Does EduAdmin Booking have any unpatched vulnerabilities?

No. All known vulnerabilities in EduAdmin Booking have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is EduAdmin Booking compatible with WordPress 6.6.5?

According to WordPress.org data, EduAdmin Booking 5.4.0 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is EduAdmin Booking compatible with PHP 8.1+?

EduAdmin Booking requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is EduAdmin Booking updated?

EduAdmin Booking was last updated on Feb 25, 2025. Frequent updates are generally a positive security signal.

What is EduAdmin Booking's security score?

EduAdmin Booking has a WP-Safety security score of 90/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

EduAdmin Booking Security & Risk Analysis

wordpress.org/plugins/eduadmin-booking

EduAdmin plugin to allow visitors to book courses at your website. Requires EduAdmin-account.

50 active installs v5.4.0 PHP 8.1+ WP 6.0+ Updated Feb 25, 2025

bookingcourseseduadmineventsparticipants

A · Safe

CVEs total1

Unpatched0

Last CVEDec 11, 2024

Plugin page Download

Safety Verdict

Is EduAdmin Booking Safe to Use in 2026?

Generally Safe

Score 90/100

EduAdmin Booking has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 11, 2024Updated 1yr ago

Risk Assessment

The eduadmin-booking plugin v5.4.0 presents a mixed security posture. On the positive side, the plugin demonstrates good practices in its handling of SQL queries, utilizing prepared statements exclusively, and implementing a substantial number of nonce and capability checks. The absence of direct file operations and external HTTP requests initiated without apparent oversight is also a strength. However, the static analysis reveals concerns regarding output escaping, with only 62% of outputs being properly escaped, suggesting a potential for Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the taint analysis identified 5 flows with unsanitized paths, which, while not flagged as critical or high severity in this analysis, represent potential avenues for exploitation, especially if they interact with file operations or external inputs.

The vulnerability history shows a single high-severity CVE, specifically related to Improper Control of Filename for Include/Require Statement in PHP. Although this vulnerability is currently patched, its nature indicates a past weakness that could resurface or be present in different forms if not thoroughly addressed. The concentration of this high-severity issue in a specific vulnerability type highlights a pattern of concern around file handling and inclusion, which should be a focus for future development and auditing. Overall, while the plugin has strengths in its data handling and authentication mechanisms, the output escaping and taint flow results, coupled with its vulnerability history, indicate areas that require careful monitoring and ongoing security diligence.

Key Concerns

Significant unsanitized paths found in taint analysis
Output escaping is only 62% proper
History of high severity RFI vulnerability

Vulnerabilities

EduAdmin Booking Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2024-54373high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

EduAdmin Booking <= 5.2.0 - Authenticated (Contributor+) Local File Inclusion

Dec 11, 2024 Patched in 5.3.0 (9d)

Code Analysis

Analyzed Mar 16, 2026

EduAdmin Booking Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

809

1339 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared8 total queries

Output Escaping

62% escaped2148 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

10 flows5 with unsanitized paths

edu_set_canonical_url (includes\edu-options.php:73)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

