WP-Safety

Easy Hotel Booking – Powerful Hotel Booking Security & Risk Analysis

wordpress.org/plugins/easy-hotel

All-in-one hotel booking solution to manage reservations, rooms, pricing, and availability with ease.

600 active installs v1.8.9 PHP 7.4+ WP 6.0+ Updated Mar 3, 2026
booking-systemhotelhotel-bookingroom-bookingwoocommerce-booking
56
C · Use Caution
CVEs total2
Unpatched2
Last CVEJan 29, 2026
Plugin page Download
Safety Verdict

Is Easy Hotel Booking – Powerful Hotel Booking Safe to Use in 2026?

Use With Caution

Score 56/100

Easy Hotel Booking – Powerful Hotel Booking has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

2 known CVEs 2 unpatched Last CVE: Jan 29, 2026Updated 1mo ago
Risk Assessment

The 'easy-hotel' plugin v1.8.9 exhibits a mixed security posture. On the positive side, the static analysis reveals a strong adherence to secure coding practices. All identified entry points (AJAX handlers, REST API routes, and shortcodes) appear to have authorization or permission checks, and SQL queries are exclusively using prepared statements. The vast majority of output is properly escaped, and a robust number of nonce and capability checks are in place, indicating a conscious effort to protect against common web vulnerabilities.

Key Concerns

  • Unpatched Medium CVEs
  • Vulnerability history includes XSS and Missing Auth
  • Unsanitized paths in taint analysis
Vulnerabilities
2

Easy Hotel Booking – Powerful Hotel Booking Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-68005medium · 4.3Missing Authorization

Easy Hotel Booking <= 1.8.4 - Missing Authorization

Jan 29, 2026Unpatched
CVE-2025-57938medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Hotel Booking <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Easy Hotel Booking – Powerful Hotel Booking Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
150
2729 escaped
Nonce Checks
45
Capability Checks
8
File Operations
2
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

95% escaped2879 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

12 flows2 with unsanitized paths
eshb_get_booking_data (admin\includes\classes\class.booking-calendar-ajax.php:18)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Easy Hotel Booking – Powerful Hotel Booking Attack Surface

Entry Points32
Unprotected0

AJAX Handlers 22

authwp_ajax_eshb_get_booking_data_tablesadmin\includes\classes\class.booking-calendar-ajax.php:13
authwp_ajax_eshb_get_accomodation_metaadmin\includes\classes\class.booking-calendar-ajax.php:14
noprivwp_ajax_eshb_get_accomodation_metaadmin\includes\classes\class.booking-calendar-ajax.php:15
noprivwp_ajax_eshb_get_extra_services_chargeadmin\includes\classes\class.booking.php:47
authwp_ajax_eshb_get_extra_services_chargeadmin\includes\classes\class.booking.php:48
noprivwp_ajax_eshb_get_booking_pricesadmin\includes\classes\class.booking.php:49
authwp_ajax_eshb_get_booking_pricesadmin\includes\classes\class.booking.php:50
noprivwp_ajax_eshb_add_to_cart_reservationadmin\includes\classes\class.booking.php:51
authwp_ajax_eshb_add_to_cart_reservationadmin\includes\classes\class.booking.php:52
noprivwp_ajax_eshb_send_reservation_requestadmin\includes\classes\class.booking.php:53
authwp_ajax_eshb_send_reservation_requestadmin\includes\classes\class.booking.php:54
noprivwp_ajax_eshb_get_accomodation_available_capacity_countsadmin\includes\classes\class.booking.php:55
authwp_ajax_eshb_get_accomodation_available_capacity_countsadmin\includes\classes\class.booking.php:56
noprivwp_ajax_eshb_get_available_rooms_counts_dataadmin\includes\classes\class.booking.php:57
authwp_ajax_eshb_get_available_rooms_counts_dataadmin\includes\classes\class.booking.php:58
noprivwp_ajax_eshb_get_disabled_dates_by_accomodation_idadmin\includes\classes\class.search.php:19
authwp_ajax_eshb_get_disabled_dates_by_accomodation_idadmin\includes\classes\class.search.php:20
authwp_ajax_eshb-get-iconsadmin\includes\framework\functions\actions.php:50
authwp_ajax_eshb-exportadmin\includes\framework\functions\actions.php:87
authwp_ajax_eshb-importadmin\includes\framework\functions\actions.php:139
authwp_ajax_eshb-resetadmin\includes\framework\functions\actions.php:166
authwp_ajax_eshb-chosenadmin\includes\framework\functions\actions.php:205

