtercs_sanitize_titlecs-framework\functions\sanitize.php:119
filtercs_sanitize_cleancs-framework\functions\sanitize.php:134
filtercs_validate_emailcs-framework\functions\validate.php:18
filtercs_validate_numericcs-framework\functions\validate.php:37
filtercs_validate_requiredcs-framework\functions\validate.php:54
actioninitdt-booking-manager.php:54
actionplugins_loadeddt-booking-manager.php:55
actionadmin_noticesdt-booking-manager.php:142
actionelementor/elements/categories_registereddt-booking-manager.php:147
actionwp_loadedfunctions\reservation-functions.php:779
actioninitpost-types\dt-person-post-type.php:7
actionadmin_initpost-types\dt-person-post-type.php:13
actionadmin_enqueue_scriptspost-types\dt-person-post-type.php:19
filtercs_framework_optionspost-types\dt-person-post-type.php:25
filtercs_metabox_optionspost-types\dt-person-post-type.php:31
actionsave_postpost-types\dt-person-post-type.php:43
filtermanage_edit-dt_person_columnspost-types\dt-person-post-type.php:53
actionmanage_posts_custom_columnpost-types\dt-person-post-type.php:58
actioninitpost-types\dt-service-post-type.php:7
actionadmin_initpost-types\dt-service-post-type.php:13
actionadmin_enqueue_scriptspost-types\dt-service-post-type.php:19
filtercs_framework_optionspost-types\dt-service-post-type.php:25
filtercs_metabox_optionspost-types\dt-service-post-type.php:31
filtermanage_edit-dt_service_columnspost-types\dt-service-post-type.php:48
actionmanage_posts_custom_columnpost-types\dt-service-post-type.php:53
filtercs_shortcode_optionspost-types\register-post-types.php:18
filtercs_framework_optionspost-types\register-post-types.php:23
filtercs_framework_settingspost-types\register-post-types.php:28
actionadmin_menureservation\dt-calender-menu.php:6
actioninitreservation\dt-customer-post-type.php:7
filtercs_metabox_optionsreservation\dt-customer-post-type.php:12
actionadmin_menureservation\dt-payments-menu.php:7
actionplugins_loadedreservation\dt-payments-menu.php:12
filterset-screen-optionreservation\dt-payments-menu.php:24
actioninittemplates\register-templates.php:8
filtertemplate_includetemplates\register-templates.php:13
filterbody_classtheme-support\class-default.php:12
filterdt_booking_template_metabox_optionstheme-support\class-default.php:14
actionwp_enqueue_scriptstheme-support\class-default.php:16
actiondt_booking_before_main_contenttheme-support\class-default.php:18
actiondt_booking_after_main_contenttheme-support\class-default.php:19
actiondt_booking_before_contenttheme-support\class-default.php:21
actiondt_booking_after_contenttheme-support\class-default.php:22
filterbody_classtheme-support\class-designthemes.php:12
filterdt_booking_template_metabox_optionstheme-support\class-designthemes.php:14
filterdt_booking_template_framework_optionstheme-support\class-designthemes.php:15
actionwp_enqueue_scriptstheme-support\class-designthemes.php:17
actiondt_booking_before_main_contenttheme-support\class-designthemes.php:19
actiondt_booking_after_main_contenttheme-support\class-designthemes.php:20
actiondt_booking_before_contenttheme-support\class-designthemes.php:22
actiondt_booking_after_contenttheme-support\class-designthemes.php:23
filterbody_classtheme-support\class-twenty-seventeen.php:12
filterdt_booking_template_metabox_optionstheme-support\class-twenty-seventeen.php:14
actionwp_enqueue_scriptstheme-support\class-twenty-seventeen.php:16
actiondt_booking_before_main_contenttheme-support\class-twenty-seventeen.php:18
actiondt_booking_after_main_contenttheme-support\class-twenty-seventeen.php:19
actiondt_booking_before_contenttheme-support\class-twenty-seventeen.php:21
actiondt_booking_after_contenttheme-support\class-twenty-seventeen.php:22
actionadmin_enqueue_scriptsvc\register-vc.php:8
actionwp_enqueue_scriptsvc\register-vc.php:9
actionadmin_initvc\register-vc.php:11
actioninitvc\register-vc.php:12
filtervc_autocomplete_dt_sc_reservation_form_serviceids_callbackvc\shortcodes\reservation_form.php:10
filtervc_autocomplete_dt_sc_reservation_form_serviceids_rendervc\shortcodes\reservation_form.php:11
filtervc_autocomplete_dt_sc_reservation_form_staffids_callbackvc\shortcodes\reservation_form.php:13
filtervc_autocomplete_dt_sc_reservation_form_staffids_rendervc\shortcodes\reservation_form.php:14
filtervc_autocomplete_dt_sc_service_list_terms_callbackvc\shortcodes\service_list.php:10
filtervc_autocomplete_dt_sc_service_list_terms_rendervc\shortcodes\service_list.php:11
actionelementor/widgets/widgets_registeredwidgets\class-register-widgets.php:34
actionelementor/editor/after_enqueue_scriptswidgets\class-register-widgets.php:35
actionelementor/frontend/after_register_styleswidgets\class-register-widgets.php:37
actionelementor/frontend/after_register_scriptswidgets\class-register-widgets.php:38
actionelementor/preview/enqueue_styleswidgets\class-register-widgets.php:40
filterelementor/editor/localize_settingswidgets\class-register-widgets.php:42
Maintenance & Trust