EduAdmin Booking Attack Surface

Entry Points13

Unprotected0

Shortcodes 13

[eduadmin-listview] includes\edu-shortcodes.php:994

[eduadmin-detailview] includes\edu-shortcodes.php:995

[eduadmin-bookingview] includes\edu-shortcodes.php:996

[eduadmin-detailinfo] includes\edu-shortcodes.php:997

[eduadmin-loginwidget] includes\edu-shortcodes.php:998

[eduadmin-loginview] includes\edu-shortcodes.php:999

[eduadmin-objectinterest] includes\edu-shortcodes.php:1000

[eduadmin-eventinterest] includes\edu-shortcodes.php:1001

[eduadmin-coursepublicpricename] includes\edu-shortcodes.php:1002

[eduadmin-programme-list] includes\edu-shortcodes.php:1004

[eduadmin-programme-detail] includes\edu-shortcodes.php:1005

[eduadmin-programme-book] includes\edu-shortcodes.php:1006

[eduadmin-programmeinfo] includes\edu-shortcodes.php:1007

WordPress Hooks 55

actionwp_loadedclass\class-eduadmin-bookinghandler.php:6

actionwp_loadedclass\class-eduadmin-bookinghandler.php:7

actionwp_loadedclass\class-eduadmin-bookinghandler.php:8

actionwp_loadedclass\class-eduadmin-bookinghandler.php:9

filteredu-booking-errorclass\class-eduadmin-bookinghandler.php:61

filteredu-booking-errorclass\class-eduadmin-bookinghandler.php:114

filteredu-booking-errorclass\class-eduadmin-bookinghandler.php:174

actionwp_loadedclass\class-eduadmin-loginhandler.php:12

actioninitclass\class-eduadminrouter.php:7

actioninitclass\class-eduadminrouter.php:8

actionparse_requestclass\class-eduadminrouter.php:9

actionafter_switch_themeeduadmin.php:454

actioniniteduadmin.php:455

actionplugins_loadededuadmin.php:456

actioneduadmin_call_homeeduadmin.php:457

actioneduadmin_clear_expirededuadmin.php:458

actionwp_footereduadmin.php:459

actionwp_footereduadmin.php:460

actionwp_footereduadmin.php:461

actionwp_footereduadmin.php:462

actionwp_footereduadmin.php:463

filtercron_scheduleseduadmin.php:465

actionrest_api_initeduadmin.php:566

actionadmin_noticeseduadmin.php:620

actionadmin_noticeseduadmin.php:627

actionwp_loadededuadmin.php:828

actionadmin_noticeseduadmin.php:838

actionin_plugin_update_message-eduadmin-booking/eduadmin.phpeduadmin.php:851

actionadmin_noticesincludes\booking-settings.php:19

actionadmin_noticesincludes\edu-date-settings.php:9

actionwp_loadedincludes\edu-login-functions.php:49

actionadmin_noticesincludes\edu-login-functions.php:55

actionadmin_noticesincludes\edu-login-functions.php:59

actionadmin_initincludes\edu-options.php:17

actionadmin_menuincludes\edu-options.php:18

actionadmin_enqueue_scriptsincludes\edu-options.php:19

actionwp_enqueue_scriptsincludes\edu-options.php:20

actionadd_meta_boxesincludes\edu-options.php:21

actionwp_footerincludes\edu-options.php:22

actionwp_footerincludes\edu-options.php:23

actionwp_headincludes\edu-options.php:24

actionwp_headincludes\edu-options.php:25

filterget_canonical_urlincludes\edu-options.php:103

filteroembed_discovery_linksincludes\edu-options.php:104

actionwp_headincludes\edu-options.php:118

filterget_shortlinkincludes\edu-options.php:119

filterpre_get_document_titleincludes\edu-options.php:179

filterwp_titleincludes\edu-options.php:180

filteraioseop_titleincludes\edu-options.php:181

actioninitincludes\edu-rewrites.php:26

actionadmin_initincludes\edu-rewrites.php:27

actionadmin_noticesincludes\edu-security-settings.php:8

actioneduadmin-showtimersincludes\eduadmin-api-phpclient\eduadmin-api-client.php:177

actionadmin_noticesincludes\list-settings.php:7

actionadmin_noticesincludes\profile-settings.php:6

Scheduled Events 2

eduadmin_call_home

eduadmin_clear_expired

Maintenance & Trust

EduAdmin Booking Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedFeb 25, 2025

PHP min version8.1

Downloads13K

Community Trust

Rating0/100

Number of ratings0

Active installs50

Alternatives

EduAdmin Booking Alternatives

EduAdmin – Google Analytics / Tag Manager

eduadmin-analytics

This plugin adds support for Google Analytics / Tag Manager to your EduAdmin plugin (WordPress only, not the course portal).

0 No CVEs

EduAdmin – Klarna Checkout WordPress-plugin

eduadmin-booking-klarna-checkout

EduAdmin - Klarna Checkout WordPress-plugin

0 No CVEs

EduAdmin – SveaWebPay WordPress-plugin

eduadmin-sveawebpay

100

EduAdmin - SveaWebPay WordPress-plugin

0 No CVEs

CASA Courses

casa-courses

Connect your Casa installation to your WordPress installation.

0 No CVEs

EasyMe Connect

easyme-connect

Connects your EasyMe account to Wordpress.

500 1 unpatched

Developer Profile

EduAdmin Booking Developer Profile

Chris Gardenberg

5 plugins · 50 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

9 days

View full developer profile

Detection Fingerprints

How We Detect EduAdmin Booking

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/eduadmin-booking/assets/css/app.css/wp-content/plugins/eduadmin-booking/assets/css/main.css/wp-content/plugins/eduadmin-booking/assets/css/modules/module.css/wp-content/plugins/eduadmin-booking/assets/css/modules/cards.css/wp-content/plugins/eduadmin-booking/assets/css/modules/loader.css/wp-content/plugins/eduadmin-booking/assets/css/modules/forms.css/wp-content/plugins/eduadmin-booking/assets/css/modules/bookings.css/wp-content/plugins/eduadmin-booking/assets/css/modules/tabs.css+26 more