REST API Routes 1

POST/wp-json/eshb/v1/booking-pricesadmin\includes\classes\class.booking.php:61

Shortcodes 9

[eshb_search_form] admin\includes\shortcodes.php:18
[eshb_accomodation_grid] admin\includes\shortcodes.php:38
[eshb_accomodation_search_result] admin\includes\shortcodes.php:58
[eshb_accomodation_info] admin\includes\shortcodes.php:78
[eshb_booking_form] admin\includes\shortcodes.php:94
[eshb_availability_calendar] admin\includes\shortcodes.php:110
[eshb_related_accomodations] admin\includes\shortcodes.php:120
[eshb_daywise_pricing_table] admin\includes\shortcodes.php:140
[eshb_check_in_out_times] admin\includes\shortcodes.php:151
WordPress Hooks 168
actionadmin_menuadmin\includes\admin-settings.php:3
actionplugins_loadedadmin\includes\admin-settings.php:88
actioncategory_edit_form_fieldsadmin\includes\admin-settings.php:1015
actioncategory_add_form_fieldsadmin\includes\admin-settings.php:1016
actionadmin_menuadmin\includes\admin-settings.php:1037
actioninitadmin\includes\admin-settings.php:1098
actionwp_after_insert_postadmin\includes\classes\class.admin-booking.php:5
actionsave_post_eshb_bookingadmin\includes\classes\class.admin-booking.php:6
filtereshb_eshb_booking_metaboxes_saveadmin\includes\classes\class.admin-booking.php:7
filterlitespeed_cacheableadmin\includes\classes\class.booking.php:29
actionwoocommerce_before_calculate_totalsadmin\includes\classes\class.booking.php:32
actionwoocommerce_checkout_create_order_line_itemadmin\includes\classes\class.booking.php:33
filterwoocommerce_get_item_dataadmin\includes\classes\class.booking.php:34
actionwoocommerce_thankyouadmin\includes\classes\class.booking.php:36
actionwoocommerce_thankyouadmin\includes\classes\class.booking.php:37
filterwoocommerce_hidden_order_itemmetaadmin\includes\classes\class.booking.php:38
filterwoocommerce_order_item_get_formatted_meta_dataadmin\includes\classes\class.booking.php:39
actionwoocommerce_order_status_changedadmin\includes\classes\class.booking.php:42
actionsave_post_eshb_bookingadmin\includes\classes\class.booking.php:43
actionsave_post_eshb_bookingadmin\includes\classes\class.booking.php:44
filterwoocommerce_payment_complete_order_statusadmin\includes\classes\class.booking.php:45
actionrest_api_initadmin\includes\classes\class.booking.php:60
actionwp_footeradmin\includes\classes\class.booking.php:855
filterwp_mail_content_typeadmin\includes\classes\class.core.php:33
actionsave_post_eshb_couponadmin\includes\classes\class.coupon.php:8
actionadd_meta_boxesadmin\includes\classes\class.metabox-settings.php:9
actioninitadmin\includes\classes\class.metabox-settings.php:10
actionadmin_footeradmin\includes\classes\class.metabox-settings.php:11
actionadmin_head-edit.phpadmin\includes\classes\class.metabox-settings.php:12
actionadmin_footer-post.phpadmin\includes\classes\class.metabox-settings.php:199
actionadmin_footer-post-new.phpadmin\includes\classes\class.metabox-settings.php:200
actioninitadmin\includes\classes\class.metabox-settings.php:222
filterwc_order_statusesadmin\includes\classes\class.metabox-settings.php:223
filterwc_order_is_pending_statusadmin\includes\classes\class.metabox-settings.php:255
filterwoocommerce_resend_order_emails_availableadmin\includes\classes\class.metabox-settings.php:260
actionplugins_loadedadmin\includes\classes\class.search.php:18
filtertheme_page_templatesadmin\includes\classes\class.search.php:26
filtertemplate_includeadmin\includes\classes\class.search.php:27
actionplugins_loadedadmin\includes\classes\class.templates.php:19
filtertemplate_includeadmin\includes\classes\class.templates.php:24
filterget_block_templatesadmin\includes\classes\class.templates.php:25
filterthe_contentadmin\includes\classes\class.templates.php:26
filterthe_contentadmin\includes\classes\class.templates.php:27
actionwp_enqueue_scriptsadmin\includes\framework\classes\abstract.class.php:21
actionadmin_menuadmin\includes\framework\classes\admin-options.class.php:107
actionadmin_bar_menuadmin\includes\framework\classes\admin-options.class.php:108
actionnetwork_admin_menuadmin\includes\framework\classes\admin-options.class.php:112
filteradmin_footer_textadmin\includes\framework\classes\admin-options.class.php:451
actionadd_meta_boxes_commentadmin\includes\framework\classes\comment-options.class.php:38
actionedit_commentadmin\includes\framework\classes\comment-options.class.php:39
actioncustomize_registeradmin\includes\framework\classes\customize-options.class.php:44
