[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpM1yJewJXFpChfSawOEVsn0z0q4gB2tz1FNdd65bcKo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":172,"crawl_stats":37,"alternatives":180,"analysis":284,"fingerprints":958},"hostel","Hostel","1.1.8","Bob","https:\u002F\u002Fprofiles.wordpress.org\u002Fprasunsen\u002F","\u003Cp>Create your hostel, small hotel, or BnB site with WordPress.\u003Cbr \u002F>\nHostel is online booking system with easy back-end management.\u003Cbr \u002F>\nYou can publish the booking forms, room calendars, and room lists with shortcodes so the plugin fits any WordPress theme.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Manage your booking mode: accept Paypal, manual payments, or don’t allow online booking\u003C\u002Fli>\n\u003Cli>Manage email notifications\u003C\u002Fli>\n\u003Cli>Manage rooms, beds, and prices\u003C\u002Fli>\n\u003Cli>Set unavailable dates when you are on vacations or just don’t want to accept guests in some rooms\u003C\u002Fli>\n\u003Cli>Manage bookings, process payments, contact customers\u003C\u002Fli>\n\u003Cli>List your rooms by using shortcodes\u003C\u002Fli>\n\u003Cli>Supports iCal \u002F .ics to synchronize bookings with online systems. You can export and import bookings to\u002Ffrom all popular booking sites like Booking.com, AirBnB.com, Hotels.com etc.\u003C\u002Fli>\n\u003Cli>Localization \u002F translation – ready\u003C\u002Fli>\n\u003Cli>Mobile \u002F touch – friendly\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There are more and better features + premium support in the PRO version. Check it on our new site: \u003Ca href=\"http:\u002F\u002Fwp-hostel.com\" title=\"Hostel PRO\" rel=\"nofollow ugc\">wp-hostel.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Getting Started\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to Hostel link in your admin menu to manage your rooms and rates.\u003C\u002Fli>\n\u003Cli>Use the shortcodes to install a list of your rooms or to add the booking code to a post or page where you have described your rooms.\u003C\u002Fli>\n\u003Cli>Set up unavailable dates if you have such.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Shortcodes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>[wphostel-list] will display a table with your available rooms. A date selector on the top lets the user choose dates of their visit and then the rooms list is updated. If you have enabled booking in your Hostel settings page, the table will also show “Book” button when appropriate. The button will automaically load the booking form. You can pass the attribute “max_days” to specify the maximum day interval that can be selected to show the table.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>[wphostel-booking] displays a generic booking form with a drop-down selector for choosing room, and a date selector. If you use the [wphostel-list] shortcode you most probably do not need this one because the booking form is automatically generated.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For translating the plugin check the Help page under the Hostel menu in your administration.\u003C\u002Fp>\n\u003Ch3>Community Translations\u003C\u002Fh3>\n\u003Cp>The following translations are currently available. Please note they are maintained by volunteer translators and we can’t guarantee their accuracy.\u003C\u002Fp>\n\u003Cp>Spanish: \u003Ca href=\"http:\u002F\u002Fbackpackercompare.com\u002Fwp-content\u002Fuploads\u002F2014\u002F06\u002Fwphostel-es_ES.mo\" title=\"wphostel-es_ES.mo\" rel=\"nofollow ugc\">wphostel-es_ES.mo\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fbackpackercompare.com\u002Fwp-content\u002Fuploads\u002F2014\u002F06\u002Fwphostel-es_ES.po\" title=\"wphostel-es_ES.po\" rel=\"nofollow ugc\">wphostel-es_ES.po\u003C\u002Fa>\u003C\u002Fp>\n","Create your hostel, small hotel or BnB site with WordPress. Manage rooms, booking, unavailable dates, and more.",30,23920,90,12,"2026-03-12T08:43:00.000Z","6.9.4","6.0","",[20,21,4,22,23],"bnb","booking","hotel","reservations","http:\u002F\u002Fwp-hostel.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhostel.1.1.8.zip",92,11,0,"2025-11-27 00:00:00","2026-03-15T15:16:48.613Z",[32,48,62,72,87,99,110,122,137,149,158],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-66119","hostel-reflected-cross-site-scripting-2","Hostel \u003C= 1.1.5.9 - Reflected Cross-Site Scripting","The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.1.5.9","1.1.6","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-12-19 16:54:36",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F73de57bf-ca40-45f3-ab5c-021704436a23?source=api-prod",23,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":37,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":43,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2025-6236","hostel-authenticated-admin-stored-cross-site-scripting","Hostel \u003C= 1.1.5.8 - Authenticated (Admin+) Stored Cross-Site Scripting","The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","\u003C=1.1.5.8","1.1.5.9",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2025-06-19 00:00:00","2025-07-25 14:14:15",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8b2409a3-e94f-4d1d-bdf6-870fc8f0c84f?source=api-prod",37,{"id":63,"url_slug":64,"title":65,"description":66,"plugin_slug":4,"theme_slug":37,"affected_versions":67,"patched_in_version":68,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":57,"updated_date":69,"references":70,"days_to_patch":61},"CVE-2025-6234","hostel-reflected-cross-site-scripting-4","Hostel \u003C= 1.1.5.7 - Reflected Cross-Site Scripting","The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.1.5.7","1.1.5.8","2025-07-25 14:06:07",[71],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbc0f883f-a6d7-4b23-9284-1a5e46ef396e?source=api-prod",{"id":73,"url_slug":74,"title":75,"description":76,"plugin_slug":4,"theme_slug":37,"affected_versions":77,"patched_in_version":78,"severity":40,"cvss_score":79,"cvss_vector":80,"vuln_type":81,"published_date":82,"updated_date":83,"references":84,"days_to_patch":86},"CVE-2025-39566","hostel-authenticated-administrator-sql-injection","Hostel \u003C= 1.1.5.6 - Authenticated (Administrator+) SQL Injection","The Hostel plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.5.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","\u003C=1.1.5.6","1.1.5.7",4.9,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2025-04-16 00:00:00","2025-04-22 19:15:32",[85],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4ad02efa-4edb-485c-8fc4-79a030597d70?source=api-prod",7,{"id":88,"url_slug":89,"title":90,"description":91,"plugin_slug":4,"theme_slug":37,"affected_versions":92,"patched_in_version":93,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":94,"updated_date":95,"references":96,"days_to_patch":98},"CVE-2025-31102","hostel-reflected-cross-site-scripting","Hostel \u003C= 1.1.5.5 - Reflected Cross-Site Scripting","The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.1.5.5","1.1.5.6","2025-03-28 00:00:00","2025-04-02 19:54:29",[97],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F255e7322-641a-4b05-ae2d-0ec90d133e8e?source=api-prod",6,{"id":100,"url_slug":101,"title":102,"description":103,"plugin_slug":4,"theme_slug":37,"affected_versions":104,"patched_in_version":105,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":106,"updated_date":107,"references":108,"days_to_patch":86},"CVE-2025-30848","hostel-reflected-cross-site-scripting-5","Hostel \u003C= 1.1.5 - Reflected Cross-Site Scripting","The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.1.5","1.1.5.5","2025-03-27 00:00:00","2025-04-02 19:54:56",[109],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd611fb0a-f957-4ff7-a402-e0cf0e2c12b6?source=api-prod",{"id":111,"url_slug":112,"title":113,"description":114,"plugin_slug":4,"theme_slug":37,"affected_versions":115,"patched_in_version":116,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":117,"updated_date":118,"references":119,"days_to_patch":121},"CVE-2024-3753","hostel-reflected-cross-site-scripting-3","Hostel \u003C= 1.1.5.2 - Reflected Cross-Site Scripting","The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'offset' and 'type' parameters in all versions up to, and including, 1.1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.1.5.2","1.1.5.3","2024-06-22 00:00:00","2024-08-09 17:39:43",[120],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F80b6f2e6-1f06-4ead-8c31-fc4fffe8323b?source=api-prod",49,{"id":123,"url_slug":124,"title":125,"description":126,"plugin_slug":4,"theme_slug":37,"affected_versions":127,"patched_in_version":128,"severity":40,"cvss_score":129,"cvss_vector":130,"vuln_type":131,"published_date":132,"updated_date":133,"references":134,"days_to_patch":136},"CVE-2024-4314","hostel-cross-site-request-forgery","hostel \u003C= 1.1.5.3 - Cross-Site Request Forgery","The