Script Paths

/wp-content/plugins/eduadmin-booking/assets/js/app.js/wp-content/plugins/eduadmin-booking/assets/js/modules/module.js/wp-content/plugins/eduadmin-booking/assets/js/modules/loader.js/wp-content/plugins/eduadmin-booking/assets/js/modules/booking.js/wp-content/plugins/eduadmin-booking/assets/js/modules/forms.js/wp-content/plugins/eduadmin-booking/assets/js/modules/tabs.js+9 more

Version Parameters

/wp-content/plugins/eduadmin-booking/assets/css/app.css?ver=/wp-content/plugins/eduadmin-booking/assets/css/main.css?ver=/wp-content/plugins/eduadmin-booking/assets/css/modules/module.css?ver=/wp-content/plugins/eduadmin-booking/assets/css/modules/cards.css?ver=/wp-content/plugins/eduadmin-booking/assets/css/modules/loader.css?ver=/wp-content/plugins/eduadmin-booking/assets/css/modules/forms.css?ver=/wp-content/plugins/eduadmin-booking/assets/css/modules/bookings.css?ver=/wp-content/plugins/eduadmin-booking/assets/css/modules/tabs.css?ver=/wp-content/plugins/eduadmin-booking/assets/css/modules/buttons.css?ver=/wp-content/plugins/eduadmin-booking/assets/css/modules/images.css?ver=/wp-content/plugins/eduadmin-booking/assets/css/modules/nav.css?ver=/wp-content/plugins/eduadmin-booking/assets/css/modules/sections.css?ver=/wp-content/plugins/eduadmin-booking/assets/css/modules/pagination.css?ver=/wp-content/plugins/eduadmin-booking/assets/css/modules/tables.css?ver=/wp-content/plugins/eduadmin-booking/assets/css/modules/search.css?ver=/wp-content/plugins/eduadmin-booking/assets/css/modules/alerts.css?ver=/wp-content/plugins/eduadmin-booking/assets/css/modules/lists.css?ver=/wp-content/plugins/eduadmin-booking/assets/css/modules/dialogs.css?ver=/wp-content/plugins/eduadmin-booking/assets/css/modules/layout.css?ver=/wp-content/plugins/eduadmin-booking/assets/js/app.js?ver=/wp-content/plugins/eduadmin-booking/assets/js/modules/module.js?ver=/wp-content/plugins/eduadmin-booking/assets/js/modules/loader.js?ver=/wp-content/plugins/eduadmin-booking/assets/js/modules/booking.js?ver=/wp-content/plugins/eduadmin-booking/assets/js/modules/forms.js?ver=/wp-content/plugins/eduadmin-booking/assets/js/modules/tabs.js?ver=/wp-content/plugins/eduadmin-booking/assets/js/modules/dialog.js?ver=/wp-content/plugins/eduadmin-booking/assets/js/modules/menu.js?ver=/wp-content/plugins/eduadmin-booking/assets/js/modules/search.js?ver=/wp-content/plugins/eduadmin-booking/assets/js/modules/login.js?ver=/wp-content/plugins/eduadmin-booking/assets/js/modules/calendar.js?ver=/wp-content/plugins/eduadmin-booking/assets/js/modules/datepicker.js?ver=/wp-content/plugins/eduadmin-booking/assets/js/modules/datetimepicker.js?ver=/wp-content/plugins/eduadmin-booking/assets/js/modules/notifications.js?ver=/wp-content/plugins/eduadmin-booking/assets/js/modules/data.js?ver=

HTML / DOM Fingerprints

CSS Classes

eduadmin-dialogeduadmin-booking-formeduadmin-booking-containereduadmin-booking-cardeduadmin-loadereduadmin-modaleduadmin-tabseduadmin-menu+14 more

HTML Comments

+8 more

Data Attributes

data-eduadmin-actiondata-eduadmin-moduledata-eduadmin-iddata-eduadmin-targetdata-eduadmin-dialog-title

JS Globals

EduAdmineduadminAppeduadminModules

REST Endpoints

/wp-json/eduadmin/v1/bookings/wp-json/eduadmin/v1/courses/wp-json/eduadmin/v1/login

FAQ

EduAdmin Booking Security & Risk Analysis

Is EduAdmin Booking Safe to Use in 2026?

Generally Safe

Key Concerns

EduAdmin Booking Security Vulnerabilities

CVEs by Year

Severity Breakdown

EduAdmin Booking Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

EduAdmin Booking Attack Surface

Shortcodes 13

Scheduled Events 2

EduAdmin Booking Maintenance & Trust

Maintenance Signals

Community Trust

EduAdmin Booking Alternatives

EduAdmin – Google Analytics / Tag Manager

EduAdmin – Klarna Checkout WordPress-plugin

EduAdmin – SveaWebPay WordPress-plugin

CASA Courses

EasyMe Connect

EduAdmin Booking Developer Profile

How We Detect EduAdmin Booking

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about EduAdmin Booking