actioncustomize_save_afteradmin\includes\framework\classes\customize-options.class.php:45
actionwp_enqueue_scriptsadmin\includes\framework\classes\customize-options.class.php:49
actionadd_meta_boxesadmin\includes\framework\classes\metabox-options.class.php:50
actionsave_postadmin\includes\framework\classes\metabox-options.class.php:51
actionedit_attachmentadmin\includes\framework\classes\metabox-options.class.php:52
actionwp_nav_menu_item_custom_fieldsadmin\includes\framework\classes\nav-menu-options.class.php:32
actionwp_update_nav_menu_itemadmin\includes\framework\classes\nav-menu-options.class.php:33
filterwp_edit_nav_menu_walkeradmin\includes\framework\classes\nav-menu-options.class.php:35
actionadmin_initadmin\includes\framework\classes\profile-options.class.php:32
actionshow_user_profileadmin\includes\framework\classes\profile-options.class.php:44
actionedit_user_profileadmin\includes\framework\classes\profile-options.class.php:45
actionpersonal_options_updateadmin\includes\framework\classes\profile-options.class.php:47
actionedit_user_profile_updateadmin\includes\framework\classes\profile-options.class.php:48
actionafter_setup_themeadmin\includes\framework\classes\setup.class.php:73
actioninitadmin\includes\framework\classes\setup.class.php:74
actionswitch_themeadmin\includes\framework\classes\setup.class.php:75
actionadmin_enqueue_scriptsadmin\includes\framework\classes\setup.class.php:76
actionwp_enqueue_scriptsadmin\includes\framework\classes\setup.class.php:77
actionwp_headadmin\includes\framework\classes\setup.class.php:78
filteradmin_body_classadmin\includes\framework\classes\setup.class.php:79
actionadmin_footeradmin\includes\framework\classes\shortcode-options.class.php:47
actioncustomize_controls_print_footer_scriptsadmin\includes\framework\classes\shortcode-options.class.php:48
actionelementor/editor/before_enqueue_scriptsadmin\includes\framework\classes\shortcode-options.class.php:59
actionelementor/editor/footeradmin\includes\framework\classes\shortcode-options.class.php:60
actionelementor/editor/footeradmin\includes\framework\classes\shortcode-options.class.php:61
actionenqueue_block_editor_assetsadmin\includes\framework\classes\shortcode-options.class.php:258
actionmedia_buttonsadmin\includes\framework\classes\shortcode-options.class.php:262
actionadmin_initadmin\includes\framework\classes\taxonomy-options.class.php:46
actionadmin_footeradmin\includes\framework\fields\icon\icon.php:41
actioncustomize_controls_print_footer_scriptsadmin\includes\framework\fields\icon\icon.php:42
actionadmin_print_footer_scriptsadmin\includes\framework\fields\link\link.php:65
actionprint_default_editor_scriptsadmin\includes\framework\fields\wp_editor\wp_editor.php:62
actionadmin_menuadmin\includes\framework\views\welcome.php:19
filterplugin_action_linksadmin\includes\framework\views\welcome.php:20
filterplugin_row_metaadmin\includes\framework\views\welcome.php:21
actionadmin_noticesadmin\includes\notice.php:15
actionswitch_themeadmin\includes\opt-in\Insights.php:134
actionswitch_themeadmin\includes\opt-in\Insights.php:135
actionadmin_footeradmin\includes\opt-in\Insights.php:145
actionadmin_noticesadmin\includes\opt-in\Insights.php:160
actionadmin_initadmin\includes\opt-in\Insights.php:163
filtercron_schedulesadmin\includes\opt-in\Insights.php:167
actionadmin_enqueue_scriptsadmin\includes\plugin-scripts.php:4
actioninitadmin\includes\post-types\accomodation\accomodation.php:54
filterregister_post_type_argsadmin\includes\post-types\accomodation\accomodation.php:74
actionplugins_loadedadmin\includes\post-types\accomodation\metaboxes.php:3
filtermanage_eshb_accomodation_posts_columnsadmin\includes\post-types\accomodation\metaboxes.php:336
actionmanage_eshb_accomodation_posts_custom_columnadmin\includes\post-types\accomodation\metaboxes.php:357
filtermanage_eshb_accomodation_posts_columnsadmin\includes\post-types\accomodation\metaboxes.php:380
actioninitadmin\includes\post-types\accomodation\taxonomies.php:3
actioninitadmin\includes\post-types\booking\booking.php:54
filterpost_row_actionsadmin\includes\post-types\booking\hooks.php:16
actionplugins_loadedadmin\includes\post-types\booking\metaboxes.php:3
filtermanage_eshb_booking_posts_columnsadmin\includes\post-types\booking\metaboxes.php:37
actionmanage_eshb_booking_posts_custom_columnadmin\includes\post-types\booking\metaboxes.php:88