Hostel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5.3. This is due to missing or incorrect nonce validation when managing rooms. This makes it possible for unauthenticated attackers to create and delete rooms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=1.1.5.3","1.1.5.4",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-05-06 00:00:00","2024-05-09 20:03:30",[135],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6a8c5d9b-4535-4edb-a92e-a9b83a0d22c3?source=api-prod",4,{"id":138,"url_slug":139,"title":140,"description":141,"plugin_slug":4,"theme_slug":37,"affected_versions":142,"patched_in_version":143,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":43,"published_date":144,"updated_date":145,"references":146,"days_to_patch":148},"CVE-2023-0545","hostel-authenticated-administrator-stored-cross-site-scripting","Hostel \u003C= 1.1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. This may be a duplicate of CVE-2023-32120.","\u003C=1.1.5.1","1.1.5.2","2023-05-10 00:00:00","2024-01-22 19:56:02",[147],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbb98b2ee-5c51-453f-9e55-52027237e732?source=api-prod",258,{"id":150,"url_slug":151,"title":152,"description":153,"plugin_slug":4,"theme_slug":37,"affected_versions":142,"patched_in_version":143,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":43,"published_date":154,"updated_date":145,"references":155,"days_to_patch":157},"CVE-2023-32120","hostel-authenticated-administrator-stored-cross-site-scripting-via-manage-bookings","Hostel \u003C= 1.1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Manage Bookings","The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Room Title of the Manage Bookings feature in versions up to, and including, 1.1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.","2023-05-04 00:00:00",[156],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb4865576-9929-4ce2-a220-935f1f3e0485?source=api-prod",264,{"id":159,"url_slug":160,"title":161,"description":162,"plugin_slug":4,"theme_slug":37,"affected_versions":163,"patched_in_version":164,"severity":165,"cvss_score":166,"cvss_vector":167,"vuln_type":43,"published_date":168,"updated_date":145,"references":169,"days_to_patch":171},"CVE-2019-12345","hostel-stored-cross-site-scripting","Hostel \u003C= 1.1.3 - Stored Cross-Site Scripting","The Hostel Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'contact_name' and 'contact_phone' parameters in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.1.3","1.1.4","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2019-05-25 00:00:00",[170],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5686bc0f-efe7-4268-a6e1-bec939504ab4?source=api-prod",1704,{"slug":173,"display_name":7,"profile_url":8,"plugin_count":174,"total_installs":175,"avg_security_score":176,"avg_patch_time_days":177,"trust_score":178,"computed_at":179},"prasunsen",9,4810,81,725,66,"2026-04-04T11:19:42.732Z",[181,199,216,240,262],{"slug":182,"name":183,"version":184,"author":185,"author_profile":186,"description":187,"short_description":188,"active_installs":189,"downloaded":190,"rating":191,"num_ratings":47,"last_updated":192,"tested_up_to":16,"requires_at_least":193,"requires_php":18,"tags":194,"homepage":196,"download_link":197,"security_score":198,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"wp-hotelier","WP Hotelier","2.18.3","benitolopez","https:\u002F\u002Fprofiles.wordpress.org\u002Fbenitolopez\u002F","\u003Cp>WP Hotelier is a powerful free hotel booking plugin for WordPress, built specifically for hotels, b&bs, etc. With WP Hotelier you can manage hotel reservations inside your WordPress dashboard, accept payments online, choose between three different booking modes, receive email notifications, manage room’s amenities, set seasonal or fixed prices and much more. WP Hotelier it’s an all-in-one hotel booking system for WordPress.\u003C\u002Fp>\n\u003Cp>You can see WP Hotelier in action with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhello.wphotelier.com\u002Fone\u002F\" rel=\"nofollow ugc\">Hello Elementor\u003C\u002Fa>: the most popular theme on the market. You can download the offical integration \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-hotelier\u002Fwp-hotelier-hello-elementor\u002Freleases\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Funcode.wphotelier.com\u002F\" rel=\"nofollow ugc\">Uncode\u003C\u002Fa>: Uncode is a premium theme and one of the most popular premium themes on the market. You can download the offical integration \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-hotelier\u002Fwp-hotelier-uncode\u002Freleases\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fmanila.wphotelier.com\u002F\" rel=\"nofollow ugc\">Manila\u003C\u002Fa>: Manila is a free WordPress hotel theme developed for WP hotelier specifically. You can \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-hotelier\u002Fmanila\u002Freleases\" rel=\"nofollow ugc\">download it for free here\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>WP Hotelier is a complete hotel booking system for WordPress. Some of the features are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Three different booking modes: instant booking, manual booking (requires admin approval) and booking disabled.\u003C\u002Fli>\n\u003Cli>Accept payments: require a deposit at the time of booking or charge the entire stay.\u003C\u002Fli>\n\u003Cli>Advanced room settings: manage rooms, beds, and prices.\u003C\u002Fli>\n\u003Cli>Seasonal prices: increase reservations by offering discounts on off-seasons.\u003C\u002Fli>\n\u003Cli>Mark a room non cancellable and non refundable.\u003C\u002Fli>\n\u003Cli>Room extras.\u003C\u002Fli>\n\u003Cli>Offer discount codes (coupons).\u003C\u002Fli>\n\u003Cli>List your rooms by using shortcodes.\u003C\u002Fli>\n\u003Cli>Email notifications.\u003C\u002Fli>\n\u003Cli>REST API (new!).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How it works?\u003C\u002Fh4>\n\u003Cp>WP Hotelier allows you to create two types of rooms: standard or with rates. A room with rates (variable room) lets you define variations of a room where each variation may have a different price, required deposit or conditions.\u003C\u002Fp>\n\u003Cp>A room represents a type of room or accommodation available at your hotel. For example, if your hotel offers three “double rooms” with the same price, amenities, etc., just create only one room and set the stock quantity to 3.\u003C\u002Fp>\n\u003Cp>Reservations are created when a guest completes the booking process or when the Administrator (or the Hotel Manager) adds a reservation manually. When a guest makes a reservation, the availability (stock) of the room is reduced automatically.\u003C\u002Fp>\n\u003Cp>Three different pricing options are supported out of the box: global price, different price for each day of the week and seasonal prices. And a convenient booking calendar for hotel administrators it’s included in the core.\u003C\u002Fp>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdocs.wphotelier.com\u002Fcollection\u002F1-getting-started\" rel=\"nofollow ugc\">Getting Started\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdocs.wphotelier.com\u002Fcollection\u002F10-faqs\" rel=\"nofollow ugc\">FAQs\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdocs.wphotelier.com\u002Fcollection\u002F37-extensions-themes\" rel=\"nofollow ugc\">Extensions & Themes\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdocs.wphotelier.com\u002Fcollection\u002F13-advanced\" rel=\"nofollow ugc\">Advanced\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Extensions\u003C\u002Fh4>\n\u003Cp>Something missing? No problem, you can extend WP Hotelier with a vast number of features and integrations (more to come). Visit our \u003Ca href=\"https:\u002F\u002Fwphotelier.com\u002Fextensions\u002F\" rel=\"nofollow ugc\">extensions page\u003C\u002Fa> to supercharge your hotel website.