WP-Safety

Jomres Hotel Booking Engine for WordPress Security & Risk Analysis

wordpress.org/plugins/jomres

Build your own Online Travel Agency like Booking.com or AirBNB

50 active installs v10.7.2 PHP + WP 4.3.1+ Updated Jul 13, 2023
booking-enginechannel-managerhotel-bookingjomresrest-api
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Jomres Hotel Booking Engine for WordPress Safe to Use in 2026?

Generally Safe

Score 85/100

Jomres Hotel Booking Engine for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The Jomres plugin v10.7.2 presents a mixed security posture. On the positive side, there are no known vulnerabilities (CVEs) or reported taint flows, suggesting a generally clean codebase. The absence of dangerous functions and bundled libraries is also a good sign. However, significant concerns arise from the static analysis. The plugin exposes two AJAX handlers without any authentication checks, creating a direct attack vector for unauthorized actions. Furthermore, none of the identified entry points have nonce checks, which is a critical omission for preventing CSRF attacks. The plugin also uses SQL queries without prepared statements, increasing the risk of SQL injection vulnerabilities, especially when combined with unescaped output, as only 50% of outputs are properly escaped. The lack of capability checks on AJAX handlers is another glaring security gap. While the vulnerability history is clean, the static analysis reveals several potential weaknesses that could be exploited if not addressed.

Key Concerns

  • AJAX handlers without authentication checks
  • SQL queries without prepared statements
  • Missing nonce checks on entry points
  • Unescaped output
  • Capability checks missing on AJAX handlers
Vulnerabilities
None known

Jomres Hotel Booking Engine for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Jomres Hotel Booking Engine for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
0 prepared
Unescaped Output
2
2 escaped
Nonce Checks
0
Capability Checks
1
File Operations
3
External Requests
3
Bundled Libraries
0

SQL Query Safety

0% prepared2 total queries

Output Escaping

50% escaped4 total outputs
Attack Surface
2 unprotected

Jomres Hotel Booking Engine for WordPress Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_jomres_ajaxincludes\jomres.php:237
noprivwp_ajax_jomres_ajaxincludes\jomres.php:238

Shortcodes 1

[default_wordpress_loginform] includes\functions.php:203
WordPress Hooks 16
actionadmin_enqueue_scriptsadmin\jomres-admin.php:85
filterrun_wptexturizeincludes\functions.php:206
actionplugins_loadedincludes\jomres.php:198
actionwp_loginincludes\jomres.php:210
actionwp_logoutincludes\jomres.php:211
actionwp_headincludes\jomres.php:212
actionadmin_menuincludes\jomres.php:226
actioninitincludes\jomres.php:233
actionwpincludes\jomres.php:252
filterthe_contentincludes\jomres.php:254
filterwp_titleincludes\jomres.php:255
filterredirect_canonicalincludes\jomres.php:256
filtersidebars_widgetsincludes\jomres.php:260
filtertemplate_includeincludes\jomres.php:265
filtershow_admin_barpublic\jomres-public.php:69
actionwp_enqueue_scriptspublic\jomres-public.php:74
Maintenance & Trust

Jomres Hotel Booking Engine for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedJul 13, 2023
PHP min version
Downloads41K

Community Trust

Rating82/100
Number of ratings25
Active installs50
Alternatives

Jomres Hotel Booking Engine for WordPress Alternatives

VikBooking Hotel Booking Engine & PMS

VikBooking Hotel Booking Engine & PMS

vikbooking

B
82

Famous Booking Engine, PMS and Hotel Reservations plugin for property managers. The best solution for accommodations to drive more direct bookings.

9K 17 CVEs
1Day Booking Engine

1Day Booking Engine

1day-io

A
85

Simple, modern and flexible booking engine for your hotel. Let customers book rooms easily without being redirected away from your website.

10 No CVEs
MotoPress Hotel Booking

MotoPress Hotel Booking

motopress-hotel-booking-lite

A
86

The #1 Hotel Booking and Vacation Rental Plugin for WordPress. Online payments, seasons, rates, free or paid extras, coupons, taxes & fees.

10K 4 CVEs
Sirvoy Booking Engine

Sirvoy Booking Engine

sirvoy-booking-engine

A
100

Sirvoy booking engine - Non-Commission Direct Bookings from Your Website. Sirvoy can also help you to receive bookings from channels, and much more.

1K No CVEs
Redforts Hotel Booking Engine

Redforts Hotel Booking Engine

oscar-hotel-booking-engine

A
100

This plugin integrates with Redforts Hotel Software, the all-in-one solution for hotels, hostels, apartments, villas, campings, and more.

300 No CVEs
Developer Profile

Jomres Hotel Booking Engine for WordPress Developer Profile

jomres

1 plugin · 50 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Jomres Hotel Booking Engine for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/jomres/css/bootstrap.min.css/wp-content/plugins/jomres/css/jomres.css/wp-content/plugins/jomres/css/jquery-ui.min.css/wp-content/plugins/jomres/css/lightbox.css/wp-content/plugins/jomres/css/magnific-popup.css/wp-content/plugins/jomres/css/print.css/wp-content/plugins/jomres/css/select2.min.css/wp-content/plugins/jomres/css/swiper.min.css+36 more
Script Paths
/wp-content/plugins/jomres/js/jomres.js/wp-content/plugins/jomres/js/admin.js/wp-content/plugins/jomres/js/cart.js/wp-content/plugins/jomres/js/datepicker.js/wp-content/plugins/jomres/js/images.js/wp-content/plugins/jomres/js/invisible_captcha.js+13 more
Version Parameters
jomres/css/bootstrap.min.css?ver=jomres/css/jomres.css?ver=jomres/css/jquery-ui.min.css?ver=jomres/css/lightbox.css?ver=jomres/css/magnific-popup.css?ver=jomres/css/print.css?ver=jomres/css/select2.min.css?ver=jomres/css/swiper.min.css?ver=jomres/css/tooltipster.css?ver=jomres/js/admin.js?ver=jomres/js/bootstrap.min.js?ver=jomres/js/cart.js?ver=jomres/js/datepicker.js?ver=jomres/js/gantt.js?ver=jomres/js/gmaps.js?ver=jomres/js/images.js?ver=jomres/js/invisible_captcha.js?ver=jomres/js/jomres.js?ver=jomres/js/jquery.cookie.js?ver=jomres/js/jquery.js?ver=jomres/js/jquery.maskedinput.min.js?ver=jomres/js/jquery.tablesorter.js?ver=jomres/js/jquery-ui.min.js?ver=jomres/js/lightbox.js?ver=jomres/js/magnific-popup.js?ver=jomres/js/moment.min.js?ver=jomres/js/push.js?ver=jomres/js/select2.full.js?ver=jomres/js/sortable.js?ver=jomres/js/swiper.min.js?ver=jomres/js/tinymce/tinymce.min.js?ver=jomres/js/tooltipster.js?ver=

HTML / DOM Fingerprints

CSS Classes
jomres-modaljomres-modal-titlejomres-modal-bodyjomres-modal-footerjomres-errorjomres-successjomres-infojomres-warning+1 more
HTML Comments
<!--Jomres--><!--START Jomres--><!--END Jomres--><!--Jomres Core Plugin-->
Data Attributes
data-jomres-modaldata-jomres-tab
JS Globals
jomresJSSettingsJomresjr_modal
REST Endpoints
/wp-json/jomres/v1/settings/wp-json/jomres/v1/booking
Shortcode Output
[jomres_booking][jomres_property_list][jomres_search]
FAQ

Frequently Asked Questions about Jomres Hotel Booking Engine for WordPress