filtermanage_eshb_booking_posts_columnsadmin\includes\post-types\booking\metaboxes.php:110
actioninitadmin\includes\post-types\booking-request\booking-request.php:51
filterpost_row_actionsadmin\includes\post-types\booking-request\hooks.php:9
filtermanage_eshb_booking_request_posts_columnsadmin\includes\post-types\booking-request\metaboxes.php:253
actionmanage_eshb_booking_request_posts_custom_columnadmin\includes\post-types\booking-request\metaboxes.php:275
filtermanage_eshb_booking_request_posts_columnsadmin\includes\post-types\booking-request\metaboxes.php:297
actioninitadmin\includes\post-types\coupon\coupon.php:51
filtermanage_eshb_coupon_posts_columnsadmin\includes\post-types\coupon\metaboxes.php:122
actionmanage_eshb_coupon_posts_custom_columnadmin\includes\post-types\coupon\metaboxes.php:162
filtermanage_eshb_coupon_posts_columnsadmin\includes\post-types\coupon\metaboxes.php:181
actionplugins_loadedadmin\includes\post-types\init.php:20
filterget_edit_post_linkadmin\includes\post-types\init.php:24
filtermanage_eshb_payment_posts_columnsadmin\includes\post-types\payment\metaboxes.php:9
actionmanage_eshb_payment_posts_custom_columnadmin\includes\post-types\payment\metaboxes.php:38
filtermanage_eshb_payment_posts_columnsadmin\includes\post-types\payment\metaboxes.php:58
actioninitadmin\includes\post-types\payment\payment.php:51
filterpost_row_actionsadmin\includes\post-types\payment\payment.php:64
actioninitadmin\includes\post-types\service\service.php:51
actionplugins_loadedadmin\includes\post-types\session\metaboxes.php:3
filtermanage_eshb_session_posts_columnsadmin\includes\post-types\session\metaboxes.php:110
actionmanage_eshb_session_posts_custom_columnadmin\includes\post-types\session\metaboxes.php:133
filtermanage_eshb_session_posts_columnsadmin\includes\post-types\session\metaboxes.php:151
actionadd_meta_boxesadmin\includes\post-types\session\metaboxes.php:155
actioninitadmin\includes\post-types\session\session.php:51
filterwoocommerce_product_get_permalinkadmin\includes\woocommerce-filters.php:4
filterpost_type_linkadmin\includes\woocommerce-filters.php:19
filterpost_type_linkadmin\includes\woocommerce-filters.php:35
filterwoocommerce_cart_item_permalinkadmin\includes\woocommerce-filters.php:48
filterwoocommerce_cart_item_nameadmin\includes\woocommerce-filters.php:65
filterwoocommerce_order_item_permalinkadmin\includes\woocommerce-filters.php:83
actionwoocommerce_product_queryadmin\includes\woocommerce-filters.php:105
filterwoocommerce_related_productsadmin\includes\woocommerce-filters.php:117
actionwoocommerce_thankyouadmin\includes\woocommerce-filters.php:134
actioninitclass.easy-hotel.php:24
actionplugins_loadedclass.easy-hotel.php:25
actioninitclass.easy-hotel.php:26
filteradmin_body_classclass.easy-hotel.php:27
actionphpmailer_initclass.easy-hotel.php:28
actionpre_get_postsclass.easy-hotel.php:29
actioninitclass.easy-hotel.php:58
filterimage_size_names_chooseclass.easy-hotel.php:59
actioninitclass.easy-hotel.php:144
actioninitclass.session-manager.php:13
actionplugins_loadedeasy-hotel.php:33
actionplugins_loadedeasy-hotel.php:55
actionwp_enqueue_scriptspublic\includes\dynamic-css.php:4
actionelementor/editor/after_enqueue_scriptspublic\includes\dynamic-css.php:97
actioninitpublic\includes\gutenberg\blocks\accomodation-gallery\accomodation-gallery.php:37
actioninitpublic\includes\gutenberg\blocks\accomodation-grid\accomodation-grid.php:28
actioninitpublic\includes\gutenberg\blocks\accomodation-info\accomodation-info.php:28
actioninitpublic\includes\gutenberg\blocks\accomodation-slider\accomodation-slider.php:21
actioninitpublic\includes\gutenberg\blocks\availability-calendars\availability-calendars.php:21
filterblock_categories_allpublic\includes\gutenberg\blocks\blocks.php:16
actioninitpublic\includes\gutenberg\blocks\blocks.php:19
actioninitpublic\includes\gutenberg\blocks\booking-form\booking-form.php:35
actioninitpublic\includes\gutenberg\blocks\check-in-out-times\check-in-out-times.php:20
actioninitpublic\includes\gutenberg\blocks\search-form\search-form.php:35
actionwp_enqueue_scriptspublic\includes\plugin-scripts.php:3
actionplugins_loadedpublic\includes\widgets\widgets.php:45
actionelementor/widgets/registerpublic\includes\widgets\widgets.php:65
actionelementor/elements/categories_registeredpublic\includes\widgets\widgets.php:66
actioninitpublic\includes\widgets\widgets.php:121
Maintenance & Trust