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphotelier.com\u002Fextensions\u002Fadvanced-pricing-system\u002F\" rel=\"nofollow ugc\">Advanced Pricing System\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphotelier.com\u002Fextensions\u002Fstripe-payment-gateway\u002F\" rel=\"nofollow ugc\">Stripe Payment Gateway\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphotelier.com\u002Fextensions\u002Fdisable-dates\u002F\" rel=\"nofollow ugc\">Disable Dates\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphotelier.com\u002Fextensions\u002Fadvanced-extras\u002F\" rel=\"nofollow ugc\">Advanced Extras\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphotelier.com\u002Fextensions\u002Fadvanced-coupons\u002F\" rel=\"nofollow ugc\">Advanced Coupons\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphotelier.com\u002Fextensions\u002Ficalendar-importer-exporter\u002F\" rel=\"nofollow ugc\">iCalendar Importer\u002FExporter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphotelier.com\u002Fextensions\u002Fweek-bookings\u002F\" rel=\"nofollow ugc\">Week Bookings\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphotelier.com\u002Fextensions\u002Fenhanced-calendar\u002F\" rel=\"nofollow ugc\">Enhanced Calendar\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphotelier.com\u002Fextensions\u002Fflat-deposit\u002F\" rel=\"nofollow ugc\">Flat Deposit\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphotelier.com\u002Fextensions\u002Fminimummaximum-nights\u002F\" rel=\"nofollow ugc\">Minimum\u002FMaximum Nights\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphotelier.com\u002Fextensions\u002Fbank-transfer-payment-gateway\u002F\" rel=\"nofollow ugc\">Bank Transfer Payment Gateway\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphotelier.com\u002Fextensions\u002Fmailchimp\u002F\" rel=\"nofollow ugc\">MailChimp\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Supported themes\u003C\u002Fh4>\n\u003Cp>List of officially supported themes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fhello-elementor\u002F\" rel=\"ugc\">Hello Elementor\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fundsgn.com\u002Funcode\u002F\" rel=\"nofollow ugc\">Uncode\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fmanila.wphotelier.com\u002F\" rel=\"nofollow ugc\">Manila\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Ftwentytwentyone\u002F\" rel=\"ugc\">Twenty Twenty-One\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This program incorporates work covered by WooCommerce (https:\u002F\u002Fwoocommerce.com\u002F). Thank you very much to all the WooThemes team for the permission.\u003C\u002Fp>\n\u003Cp>And it includes some awesome JS libraries and plugins like:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>PhotoSwipe by Dmitry Semenov (http:\u002F\u002Fphotoswipe.com\u002F)\u003C\u002Fli>\n\u003Cli>Fecha by Taylor Hakes (https:\u002F\u002Fgithub.com\u002Ftaylorhakes\u002Ffecha)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Thank you guys 🙂\u003C\u002Fp>\n","WP Hotelier is a powerful WordPress hotel booking plugin allows you to manage hotel, hostel, b&b reservations with ease.",2000,104428,94,"2026-02-27T14:11:00.000Z","4.0",[21,195,4,22,23],"booking-system","https:\u002F\u002Fwphotelier.com\u002F?utm_source=wpadmin&utm_medium=plugin&utm_campaign=wphotelierplugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-hotelier.2.18.3.zip",100,{"slug":200,"name":201,"version":202,"author":203,"author_profile":204,"description":205,"short_description":206,"active_installs":28,"downloaded":207,"rating":28,"num_ratings":28,"last_updated":208,"tested_up_to":209,"requires_at_least":210,"requires_php":211,"tags":212,"homepage":214,"download_link":215,"security_score":198,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"syncbooking","SyncBooking","1.27.0","Sync Booking","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomaticbnb\u002F","\u003Cp>SyncBooking simplifies hotel and BNB reservations with a real-time availability calendar and WooCommerce integration.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to external services to validate API keys, retrieve booking data, render UI assets and provide media functionality.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>SyncBooking API\u003C\u002Fstrong>\u003Cbr \u002F>\nUsed to send email reminders or retrieve booking details.  \u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cul>\n\u003Cli>\u003Cstrong>What\u003C\u002Fstrong>: API service to send messages or retrieve bookings  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent\u003C\u002Fstrong>: User email address and booking code  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>When\u003C\u002Fstrong>: When a user clicks the “Send Email” or “Retrieve Booking” button  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Where\u003C\u002Fstrong>: \u003Ccode>https:\u002F\u002Fbooking.syncbooking.com\u002Fapi-send-email\u002F\u003C\u002Fcode>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Provider\u003C\u002Fstrong>: SyncBooking.com  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fsyncbooking.com\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fsyncbooking.com\u002Fterms\u003C\u002Fa>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fsyncbooking.com\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fsyncbooking.com\u002Fprivacy\u003C\u002Fa>  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Col>\n\u003Cli>\u003Cstrong>Webflow Fonts\u003C\u002Fstrong>\u003Cbr \u002F>\nLoads UI font resources (base64-embedded) exported from Webflow.  \u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cul>\n\u003Cli>\u003Cstrong>What\u003C\u002Fstrong>: Font files only (no user data)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent\u003C\u002Fstrong>: None – fonts are embedded locally  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>When\u003C\u002Fstrong>: On pages using Webflow-styled components  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Provider\u003C\u002Fstrong>: Webflow Inc.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fwebflow.com\u002Flegal\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fwebflow.com\u002Flegal\u002Fterms\u003C\u002Fa>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fwebflow.com\u002Flegal\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fwebflow.com\u002Flegal\u002Fprivacy\u003C\u002Fa>  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Col>\n\u003Cli>\u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong>\u003Cbr \u002F>\nProvides CAPTCHA protection for forms built with Webflow components.  \u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cul>\n\u003Cli>\u003Cstrong>What\u003C\u002Fstrong>: CAPTCHA JavaScript (\u003Ccode>https:\u002F\u002Fchallenges.cloudflare.com\u002Fturnstile\u002Fv0\u002Fapi.js\u003C\u002Fcode>)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent\u003C\u002Fstrong>: IP address and browser metadata for anti-bot analysis  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>When\u003C\u002Fstrong>: When a form protected by Turnstile is displayed or submitted  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Provider\u003C\u002Fstrong>: Cloudflare Inc.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\u002Fterms\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.cloudflare.com\u002Fterms\u002F\u003C\u002Fa>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\u002Fprivacypolicy\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.cloudflare.com\u002Fprivacypolicy\u002F\u003C\u002Fa>  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Col>\n\u003Cli>\u003Cstrong>Google IMA SDK\u003C\u002Fstrong>\u003Cbr \u002F>\nEnables ad-supported video playback inside the bundled Plyr player.  \u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cul>\n\u003Cli>\u003Cstrong>What\u003C\u002Fstrong>: Loads ad SDK script (\u003Ccode>https:\u002F\u002Fimasdk.googleapis.com\u002Fjs\u002Fsdkloader\u002Fima3.js\u003C\u002Fcode>)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent\u003C\u002Fstrong>: IP address and basic interaction data when videos are played  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>When\u003C\u002Fstrong>: Only when a video using IMA ads is loaded or played  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Provider\u003C\u002Fstrong>: Google LLC  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fpolicies.google.com\u002Fterms\u003C\u002Fa>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fa>  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These services are essential for core plugin features.\u003Cbr \u002F>\nNo personal data is transmitted unless triggered by explicit user actions (e.g., submitting a form or playing a video).\u003C\u002Fp>\n\u003Ch3>Source Code\u003C\u002Fh3>\n\u003Cp>This plugin bundles both custom and third-party JavaScript files.\u003Cbr \u002F>\nFor compliance with WordPress.org guidelines, the original (non-minified) source is included or referenced.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Third-party library\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>php\u002Ftheme-sync\u002Fjs\u002Fwebfont.js\u003C\u002Fcode> \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Web Font Loader v1.6.26\n\u003Cul>\n\u003Cli>License: Apache 2.0 (see file header)  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Webflow-generated assets\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>php\u002Ftheme-sync\u002Fjs\u002Fwebflow.js\u003C\u002Fcode> & \u003Ccode>php\u002Ftheme-sync\u002Fjs\u002Fwebflow-touch.js\u003C\u002Fcode>\n\u003Cul>\n\u003Cli>Exported from Webflow.com  \u003C\u002Fli>\n\u003Cli>Original versions: \u003Ccode>webflow-uncompressed.js\u003C\u002Fcode>, \u003Ccode>webflow-touch-uncompressed.js\u003C\u002Fcode>  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>php\u002Fbar-sync\u002Fjs\u002Fwebflow.js\u003C\u002Fcode>\n\u003Cul>\n\u003Cli>Same origin; source: \u003Ccode>webflow-uncompressed.js\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Custom scripts\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>php\u002Fbar-sync\u002Fjs\u002Fform.js\u003C\u002Fcode> – custom, not minified.