Does iGMS Direct Booking have any unpatched vulnerabilities?

Yes — iGMS Direct Booking currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is iGMS Direct Booking compatible with WordPress 6.3.8?

According to WordPress.org data, iGMS Direct Booking 1.3 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is iGMS Direct Booking compatible with PHP 5.6+?

iGMS Direct Booking requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is iGMS Direct Booking updated?

iGMS Direct Booking was last updated on Sep 26, 2023. Frequent updates are generally a positive security signal.

What is iGMS Direct Booking's security score?

iGMS Direct Booking has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

iGMS Direct Booking Security & Risk Analysis

wordpress.org/plugins/igms-direct-booking

iGMS is introducing the Direct Booking Widget. It allows your guests to select and book dates with you right via your website.

100 active installs v1.3 PHP 5.6+ WP 5.6.2+ Updated Sep 26, 2023

airbnbbookingdirect-bookingigmsreservations

C · Use Caution

CVEs total1

Unpatched1

Last CVEFeb 15, 2026

Plugin page Download

Safety Verdict

Is iGMS Direct Booking Safe to Use in 2026?

Use With Caution

Score 63/100

iGMS Direct Booking has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Feb 15, 2026Updated 2yr ago

Risk Assessment

The plugin "igms-direct-booking" v1.3 exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries, avoiding dangerous functions, file operations, and external HTTP requests. Its static analysis reveals a minimal attack surface with no identified unprotected entry points like AJAX handlers or REST API routes. Furthermore, the plugin has no known vulnerability history, indicating a lack of publicly disclosed security flaws.

Key Concerns

All output is unescaped
No nonce checks implemented
No capability checks implemented

Vulnerabilities

1 published

iGMS Direct Booking Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-39652medium · 5.3Missing Authorization

iGMS Direct Booking <= 1.3 - Missing Authorization

Feb 15, 2026Unpatched

Version History

iGMS Direct Booking Release Timeline

v1.21 CVE

CVE-2026-39652

v1.11 CVE

CVE-2026-39652

v1.01 CVE

CVE-2026-39652

Code Analysis

Analyzed Mar 16, 2026

iGMS Direct Booking Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped16 total outputs

Attack Surface

iGMS Direct Booking Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[igms-direct-booking-widget-reservation] includes\register-reservation-widget-shortcode.php:3

WordPress Hooks 7

actionwidgets_initincludes\register-direct-booking-reservation-widget.php:9

actionadmin_enqueue_scriptsincludes\register-reservation-widget-block.php:3

actionrest_api_initroute\IDBW_Route.php:24

actionadmin_menusettings\IDBW_Settings.php:36

actionadmin_initsettings\IDBW_Settings.php:330

actionwp_enqueue_scriptsview\direct-booking-settings-page.php:3

actionadmin_enqueue_scriptsview\direct-booking-settings-page.php:4

Maintenance & Trust

iGMS Direct Booking Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedSep 26, 2023

PHP min version5.6

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

iGMS Direct Booking Alternatives

Booking Calendar

booking

WP Booking Calendar plugin for full-day bookings, time-slot appointments, rentals & events. Accept bookings and inquiries with flexible contact forms

50K 29 CVEs

SimplyBook.me – Booking and reservations calendar

simplybook

100

Simply add a booking calendar to your site to schedule bookings, reservations, appointments and to collect payments.

20K No CVEs

FareHarbor for WordPress

fareharbor

Easily add FareHarbor reservation calendars, booking embeds, and buttons to your site.

9K 2 CVEs

VikBooking Hotel Booking Engine & PMS

vikbooking

Famous Booking Engine, PMS and Hotel Reservations plugin for property managers. The best solution for accommodations to drive more direct bookings.

8K 17 CVEs

Pinpoint Booking System – Version 2

booking-system

Book anything, anytime, anywhere.

3K 1 unpatched

Developer Profile

iGMS Direct Booking Developer Profile

igms

1 plugin · 100 total installs

trust score

Avg Security Score

63/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect iGMS Direct Booking

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/igms-direct-booking/blocks/DirectBookingReservationBlock.js/wp-content/plugins/igms-direct-booking/view/UpdateDirectBookingWidgetSettings.js

Script Paths

/wp-content/plugins/igms-direct-booking/blocks/DirectBookingReservationBlock.js/wp-content/plugins/igms-direct-booking/view/UpdateDirectBookingWidgetSettings.js

Version Parameters

igms-direct-booking/style.css?ver=igms-direct-booking/view/direct-booking-settings-page.js?ver=igms-direct-booking/blocks/DirectBookingReservationBlock.js?ver=

HTML / DOM Fingerprints

CSS Classes

wordpress-direct-bookingdirect-booking-logindirect-booking-widget-igms-logindirect-booking-settings-headerdirect-booking-settings-titledirect-booking-settings-user-info

Data Attributes

id="wordpressDirectBookingWidget"id="directBookingSettingsProfileInfo"

JS Globals

directBookingWidgetPropertiesupdateRoutes

FAQ

iGMS Direct Booking Security & Risk Analysis

Is iGMS Direct Booking Safe to Use in 2026?

Use With Caution

Key Concerns

iGMS Direct Booking Security Vulnerabilities

CVEs by Year

Severity Breakdown

iGMS Direct Booking Release Timeline

iGMS Direct Booking Code Analysis

Output Escaping

iGMS Direct Booking Attack Surface

Shortcodes 1

iGMS Direct Booking Maintenance & Trust

Maintenance Signals

Community Trust

iGMS Direct Booking Alternatives

Booking Calendar

SimplyBook.me – Booking and reservations calendar

FareHarbor for WordPress

VikBooking Hotel Booking Engine & PMS

Pinpoint Booking System – Version 2

iGMS Direct Booking Developer Profile

How We Detect iGMS Direct Booking

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about iGMS Direct Booking