Easy Hotel Booking – Powerful Hotel Booking Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 3, 2026
PHP min version7.4
Downloads18K

Community Trust

Rating86/100
Number of ratings6
Active installs600
Alternatives

Easy Hotel Booking – Powerful Hotel Booking Alternatives

Emmeo Booking Reception

Emmeo Booking Reception

emmeo-booking-reception

A
100

Front desk / reception dashboard for WP Booking System, MotoPress Hotel Booking, Booking Calendar & WooCommerce Bookings — manage arrivals, depart &hellip;

0 No CVEs
WP Hotel Booking

WP Hotel Booking

wp-hotel-booking

D
40

WordPress Hotel Booking Plugin - A complete hotel booking reservation plugin for WordPress.

8K 1 unpatched
Sirvoy Booking Engine

Sirvoy Booking Engine

sirvoy-booking-engine

A
100

Sirvoy booking engine - Non-Commission Direct Bookings from Your Website. Sirvoy can also help you to receive bookings from channels, and much more.

1K No CVEs
eaSYNC Booking – Hotels, Restaurants & Car Rentals

eaSYNC Booking – Hotels, Restaurants & Car Rentals

easync-booking

A
94

Simplify a Customer’s Booking Experience with eaSYNC Booking — a WordPress Booking Plugin for Hotels, Restaurants, and Car Rentals!

100 5 CVEs
Bookwize Integrated Cinnamon

Bookwize Integrated Cinnamon

bookwize-integrated-cinnamon

A
85

Integrate Bookwize Hotel Booking Engine in your WordPress website and let visitors check availability and rates and make a booking directly from your &hellip;

10 No CVEs
Developer Profile

Easy Hotel Booking – Powerful Hotel Booking Developer Profile

themewant

8 plugins · 9K total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Easy Hotel Booking – Powerful Hotel Booking

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-hotel/public/css/style.css/wp-content/plugins/easy-hotel/public/css/frontend.css/wp-content/plugins/easy-hotel/public/js/frontend.js
Script Paths
/wp-content/plugins/easy-hotel/public/js/frontend.js
Version Parameters
easy-hotel/public/css/style.css?ver=easy-hotel/public/css/frontend.css?ver=easy-hotel/public/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
eshb-main-wrappereasy-hotel-booking
HTML Comments
Easy Hotel Booking
Data Attributes
data-room-iddata-booking-id
JS Globals
ESHB_JS_OBJECT
REST Endpoints
/wp-json/eshb/v1/booking/wp-json/eshb/v1/availability
Shortcode Output
[easy_hotel_booking]
FAQ

Frequently Asked Questions about Easy Hotel Booking – Powerful Hotel Booking