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No build tools (npm, webpack, etc.) are required to use or extend this plugin.\u003Cbr \u002F>\nDevelopers may edit the provided readable source files directly.\u003C\u002Fp>\n","SyncBooking simplifies hotel and BNB reservations with a real-time availability calendar and WooCommerce integration.",1169,"2025-09-04T19:27:00.000Z","6.8.5","5.0","7.2",[20,21,22,23,213],"vacation","http:\u002F\u002Fsyncbooking.com\u002Fplugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsyncbooking.1.27.0.zip",{"slug":217,"name":218,"version":219,"author":220,"author_profile":221,"description":222,"short_description":223,"active_installs":224,"downloaded":225,"rating":226,"num_ratings":227,"last_updated":228,"tested_up_to":16,"requires_at_least":229,"requires_php":230,"tags":231,"homepage":235,"download_link":236,"security_score":237,"vuln_count":238,"unpatched_count":28,"last_vuln_date":239,"fetched_at":30},"vikbooking","VikBooking Hotel Booking Engine & PMS","1.8.7","e4jvikwp","https:\u002F\u002Fprofiles.wordpress.org\u002Fe4jvikwp\u002F","\u003Ch4>Vik Booking for WordPress\u003C\u002Fh4>\n\u003Cp>The famous Booking Engine and PMS online software for accommodations is now available also for WordPress as a native Plugin!\u003C\u002Fp>\n\u003Cp>If you are looking for a reliable reservation system for a Hotel, B&B, Villa, Apartments, Hostel or any similar accommodation, then you have found the right plugin. In fact, Vik Booking is a \u003Cstrong>PCI-DSS\u003C\u002Fstrong> and \u003Cstrong>OpenTravel\u003C\u002Fstrong> compliant hotel & vacation rental Booking Engine used by thousands of properties every day.\u003C\u002Fp>\n\u003Cp>This is the \u003Cstrong>free\u003C\u002Fstrong> version of the plugin, but you can upgrade to the \u003Cstrong>Pro\u003C\u002Fstrong> version at any time from your \u003Cem>wp-admin\u003C\u002Fem> section. Experience the power of a true and internal Booking Engine that competes with the best ones of the world!\u003C\u002Fp>\n\u003Cp>The \u003Cstrong>Pro\u003C\u002Fstrong> version is compatible with \u003Cem>Vik Channel Manager\u003C\u002Fem>, the first and only native Channel Manager for WordPress, listed as a Premier Partner of \u003Cstrong>Booking.com\u003C\u002Fstrong> since 2018 among the top 20 systems worldwide. \u003Cstrong>Full API\u003C\u002Fstrong> connections available with the most famous OTAs such as \u003Cstrong>Airbnb\u003C\u002Fstrong>, \u003Cstrong>Expedia\u003C\u002Fstrong> and \u003Cstrong>Google Hotel\u003C\u002Fstrong> for their new Free Booking Links! Beware of “fake” Channel Manager plugins that only offer unreliable iCal synchronizations with no private access to the OTA’s APIs.\u003C\u002Fp>\n\u003Cp>Vik Booking was born in 2010 for a different web-software (CMS) than WordPress, and that’s how it became famous. The same powerful framework is now (since 2018) at the service of all webmasters, designers and web-agencies that work with WordPress. It’s definitely the hotel reservation plugin that you, or your client, were looking for.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Fvikwp.com\u002F\" rel=\"nofollow ugc\">VikWP.com\u003C\u002Fa> for more details. Interested in our full solution comprehensive of the Channel Manager? Visit also \u003Ca href=\"https:\u002F\u002Fe4jconnect.com\u002F\" rel=\"nofollow ugc\">E4jConnect\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Some of the unique features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Custom Rate Plans (Refundable, Flexible, Non Refundable rates)\u003C\u002Fli>\n\u003Cli>Rooms, Room Types and Sub-Units management functions\u003C\u002Fli>\n\u003Cli>Availability Calendars and Occupancy Overview\u003C\u002Fli>\n\u003Cli>Bookings Management made right\u003C\u002Fli>\n\u003Cli>Feature-rich Back-end section\u003C\u002Fli>\n\u003Cli>Front-end customizable booking process\u003C\u002Fli>\n\u003Cli>8 different Views for the front-end (8 Types of Shortcode for your pages)\u003C\u002Fli>\n\u003Cli>Compliant with any Pricing Model: Occupancy, Nightly, LOS, OBP etc..\u003C\u002Fli>\n\u003Cli>Housekeeping features with Tableaux, festivities and room-day notes\u003C\u002Fli>\n\u003Cli>Permissions\u002FACL Management functions for the various WP Users Roles\u003C\u002Fli>\n\u003Cli>Multi-language support with built-in translation functions\u003C\u002Fli>\n\u003Cli>Channel Manager compatible. We are a certified Channel Manager provider (e4jConnect).\u003C\u002Fli>\n\u003Cli>Google Hotel Ads certified for Free Booking Links.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Some of Pro version features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Seasonal Rates and Rates Calendar with 1-click modification\u003C\u002Fli>\n\u003Cli>Booking Restrictions: Min, Max LOS, CTA\u002FCTD, Forced Arrival\u002FDeparture days\u003C\u002Fli>\n\u003Cli>Custom Payment Gateways (over 60 available on VikWP.com)\u003C\u002Fli>\n\u003Cli>SMS Gateways for automated notifications\u003C\u002Fli>\n\u003Cli>Custom Cron Jobs Scheduling for automated tasks (reminders, invoices)\u003C\u002Fli>\n\u003Cli>Customers Management functions, sales channels and commissions\u003C\u002Fli>\n\u003Cli>Graphs and Statistics\u003C\u002Fli>\n\u003Cli>Custom Options, Extra Services, Extra Fees\u003C\u002Fli>\n\u003Cli>Add, Remove or Switch rooms from existing bookings\u003C\u002Fli>\n\u003Cli>PMS Reports with extendable framework (built-in services for various countries)\u003C\u002Fli>\n\u003Cli>Electronic invoices extendable framework compliant with Italy (Agenzia delle Entrate) and Greece (myDATA ΑΑΔΕ).\u003C\u002Fli>\n\u003Cli>Registration functions: check-in, check-out, no-show\u003C\u002Fli>\n\u003Cli>Our award winning solution of Booking Engine + PMS and Channel Manager is all you need on your WordPress website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Interested in, curious about the Pro version?\u003C\u002Fh4>\n\u003Cp>You should take a look with your own eyes at the demo website to see what you can do with Vik Booking. Do not stop at the front-end though, make sure to visit the wp-admin section too.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fvikwp.com\u002Fdemo\u002Fvikbooking\" rel=\"nofollow ugc\">Front-end Demo Website\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fvikwp.com\u002Fdemo\u002Fvikbooking\u002Fwp-admin\" rel=\"nofollow ugc\">Admin Demo Website\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n","Famous Booking Engine, PMS and Hotel Reservations plugin for property managers. The best solution for accommodations to drive more direct bookings.",9000,235000,96,60,"2026-02-11T00:13:00.000Z","4.7","7.4.0",[232,233,22,234,23],"booking-engine","channel-manager","hotel-booking","https:\u002F\u002Fvikwp.com\u002Fplugin\u002Fvikbooking","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvikbooking.1.8.7.zip",82,17,"2025-11-07 00:00:00",{"slug":241,"name":242,"version":243,"author":244,"author_profile":245,"description":246,"short_description":247,"active_installs":248,"downloaded":249,"rating":227,"num_ratings":250,"last_updated":251,"tested_up_to":252,"requires_at_least":253,"requires_php":254,"tags":255,"homepage":257,"download_link":258,"security_score":259,"vuln_count":260,"unpatched_count":260,"last_vuln_date":261,"fetched_at":30},"awebooking","AweBooking – Hotel Booking System","3.2.26","awethemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fawethemes\u002F","\u003Cblockquote>\n\u003Cp>Extend AweBooking’s features with \u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fawebooking\" rel=\"nofollow ugc\">premium add-ons\u003C\u002Fa> and high quality \u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fthemes\" rel=\"nofollow ugc\">themes\u003C\u002Fa> by joining \u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fjoin\" rel=\"nofollow ugc\">our Membership program\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Awebooking is a well-coded plugin with an excellent user interface, perfect for any hotel, hostel, motel, BnB or any kind of accommodation website. Awebooking brings you easiest way to setup any reservations quickly, pleasantly and easily, rent accommodations with detail services, receive online reservations.\u003C\u002Fp>\n\u003Cp>Your customers will be impressed by how easy-to-use, fast and clear to check availability and send a booking request. However, it is not harder to use than any other hotel booking WordPress plugins. Moreover, we believe that it’s even much easier! And there’s a good reason for that: amount of time and effort that we invested in Awebooking to bring you the best hotel booking WordPress plugin ever.