Funbutler Booking System Security & Risk Analysis

wordpress.org/plugins/funbutler-booking

This plugin is used to connect with Funbutler Booking system.

100 active installs v1.0.8 PHP 5.3+ WP 5.1+ Updated Nov 10, 2022
activity-centerbooking-systementertainment-centerlaser-tagplayland
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Funbutler Booking System Safe to Use in 2026?

Generally Safe

Score 85/100

Funbutler Booking System has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "funbutler-booking" plugin version 1.0.8 presents a mixed security posture. While it demonstrates good practices by not using dangerous functions, employing prepared statements for all SQL queries, and having no recorded historical vulnerabilities, several significant concerns arise from the static analysis. The plugin exposes a total of 8 entry points, with a notable 4 of these lacking any authentication checks. This means that users, potentially unauthenticated, can interact with these critical parts of the plugin.

Furthermore, the absence of any nonce checks and capability checks on its AJAX handlers, coupled with a concerningly low 58% rate of proper output escaping, indicates a high risk of Cross-Site Scripting (XSS) and potential Cross-Site Request Forgery (CSRF) attacks. The lack of taint analysis data (0 flows analyzed) is also a weakness, as it hinders the detection of more complex vulnerabilities that might involve user-controlled input. The presence of file operations and external HTTP requests without explicit security checks also warrants caution.

In conclusion, while the plugin's SQL handling and lack of known vulnerabilities are positive, the substantial number of unprotected AJAX handlers and the absence of critical security mechanisms like nonce and capability checks on these handlers represent significant weaknesses. The inadequate output escaping further exacerbates the risk of client-side attacks. Therefore, despite its clean history, the current version of "funbutler-booking" requires immediate attention to address these identified security gaps.

Key Concerns

  • AJAX handlers without auth checks
  • AJAX handlers without nonce checks
  • AJAX handlers without capability checks
  • Output escaping: 58% properly escaped
  • File operations without explicit checks
  • External HTTP requests without explicit checks
  • No taint analysis performed
Vulnerabilities
None known

Funbutler Booking System Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Funbutler Booking System Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Funbutler Booking System Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
7 escaped
Nonce Checks
0
Capability Checks
0
File Operations
3
External Requests
1
Bundled Libraries
0

Output Escaping

58% escaped12 total outputs
Attack Surface
4 unprotected

Funbutler Booking System Attack Surface

Entry Points8
Unprotected4

AJAX Handlers 4

authwp_ajax_funbutler_connect_clientapi\connect-client.php:3
authwp_ajax_funbutler_disconnect_clientapi\disconnect-client.php:3
authwp_ajax_funbutler_get_client_dataapi\get-client-data.php:3
authwp_ajax_funbutler_get_settingsapi\get-settings.php:3

Shortcodes 4

[booking-form] shortcodes.php:27
[voucher-store] shortcodes.php:48
[testimonials] shortcodes.php:69
[side-cart] shortcodes.php:90
WordPress Hooks 6
filterwp_nav_menu_itemsmenu-item.php:3
actionwp_enqueue_scriptsplugin.php:27
actionwp_headplugin.php:45
actionwp_footerplugin.php:54
actionadmin_menusettings-page.php:7
actionadmin_initsettings-page.php:8
Maintenance & Trust

Funbutler Booking System Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.0
Last updatedNov 10, 2022
PHP min version5.3
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs100
Developer Profile

Funbutler Booking System Developer Profile

funbutler

1 plugin · 100 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Funbutler Booking System

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/funbutler-booking/style.css
Script Paths
/wp-content/plugins/funbutler-booking/runtime-es5.js/wp-content/plugins/funbutler-booking/polyfills-es5.js/wp-content/plugins/funbutler-booking/styles-es5.js/wp-content/plugins/funbutler-booking/vendor-es5.js/wp-content/plugins/funbutler-booking/main-es5.js

HTML / DOM Fingerprints

CSS Classes
loader-wrapperloader-iconlargepadded
Data Attributes
clientIdformId
Shortcode Output
<booking-form<gift-card-store<testimonials<side-cart
FAQ

Frequently Asked Questions about Funbutler Booking System