Ultimate Booking Manager Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17
Last updatedSep 17, 2021
PHP min version7.1
Downloads6K

Community Trust

Rating100/100
Number of ratings4
Active installs10
Alternatives

Ultimate Booking Manager Alternatives

Ctrl Booking For Elementor

Ctrl Booking For Elementor

ctrl-booking-system

A
100

A flexible booking system for businesses, seamlessly integrated with Elementor for easy customization and user-friendly management.

0 No CVEs
LatePoint – Calendar Booking Plugin for Appointments and Events

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

F
20

Optimize your appointment scheduling with our plugin. Sync calendars, automate reminders, and keep your bookings organized.

100K 2 unpatched
Booking for Appointments and Events Calendar – Amelia

Booking for Appointments and Events Calendar – Amelia

ameliabooking

A
88

Amelia is a powerful booking plugin for appointments and events. Manage scheduling, calendars, and availability with an all-in-one booking system.

90K 23 CVEs
Online Scheduling and Appointment Booking System – Bookly

Online Scheduling and Appointment Booking System – Bookly

bookly-responsive-appointment-booking-tool

A
93

Appointment booking system for WordPress — schedule appointments, manage calendars, send reminders, take payments. Start booking today!

70K 8 CVEs
Events Manager – Calendar, Bookings, Tickets, and more!

Events Manager – Calendar, Bookings, Tickets, and more!

events-manager

B
82

Events calendar with bookings, scheduling, appointments, event registration, tickets, recurring events, and venue management.

70K 34 CVEs
Developer Profile

Ultimate Booking Manager Developer Profile

Wedesigntech

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Ultimate Booking Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/dt-booking-manager/theme-support/class-default.php/wp-content/plugins/dt-booking-manager/theme-support/class-twenty-seventeen.php/wp-content/plugins/dt-booking-manager/theme-support/class-designthemes.php/wp-content/plugins/dt-booking-manager/vc/register-vc.php/wp-content/plugins/dt-booking-manager/templates/register-templates.php/wp-content/plugins/dt-booking-manager/reservation/register-reservation-system.php/wp-content/plugins/dt-booking-manager/post-types/register-post-types.php/wp-content/plugins/dt-booking-manager/functions/template-functions.php+4 more
Script Paths
/wp-content/plugins/dt-booking-manager/cs-framework/assets/js/cs-plugins.js/wp-content/plugins/dt-booking-manager/cs-framework/assets/js/cs-framework.js
Version Parameters
dt-booking-manager/style.css?ver=dt-booking-manager/style.css?ver=1.6

HTML / DOM Fingerprints

CSS Classes
dt-booking-manager-widget
Data Attributes
data-dt-booking-manager-id
JS Globals
dtBookingManager
Shortcode Output
[dt_booking_manager_form][dt_booking_manager_calendar]
FAQ

Frequently Asked Questions about Ultimate Booking Manager