\u003C\u002Fp>\n\u003Cp>You can see \u003Ca href=\"http:\u002F\u002Fdemo.awethemes.com\u002Fawebooking\u002F\" rel=\"nofollow ugc\">plugin demo here\u003C\u002Fa>. We also provide WordPress admin demo if you want to take a look.\u003C\u002Fp>\n\u003Ch3>Plugin features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Room type and rooms\u003C\u002Fli>\n\u003Cli>Multi locations\u003C\u002Fli>\n\u003Cli>Extra services\u003C\u002Fli>\n\u003Cli>Amentities\u003C\u002Fli>\n\u003Cli>Pricing management\u003C\u002Fli>\n\u003Cli>Room availablity management\u003C\u002Fli>\n\u003Cli>Block dates\u003C\u002Fli>\n\u003Cli>Multiple Rooms Booking\u003C\u002Fli>\n\u003Cli>Booking Management\u003C\u002Fli>\n\u003Cli>Booking Note\u003C\u002Fli>\n\u003Cli>Check available widget\u003C\u002Fli>\n\u003Cli>Email notification\u003C\u002Fli>\n\u003Cli>Minimum\u002FMaximum Nights\u003C\u002Fli>\n\u003Cli>Tax\u003C\u002Fli>\n\u003Cli>Shortcodes\u003C\u002Fli>\n\u003Cli>Multilingual Ready\u003C\u002Fli>\n\u003Cli>Fit With Your Theme\u003C\u002Fli>\n\u003Cli>Developer Friendly\u003C\u002Fli>\n\u003Cli>More features are on the way!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Premium features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fawebooking\u002Faddon\u002Fonline-payment\" rel=\"nofollow ugc\">Online payment\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fawebooking\u002Faddon\u002Fbooking-form-builder\" rel=\"nofollow ugc\">Booking form builder\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fawebooking\u002Faddon\u002Fprice-breakdown\" rel=\"nofollow ugc\">Price breakdown\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fawebooking\u002Faddon\u002Fenhanced-calendar\" rel=\"nofollow ugc\">Enhanced calendar\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fawebooking\u002Faddon\u002Fimage-gallery\" rel=\"nofollow ugc\">Image gallery\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fawebooking\u002Faddon\u002Ficalendar\" rel=\"nofollow ugc\">iCalendar\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fawebooking\u002Faddon\u002Fsimple-reservation\" rel=\"nofollow ugc\">Simple reservation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fawebooking\u002Faddon\u002Frecaptcha\" rel=\"nofollow ugc\">reCAPTCHA\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fawebooking\u002Faddon\u002Ffast-book\" rel=\"nofollow ugc\">Fast book\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fawebooking\u002Faddon\u002Fuser-profile\" rel=\"nofollow ugc\">User profile\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fawebooking\u002Faddon\u002Fmailchimp\" rel=\"nofollow ugc\">MailChimp\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fawebooking\u002Faddon\u002Ffees\" rel=\"nofollow ugc\">Fees\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fawebooking\u002Faddon\u002Frules\" rel=\"nofollow ugc\">Rules\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fawebooking-elementor-integration\u002F\" rel=\"ugc\">Elementor integration\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can check \u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fplugins\u002Fawebooking\" rel=\"nofollow ugc\">plugin description page here\u003C\u002Fa> for detail features.\u003C\u002Fp>\n\u003Ch3>Premium themes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fthemes\u002Fthe-chains\" rel=\"nofollow ugc\">The Chains\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fthemes\u002Fawemotel\" rel=\"nofollow ugc\">Awemotel\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fawethemes.com\u002Fthemes\u002Frosewood\" rel=\"nofollow ugc\">Rosewood\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Video\u003C\u002Fh3>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"560\" height=\"315\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FUqRMIl9ISLw?version=3&rel=0&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","Awebooking helps you to setup hotel booking system quickly, pleasantly and easily.",1000,124689,22,"2019-10-07T08:24:00.000Z","5.2.24","4.6","5.6",[21,22,234,256,23],"reservation","https:\u002F\u002Fawethemes.com\u002Fplugins\u002Fawebooking","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fawebooking.3.2.26.zip",63,1,"2025-12-30 00:00:00",{"slug":263,"name":264,"version":265,"author":266,"author_profile":267,"description":268,"short_description":269,"active_installs":270,"downloaded":271,"rating":272,"num_ratings":273,"last_updated":274,"tested_up_to":275,"requires_at_least":276,"requires_php":277,"tags":278,"homepage":281,"download_link":282,"security_score":283,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"easyreservations","easyReservations","6.0-alpha.23","feryaz","https:\u002F\u002Fprofiles.wordpress.org\u002Fferyaz\u002F","\u003Cp>easyReservations is the perfect plugin for receiving, managing and handling bookings easily. It’s designed to be used for any reservable business like hotels, cars, events, B&Bs, appointments or conferences.\u003Cbr \u002F>\nIt’s very flexible and intuitive and has a huge amount of functions and possibilities. Of course it’s completely translatable.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Feasyreservations.org\u002F\" title=\"Website!\" rel=\"nofollow ugc\">Website\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Resource Catalog\u003C\u002Fli>\n\u003Cli>Availability calendar\u003C\u002Fli>\n\u003Cli>Unlimited customizable reservation forms\u003C\u002Fli>\n\u003Cli>Property management\u003C\u002Fli>\n\u003Cli>Half-hourly, hourly, daily, nightly and weekly billing\u003C\u002Fli>\n\u003Cli>Flexible price filters, rates, discounts and availability\u003C\u002Fli>\n\u003Cli>Live price calculation and error handling\u003C\u002Fli>\n\u003Cli>And a lot more!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Feasyreservations.org\u002Fknowledgebase\u002F\" title=\"Documentation\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Feasyreservations.org\u002Fforums\u002Fforum\u002Fbug-reports\u002F\" title=\"Report bugs\" rel=\"nofollow ugc\">Report bugs\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Feasyreservations.org\u002Fpremium\u002F\" title=\"Support the development!\" rel=\"nofollow ugc\">Premium\u003C\u002Fa>\u003C\u002Fp>\n","This powerful property and reservation management plugin allows you to receive, schedule and handle your bookings easily!",900,221525,74,62,"2021-11-28T10:46:00.000Z","5.7.15","5.4","7.0",[21,279,22,280,23],"calendar","reservation-form","http:\u002F\u002Fwww.easyreservations.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasyreservations.zip",85,{"attackSurface":285,"codeSignals":341,"taintFlows":372,"riskAssessment":947,"analyzedAt":957},{"hooks":286,"ajaxHandlers":317,"restRoutes":325,"shortcodes":326,"cronEvents":338,"entryPointCount":339,"unprotectedCount":340},[287,291,295,299,301,305,310,313],{"type":288,"name":289,"callback":289,"file":290,"line":11},"action","init","hostel.php",{"type":288,"name":292,"callback":293,"file":290,"line":294},"admin_menu","menu",33,{"type":288,"name":296,"callback":297,"file":290,"line":298},"admin_enqueue_scripts","scripts",34,{"type":288,"name":300,"callback":297,"file":290,"line":61},"wp_enqueue_scripts",{"type":288,"name":302,"callback":303,"file":290,"line":304},"widgets_init","register_widgets",40,{"type":306,"name":307,"callback":307,"file":308,"line":309},"filter","query_vars","models\\hostel.php",190,{"type":288,"name":311,"callback":311,"file":308,"line":312},"parse_request",191,{"type":288,"name":314,"callback":315,"file":308,"line":316},"template_redirect","ical",228,[318,322],{"action":319,"nopriv":320,"callback":319,"hasNonce":320,"hasCapCheck":320,"file":290,"line":321},"wphostel_ajax",false,43,{"action":319,"nopriv":323,"callback":319,"hasNonce":320,"hasCapCheck":320,"file":290,"line":324},true,44,[],[327,330,334],{"tag":328,"callback":21,"file":308,"line":329},"wphostel-booking",185,{"tag":331,"callback":332,"file":308,"line":333},"wphostel-list","list_rooms",186,{"tag":335,"callback":336,"file":308,"line":337},"wphostel-book","book",187,[],5,2,{"dangerousFunctions":342,"sqlUsage":343,"outputEscaping":353,"fileOperations":28,"externalRequests":369,"nonceChecks":370,"capabilityChecks":369,"bundledLibraries":371},[],{"prepared":344,"raw":340,"locations":345},102,[346,350],{"file":347,"line":348,"context":349},"controllers\\bookings.php",161,"$wpdb->get_results() with variable interpolation",{"file":351,"line":352,"context":349},"helpers\\htmlhelper.php",177,{"escaped":354,"rawEcho":98,"locations":355},461,[356,359,361,363,365,367],{"file":347,"line":357,"context":358},356,"raw output",{"file":351,"line":360,"context":358},322,{"file":351,"line":362,"context":358},351,{"file":364,"line":14,"context":358},"views\\booking.html.php",{"file":364,"line":366,"context":358},13,{"file":368,"line":294,"context":358},"views\\options.php",3,14,[],[373,391,399,438,455,466,533,568,578,589,647,681,768,796,808,819,855,871,882,910,929,939],{"entryPoint":374,"graph":375,"unsanitizedCount":28,"severity":390},"wphostel_ajax (controllers\\ajax.php:3)",{"nodes":376,"edges":388},[377,383],{"id":378,"type":379,"label":380,"file":381,"line":382},"n0","source","$_POST['room_id']","controllers\\ajax.php",28,{"id":384,"type":385,"label":386,"file":381,"line":382,"wp_function":387},"n1","sink","echo() [XSS]","echo",[389],{"from":378,"to":384,"sanitized":323},"low",{"entryPoint":392,"graph":393,"unsanitizedCount":28,"severity":390},"\u003Cajax> (controllers\\ajax.php:0)",{"nodes":394,"edges":397},[395,396],{"id":378,"type":379,"label":380,"file":381,"line":382},{"id":384,"type":385,"label":386,"file":381,"line":382,"wp_function":387},[398],{"from":378,"to":384,"sanitized":323},{"entryPoint":400,"graph":401,"unsanitizedCount":28,"severity":390},"unavailable (controllers\\bookings.php:182)",{"nodes":402,"edges":433},[403,406,410,413,418,421,426,429],{"id":378,"type":379,"label":404,"file":347,"line":405},"$_POST (x3)",188,{"id":384,"type":385,"label":407,"file":347,"line":408,"wp_function":409},"get_var() [SQLi]",203,"get_var",{"id":411,"type":379,"label":412,"file":347,"line":405},"n2","$_POST (x5)",{"id":414,"type":385,"label":415,"file":347,"line":416,"wp_function":417},"n3","query() [SQLi]",208,"query",{"id":419,"type":379,"label":420,"file":347,"line":405},"n4","$_POST",{"id":422,"type":385,"label":423,"file":347,"line":424,"wp_function":425},"n5","get_row() [SQLi]",222,"get_row",{"id":427,"type":379,"label":428,"file":347,"line":405},"n6","$_POST (x2)",{"id":430,"type":385,"label":431,"file":347,"line":157,"wp_function":432},"n7","get_results() [SQLi]","get_results",[434,435,436,437],{"from":378,"to":384,"sanitized":323},{"from":411,"to":414,"sanitized":323},{"from":419,"to":422,"sanitized":323},{"from":427,"to":430,"sanitized":323},{"entryPoint":439,"graph":440,"unsanitizedCount":28,"severity":390},"email_log (controllers\\help.php:8)",{"nodes":441,"edges":452},[442,445,448,450],{"id":378,"type":379,"label":443,"file":444,"line":27},"$_POST['cleanup_days']","controllers\\help.php",{"id":384,"type":385,"label":446,"file":444,"line":27,"wp_function":447},"update_option() [Settings Manipulation]","update_option",{"id":411,"type":379,"label":420,"file":444,"line":449},10,{"id":414,"type":385,"label":431,"file":444,"line":451,"wp_function":432},16,[453,454],{"from":378,"to":384,"sanitized":323},{"from":411,"to":414,"sanitized":323},{"entryPoint":456,"graph":457,"unsanitizedCount":28,"severity":390},"\u003Chelp> (controllers\\help.php:0)",{"nodes":458,"edges":463},[459,460,461,462],{"id":378,"type":379,"label":443,"file":444,"line":27},{"id":384,"type":385,"label":446,"file":444,"line":27,"wp_function":447},{"id":411,"type":379,"label":420,"file":444,"line":449},{"id":414,"type":385,"label":431,"file":444,"line":451,"wp_function":432},[464,465],{"from":378,"to":384,"sanitized":323},{"from":411,"to":414,"sanitized":323},{"entryPoint":467,"graph":468,"unsanitizedCount":28,"severity":390},"options (models\\hostel.php:262)",{"nodes":469,"edges":522},[470,473,474,477,478,481,482,485,486,490,492,496,498,502,504,508,510,514,516,520],{"id":378,"type":379,"label":471,"file":308,"line":472},"$_POST['currency']",268,{"id":384,"type":385,"label":446,"file":308,"line":472,"wp_function":447},{"id":411,"type":379,"label":475,"file":308,"line":476},"$_POST['booking_mode']",269,{"id":414,"type":385,"label":446,"file":308,"line":476,"wp_function":447},{"id":419,"type":379,"label":479,"file":308,"line":480},"$_POST['paypal']",276,{"id":422,"type":385,"label":446,"file":308,"line":480,"wp_function":447},{"id":427,"type":379,"label":483,"file":308,"line":484},"$_POST['cleanup_hours']",277,{"id":430,"type":385,"label":446,"file":308,"line":484,"wp_function":447},{"id":487,"type":379,"label":488,"file":308,"line":489},"n8","$_POST['min_stay']",279,{"id":491,"type":385,"label":446,"file":308,"line":489,"wp_function":447},"n9",{"id":493,"type":379,"label":494,"file":308,"line":495},"n10","$_POST['pdt_token']",282,{"id":497,"type":385,"label":446,"file":308,"line":495,"wp_function":447},"n11",{"id":499,"type":379,"label":500,"file":308,"line":501},"n12","$_POST['max_date_num']",283,{"id":503,"type":385,"label":446,"file":308,"line":501,"wp_function":447},"n13",{"id":505,"type":379,"label":506,"file":308,"line":507},"n14","$_POST['booking_start']",284,{"id":509,"type":385,"label":446,"file":308,"line":507,"wp_function":447},"n15",{"id":511,"type":379,"label":512,"file":308,"line":513},"n16","$_POST['locale_url']",290,{"id":515,"type":385,"label":446,"file":308,"line":513,"wp_function":447},"n17",{"id":517,"type":379,"label":518,"file":308,"line":519},"n18","$_POST['datepicker_css']",291,{"id":521,"type":385,"label":446,"file":308,"line":519,"wp_function":447},"n19",[523,524,525,526,527,528,529,530,531,532],{"from":378,"to":384,"sanitized":323},{"from":411,"to":414,"sanitized":323},{"from":419,"to":422,"sanitized":323},{"from":427,"to":430,"sanitized":323},{"from":487,"to":491,"sanitized":323},{"from":493,"to":497,"sanitized":323},{"from":499,"to":503,"sanitized":323},{"from":505,"to":509,"sanitized":323},{"from":511,"to":515,"sanitized":323},{"from":517,"to":521,"sanitized":323},{"entryPoint":534,"graph":535,"unsanitizedCount":28,"severity":390},"\u003Chostel> (models\\hostel.php:0)",{"nodes":536,"edges":557},[537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556],{"id":378,"type":379,"label":471,"file":308,"line":472},{"id":384,"type":385,"label":446,"file":308,"line":472,"wp_function":447},{"id":411,"type":379,"label":475,"file":308,"line":476},{"id":414,"type":385,"label":446,"file":308,"line":476,"wp_function":447},{"id":419,"type":379,"label":479,"file":308,"line":480},{"id":422,"type":385,"label":446,"file":308,"line":480,"wp_function":447},{"id":427,"type":379,"label":483,"file":308,"line":484},{"id":430,"type":385,"label":446,"file":308,"line":484,"wp_function":447},{"id":487,"type":379,"label":488,"file":308,"line":489},{"id":491,"type":385,"label":446,"file":308,"line":489,"wp_function":447},{"id":493,"type":379,"label":494,"file":308,"line":495},{"id":497,"type":385,"label":446,"file":308,"line":495,"wp_function":447},{"id":499,"type":379,"label":500,"file":308,"line":501},{"id":503,"type":385,"label":446,"file":308,"line":501,"wp_function":447},{"id":505,"type":379,"label":506,"file":308,"line":507},{"id":509,"type":385,"label":446,"file":308,"line":507,"wp_function":447},{"id":511,"type":379,"label":512,"file":308,"line":513},{"id":515,"type":385,"label":446,"file":308,"line":513,"wp_function":447},{"id":517,"type":379,"label":518,"file":308,"line":519},{"id":521,"type":385,"label":446,"file":308,"line":519,"wp_function":447},[558,559,560,561,562,563,564,565,566,567],{"from":378,"to":384,"sanitized":323},{"from":411,"to":414,"sanitized":323},{"from":419,"to":422,"sanitized":323},{"from":427,"to":430,"sanitized":323},{"from":487,"to":491,"sanitized":323},{"from":493,"to":497,"sanitized":323},{"from":499,"to":503,"sanitized":323},{"from":505,"to":509,"sanitized":323},{"from":511,"to":515,"sanitized":323},{"from":517,"to":521,"sanitized":323},{"entryPoint":569,"graph":570,"unsanitizedCount":28,"severity":390},"\u003Cbooking.html> (views\\booking.html.php:0)",{"nodes":571,"edges":576},[572,575],{"id":378,"type":379,"label":573,"file":364,"line":574},"$_GET['type']",38,{"id":384,"type":385,"label":386,"file":364,"line":574,"wp_function":387},[577],{"from":378,"to":384,"sanitized":323},{"entryPoint":579,"graph":580,"unsanitizedCount":28,"severity":390},"\u003Cbookings.html> (views\\bookings.html.php:0)",{"nodes":581,"edges":587},[582,586],{"id":378,"type":379,"label":583,"file":584,"line":585},"$_GET['ob'] (x2)","views\\bookings.html.php",52,{"id":384,"type":385,"label":386,"file":584,"line":585,"wp_function":387},[588],{"from":378,"to":384,"sanitized":323},{"entryPoint":590,"graph":591,"unsanitizedCount":98,"severity":165},"manage (controllers\\bookings.php:3)",{"nodes":592,"edges":632},[593,594,597,599,601,603,605,607,609,611,612,614,616,618,620,622,623,625,626,629,630],{"id":378,"type":379,"label":420,"file":347,"line":366},{"id":384,"type":595,"label":596,"file":347,"line":366},"transform","→ add()",{"id":411,"type":385,"label":415,"file":598,"line":174,"wp_function":417},"models\\room.php",{"id":414,"type":379,"label":600,"file":347,"line":370},"$_GET['type'] (x3)",{"id":419,"type":595,"label":602,"file":347,"line":370},"→ wphostel_redirect()",{"id":422,"type":385,"label":386,"file":351,"line":604,"wp_function":387},99,{"id":427,"type":379,"label":606,"file":347,"line":382},"$_GET['id']",{"id":430,"type":595,"label":608,"file":347,"line":382},"→ delete()",{"id":487,"type":385,"label":415,"file":598,"line":610,"wp_function":417},46,{"id":491,"type":379,"label":420,"file":347,"line":61},{"id":493,"type":595,"label":613,"file":347,"line":61},"→ edit()",{"id":497,"type":385,"label":415,"file":598,"line":615,"wp_function":417},25,{"id":499,"type":379,"label":606,"file":347,"line":617},91,{"id":503,"type":595,"label":619,"file":347,"line":617},"→ mark_paid()",{"id":505,"type":385,"label":415,"file":621,"line":617,"wp_function":417},"models\\booking.php",{"id":509,"type":379,"label":606,"file":347,"line":191},{"id":511,"type":595,"label":624,"file":347,"line":191},"→ email()",{"id":515,"type":385,"label":415,"file":621,"line":312,"wp_function":417},{"id":517,"type":379,"label":627,"file":347,"line":628},"$_GET",97,{"id":521,"type":595,"label":602,"file":347,"line":628},{"id":631,"type":385,"label":386,"file":351,"line":604,"wp_function":387},"n20",[633,634,635,636,637,638,639,640,641,642,643,644,645,646],{"from":378,"to":384,"sanitized":320},{"from":384,"to":411,"sanitized":320},{"from":414,"to":419,"sanitized":320},{"from":419,"to":422,"sanitized":320},{"from":427,"to":430,"sanitized":320},{"from":430,"to":487,"sanitized":323},{"from":491,"to":493,"sanitized":320},{"from":493,"to":497,"sanitized":320},{"from":499,"to":503,"sanitized":320},{"from":503,"to":505,"sanitized":323},{"from":509,"to":511,"sanitized":320},{"from":511,"to":515,"sanitized":323},{"from":517,"to":521,"sanitized":320},{"from":521,"to":631,"sanitized":320},{"entryPoint":648,"graph":649,"unsanitizedCount":340,"severity":165},"book (controllers\\bookings.php:285)",{"nodes":650,"edges":672},[651,653,655,657,658,660,662,664,666,667,668,670,671],{"id":378,"type":379,"label":380,"file":347,"line":652},305,{"id":384,"type":385,"label":407,"file":347,"line":654,"wp_function":409},303,{"id":411,"type":379,"label":380,"file":347,"line":656},310,{"id":414,"type":385,"label":423,"file":347,"line":656,"wp_function":425},{"id":419,"type":379,"label":420,"file":347,"line":659},339,{"id":422,"type":595,"label":661,"file":347,"line":659},"→ select_in_period()",{"id":427,"type":385,"label":431,"file":621,"line":663,"wp_function":432},204,{"id":430,"type":379,"label":420,"file":347,"line":665},347,{"id":487,"type":595,"label":596,"file":347,"line":665},{"id":491,"type":385,"label":415,"file":598,"line":174,"wp_function":417},{"id":493,"type":379,"label":420,"file":347,"line":669},359,{"id":497,"type":595,"label":624,"file":347,"line":669},{"id":499,"type":385,"label":415,"file":621,"line":312,"wp_function":417},[673,674,675,676,677,678,679,680],{"from":378,"to":384,"sanitized":323},{"from":411,"to":414,"sanitized":323},{"from":419,"to":422,"sanitized":320},{"from":422,"to":427,"sanitized":320},{"from":430,"to":487,"sanitized":320},{"from":487,"to":491,"sanitized":320},{"from":493,"to":497,"sanitized":320},{"from":497,"to":499,"sanitized":323},{"entryPoint":682,"graph":683,"unsanitizedCount":767,"severity":165},"\u003Cbookings> (controllers\\bookings.php:0)",{"nodes":684,"edges":742},[685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,708,710,712,714,716,718,720,722,724,726,728,730,732,734,736,738,740],{"id":378,"type":379,"label":404,"file":347,"line":405},{"id":384,"type":385,"label":407,"file":347,"line":408,"wp_function":409},{"id":411,"type":379,"label":412,"file":347,"line":405},{"id":414,"type":385,"label":415,"file":347,"line":416,"wp_function":417},{"id":419,"type":379,"label":420,"file":347,"line":405},{"id":422,"type":385,"label":423,"file":347,"line":424,"wp_function":425},{"id":427,"type":379,"label":428,"file":347,"line":405},{"id":430,"type":385,"label":431,"file":347,"line":157,"wp_function":432},{"id":487,"type":379,"label":380,"file":347,"line":652},{"id":491,"type":385,"label":407,"file":347,"line":654,"wp_function":409},{"id":493,"type":379,"label":380,"file":347,"line":656},{"id":497,"type":385,"label":423,"file":347,"line":656,"wp_function":425},{"id":499,"type":379,"label":428,"file":347,"line":366},{"id":503,"type":595,"label":596,"file":347,"line":366},{"id":505,"type":385,"label":415,"file":598,"line":174,"wp_function":417},{"id":509,"type":379,"label":600,"file":347,"line":370},{"id":511,"type":595,"label":602,"file":347,"line":370},{"id":515,"type":385,"label":386,"file":351,"line":604,"wp_function":387},{"id":517,"type":379,"label":606,"file":347,"line":382},{"id":521,"type":595,"label":608,"file":347,"line":382},{"id":631,"type":385,"label":415,"file":598,"line":610,"wp_function":417},{"id":707,"type":379,"label":420,"file":347,"line":61},"n21",{"id":709,"type":595,"label":613,"file":347,"line":61},"n22",{"id":711,"type":385,"label":415,"file":598,"line":615,"wp_function":417},"n23",{"id":713,"type":379,"label":606,"file":347,"line":617},"n24",{"id":715,"type":595,"label":619,"file":347,"line":617},"n25",{"id":717,"type":385,"label":415,"file":621,"line":617,"wp_function":417},"n26",{"id":719,"type":379,"label":606,"file":347,"line":191},"n27",{"id":721,"type":595,"label":624,"file":347,"line":191},"n28",{"id":723,"type":385,"label":415,"file":621,"line":312,"wp_function":417},"n29",{"id":725,"type":379,"label":627,"file":347,"line":628},"n30",{"id":727,"type":595,"label":602,"file":347,"line":628},"n31",{"id":729,"type":385,"label":386,"file":351,"line":604,"wp_function":387},"n32",{"id":731,"type":379,"label":420,"file":347,"line":659},"n33",{"id":733,"type":595,"label":661,"file":347,"line":659},"n34",{"id":735,"type":385,"label":431,"file":621,"line":663,"wp_function":432},"n35",{"id":737,"type":379,"label":420,"file":347,"line":669},"n36",{"id":739,"type":595,"label":624,"file":347,"line":669},"n37",{"id":741,"type":385,"label":415,"file":621,"line":312,"wp_function":417},"n38",[743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766],{"from":378,"to":384,"sanitized":323},{"from":411,"to":414,"sanitized":323},{"from":419,"to":422,"sanitized":323},{"from":427,"to":430,"sanitized":323},{"from":487,"to":491,"sanitized":323},{"from":493,"to":497,"sanitized":323},{"from":499,"to":503,"sanitized":320},{"from":503,"to":505,"sanitized":320},{"from":509,"to":511,"sanitized":320},{"from":511,"to":515,"sanitized":320},{"from":517,"to":521,"sanitized":320},{"from":521,"to":631,"sanitized":323},{"from":707,"to":709,"sanitized":320},{"from":709,"to":711,"sanitized":320},{"from":713,"to":715,"sanitized":320},{"from":715,"to":717,"sanitized":323},{"from":719,"to":721,"sanitized":320},{"from":721,"to":723,"sanitized":323},{"from":725,"to":727,"sanitized":320},{"from":727,"to":729,"sanitized":320},{"from":731,"to":733,"sanitized":320},{"from":733,"to":735,"sanitized":320},{"from":737,"to":739,"sanitized":320},{"from":739,"to":741,"sanitized":323},8,{"entryPoint":769,"graph":770,"unsanitizedCount":340,"severity":165},"manage (controllers\\rooms.php:4)",{"nodes":771,"edges":787},[772,774,775,776,777,778,779,780,782,783,785,786],{"id":378,"type":379,"label":420,"file":773,"line":27},"controllers\\rooms.php",{"id":384,"type":595,"label":596,"file":773,"line":27},{"id":411,"type":385,"label":415,"file":598,"line":174,"wp_function":417},{"id":414,"type":379,"label":420,"file":773,"line":47},{"id":419,"type":595,"label":613,"file":773,"line":47},{"id":422,"type":385,"label":415,"file":598,"line":615,"wp_function":417},{"id":427,"type":379,"label":606,"file":773,"line":382},{"id":430,"type":595,"label":781,"file":773,"line":382},"→ get()",{"id":487,"type":385,"label":423,"file":598,"line":198,"wp_function":425},{"id":491,"type":379,"label":606,"file":773,"line":784},42,{"id":493,"type":595,"label":608,"file":773,"line":784},{"id":497,"type":385,"label":415,"file":598,"line":610,"wp_function":417},[788,789,790,791,792,793,794,795],{"from":378,"to":384,"sanitized":320},{"from":384,"to":411,"sanitized":320},{"from":414,"to":419,"sanitized":320},{"from":419,"to":422,"sanitized":320},{"from":427,"to":430,"sanitized":320},{"from":430,"to":487,"sanitized":323},{"from":491,"to":493,"sanitized":320},{"from":493,"to":497,"sanitized":323},{"entryPoint":797,"graph":798,"unsanitizedCount":340,"severity":165},"default_beds (controllers\\rooms.php:60)",{"nodes":799,"edges":805},[800,801,802,803],{"id":378,"type":379,"label":380,"file":773,"line":178},{"id":384,"type":385,"label":423,"file":773,"line":178,"wp_function":425},{"id":411,"type":379,"label":420,"file":773,"line":178},{"id":414,"type":385,"label":386,"file":773,"line":804,"wp_function":387},73,[806,807],{"from":378,"to":384,"sanitized":320},{"from":411,"to":414,"sanitized":320},{"entryPoint":809,"graph":810,"unsanitizedCount":260,"severity":165},"availability_table (controllers\\rooms.php:79)",{"nodes":811,"edges":816},[812,814,815],{"id":378,"type":379,"label":420,"file":773,"line":813},103,{"id":384,"type":595,"label":661,"file":773,"line":813},{"id":411,"type":385,"label":431,"file":621,"line":663,"wp_function":432},[817,818],{"from":378,"to":384,"sanitized":320},{"from":384,"to":411,"sanitized":320},{"entryPoint":820,"graph":821,"unsanitizedCount":369,"severity":165},"\u003Crooms> (controllers\\rooms.php:0)",{"nodes":822,"edges":842},[823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841],{"id":378,"type":379,"label":380,"file":773,"line":178},{"id":384,"type":385,"label":423,"file":773,"line":178,"wp_function":425},{"id":411,"type":379,"label":420,"file":773,"line":178},{"id":414,"type":385,"label":386,"file":773,"line":804,"wp_function":387},{"id":419,"type":379,"label":420,"file":773,"line":27},{"id":422,"type":595,"label":596,"file":773,"line":27},{"id":427,"type":385,"label":415,"file":598,"line":174,"wp_function":417},{"id":430,"type":379,"label":420,"file":773,"line":47},{"id":487,"type":595,"label":613,"file":773,"line":47},{"id":491,"type":385,"label":415,"file":598,"line":615,"wp_function":417},{"id":493,"type":379,"label":606,"file":773,"line":382},{"id":497,"type":595,"label":781,"file":773,"line":382},{"id":499,"type":385,"label":423,"file":598,"line":198,"wp_function":425},{"id":503,"type":379,"label":606,"file":773,"line":784},{"id":505,"type":595,"label":608,"file":773,"line":784},{"id":509,"type":385,"label":415,"file":598,"line":610,"wp_function":417},{"id":511,"type":379,"label":420,"file":773,"line":813},{"id":515,"type":595,"label":661,"file":773,"line":813},{"id":517,"type":385,"label":431,"file":621,"line":663,"wp_function":432},[843,844,845,846,847,848,849,850,851,852,853,854],{"from":378,"to":384,"sanitized":323},{"from":411,"to":414,"sanitized":323},{"from":419,"to":422,"sanitized":320},{"from":422,"to":427,"sanitized":320},{"from":430,"to":487,"sanitized":320},{"from":487,"to":491,"sanitized":320},{"from":493,"to":497,"sanitized":320},{"from":497,"to":499,"sanitized":323},{"from":503,"to":505,"sanitized":320},{"from":505,"to":509,"sanitized":323},{"from":511,"to":515,"sanitized":320},{"from":515,"to":517,"sanitized":320},{"entryPoint":856,"graph":857,"unsanitizedCount":340,"severity":165},"ical (controllers\\sync.php:5)",{"nodes":858,"edges":868},[859,862,863,865],{"id":378,"type":379,"label":860,"file":861,"line":370},"$_GET['room_id']","controllers\\sync.php",{"id":384,"type":385,"label":431,"file":861,"line":366,"wp_function":432},{"id":411,"type":379,"label":860,"file":861,"line":864},18,{"id":414,"type":385,"label":866,"file":861,"line":864,"wp_function":867},"header() [Header Injection]","header",[869,870],{"from":378,"to":384,"sanitized":320},{"from":411,"to":414,"sanitized":320},{"entryPoint":872,"graph":873,"unsanitizedCount":340,"severity":165},"\u003Csync> (controllers\\sync.php:0)",{"nodes":874,"edges":879},[875,876,877,878],{"id":378,"type":379,"label":860,"file":861,"line":370},{"id":384,"type":385,"label":431,"file":861,"line":366,"wp_function":432},{"id":411,"type":379,"label":860,"file":861,"line":864},{"id":414,"type":385,"label":866,"file":861,"line":864,"wp_function":867},[880,881],{"from":378,"to":384,"sanitized":320},{"from":411,"to":414,"sanitized":320},{"entryPoint":883,"graph":884,"unsanitizedCount":136,"severity":165},"paypal_ipn_verify (models\\payment.php:75)",{"nodes":885,"edges":904},[886,890,892,895,896,899,901,902,903],{"id":378,"type":379,"label":887,"file":888,"line":889},"$_POST['txn_id']","models\\payment.php",114,{"id":384,"type":385,"label":407,"file":888,"line":891,"wp_function":409},113,{"id":411,"type":379,"label":893,"file":888,"line":894},"$_GET['bid']",138,{"id":414,"type":385,"label":423,"file":888,"line":894,"wp_function":425},{"id":419,"type":379,"label":897,"file":888,"line":898},"$_GET['bid'] (x2)",152,{"id":422,"type":385,"label":415,"file":888,"line":900,"wp_function":417},150,{"id":427,"type":379,"label":893,"file":888,"line":348},{"id":430,"type":595,"label":624,"file":888,"line":348},{"id":487,"type":385,"label":415,"file":621,"line":312,"wp_function":417},[905,906,907,908,909],{"from":378,"to":384,"sanitized":320},{"from":411,"to":414,"sanitized":320},{"from":419,"to":422,"sanitized":320},{"from":427,"to":430,"sanitized":320},{"from":430,"to":487,"sanitized":323},{"entryPoint":911,"graph":912,"unsanitizedCount":136,"severity":165},"\u003Cpayment> (models\\payment.php:0)",{"nodes":913,"edges":923},[914,915,916,917,918,919,920,921,922],{"id":378,"type":379,"label":887,"file":888,"line":889},{"id":384,"type":385,"label":407,"file":888,"line":891,"wp_function":409},{"id":411,"type":379,"label":893,"file":888,"line":894},{"id":414,"type":385,"label":423,"file":888,"line":894,"wp_function":425},{"id":419,"type":379,"label":897,"file":888,"line":898},{"id":422,"type":385,"label":415,"file":888,"line":900,"wp_function":417},{"id":427,"type":379,"label":893,"file":888,"line":348},{"id":430,"type":595,"label":624,"file":888,"line":348},{"id":487,"type":385,"label":415,"file":621,"line":312,"wp_function":417},[924,925,926,927,928],{"from":378,"to":384,"sanitized":320},{"from":411,"to":414,"sanitized":320},{"from":419,"to":422,"sanitized":320},{"from":427,"to":430,"sanitized":320},{"from":430,"to":487,"sanitized":323},{"entryPoint":930,"graph":931,"unsanitizedCount":260,"severity":165},"find (models\\room.php:67)",{"nodes":932,"edges":937},[933,935],{"id":378,"type":379,"label":627,"file":598,"line":934},72,{"id":384,"type":385,"label":431,"file":598,"line":936,"wp_function":432},89,[938],{"from":378,"to":384,"sanitized":320},{"entryPoint":940,"graph":941,"unsanitizedCount":260,"severity":165},"\u003Croom> (models\\room.php:0)",{"nodes":942,"edges":945},[943,944],{"id":378,"type":379,"label":627,"file":598,"line":934},{"id":384,"type":385,"label":431,"file":598,"line":936,"wp_function":432},[946],{"from":378,"to":384,"sanitized":320},{"summary":948,"deductions":949},"The \"hostel\" plugin v1.1.8 presents a mixed security posture. On the positive side, the plugin demonstrates good practices with a high percentage of SQL queries using prepared statements (98%) and properly escaped output (99%). It also includes a significant number of nonce and capability checks, indicating an awareness of common WordPress security mechanisms. However, the presence of two unprotected AJAX handlers is a notable concern, creating direct entry points for potential attacks without proper authentication or authorization.\n\nThe taint analysis reveals 13 flows with unsanitized paths, all flagged as high severity. This is a significant red flag, suggesting that user-supplied input is not being adequately validated or neutralized before being used in sensitive operations, even if direct SQL injection or XSS vulnerabilities aren't explicitly detailed in the static analysis signals. The historical vulnerability data, with 11 known CVEs including one high and ten medium severity issues, further reinforces the notion that this plugin has a history of security weaknesses. The common vulnerability types (SQL Injection, XSS, CSRF) align with the potential risks identified in the taint analysis and unprotected AJAX handlers.\n\nWhile the plugin's adherence to prepared statements and output escaping is commendable, the unprotected entry points and the high number of high-severity taint flows, coupled with its past vulnerability history, indicate a substantial risk. The plugin requires careful scrutiny and immediate attention to address the identified unsanitized flows and unprotected AJAX handlers to improve its overall security.",[950,952,954],{"reason":951,"points":449},"Two AJAX handlers without auth checks",{"reason":953,"points":366},"13 high severity taint flows (unsanitized paths)",{"reason":955,"points":956},"11 known CVEs (1 high, 10 medium)",15,"2026-03-16T22:32:54.987Z",{"wat":959,"direct":972},{"assetPaths":960,"generatorPatterns":965,"scriptPaths":966,"versionParams":967},[961,962,963,964],"\u002Fwp-content\u002Fplugins\u002Fhostel\u002Fassets\u002Fcss\u002Fbookings.css","\u002Fwp-content\u002Fplugins\u002Fhostel\u002Fassets\u002Fcss\u002Fhostel.css","\u002Fwp-content\u002Fplugins\u002Fhostel\u002Fassets\u002Fjs\u002Fbookings.js","\u002Fwp-content\u002Fplugins\u002Fhostel\u002Fassets\u002Fjs\u002Fhostel.js",[],[964,963],[968,969,970,971],"hostel\u002Fassets\u002Fcss\u002Fbookings.css?ver=","hostel\u002Fassets\u002Fcss\u002Fhostel.css?ver=","hostel\u002Fassets\u002Fjs\u002Fbookings.js?ver=","hostel\u002Fassets\u002Fjs\u002Fhostel.js?ver=",{"cssClasses":973,"htmlComments":981,"htmlAttributes":987,"restEndpoints":993,"jsGlobals":996,"shortcodeOutput":998},[974,975,976,977,978,979,980],"wphostel-alert","wphostel-error","wphostel-success","wphostel-booking-form","wphostel-room-details","wphostel-room-list","wphostel-booking-calendar",[982,983,984,985,986],"\u003C!-- wphostel_admin_notices -->","\u003C!-- display hostel booking form -->","\u003C!-- display hostel room details -->","\u003C!-- display hostel room list -->","\u003C!-- display hostel booking calendar -->",[988,989,990,991,992],"name=\"wphostel_booking_form\"","id=\"wphostel_booking_form\"","data-room-id","data-date-from","data-date-to",[994,995],"\u002Fwp-json\u002Fwphostel\u002Fv1\u002Fbookings","\u002Fwp-json\u002Fwphostel\u002Fv1\u002Frooms",[997],"wphostel_ajax_object",[999,1000,1001,1002],"[wphostel_booking_form]","[wphostel_room_details]","[wphostel_room_list]","[wphostel_booking_calendar]"]