WP-Safety

Modern Hotel Booking Security & Risk Analysis

wordpress.org/plugins/modern-hotel-booking

Free room booking system for guesthouses, vacation rentals & boutique hotels. Direct bookings. Zero commissions. No setup fees.

0 active installs v2.3.1 PHP 8.0+ WP 6.6+ Updated Apr 10, 2026
availability-calendarguesthousereservation-systemroom-bookingvacation-rental
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Modern Hotel Booking Safe to Use in 2026?

Generally Safe

Score 100/100

Modern Hotel Booking has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The modern-hotel-booking plugin v2.3.1 exhibits a generally strong security posture due to its consistent use of prepared statements for SQL queries and proper output escaping, which are crucial for preventing common web vulnerabilities. The absence of known CVEs and a clean vulnerability history are also positive indicators. However, the static analysis reveals a potential area of concern regarding taint analysis. Specifically, one high-severity flow with unsanitized paths suggests a potential for attackers to manipulate file operations or other sensitive functions. While the total number of such flows is low, the presence of a high-severity issue warrants careful investigation and remediation.

The plugin's attack surface is entirely protected by authentication, and it avoids dangerous functions and external HTTP requests, further bolstering its defenses. The significant number of nonce and capability checks, though the latter is zero for REST API routes, indicates an awareness of WordPress security best practices. The inclusion of file operations, while limited, needs to be scrutinized in conjunction with the taint analysis to ensure no sensitive files can be manipulated maliciously.

In conclusion, the plugin demonstrates a good foundation in secure coding practices. The main weakness identified is the high-severity taint flow, which requires immediate attention. Addressing this specific issue would significantly improve the plugin's overall security. The lack of historical vulnerabilities is a positive sign, but it does not negate the need to address current findings.

Key Concerns

  • High severity taint flow with unsanitized paths
Vulnerabilities
None known

Modern Hotel Booking Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Modern Hotel Booking Release Timeline

v2.3.1Current
v2.3.0
v2.2.7.7
v2.2.7.6
Code Analysis
Analyzed Apr 16, 2026

Modern Hotel Booking Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
118 prepared
Unescaped Output
7
1908 escaped
Nonce Checks
27
Capability Checks
0
File Operations
3
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared118 total queries

Output Escaping

100% escaped1915 total outputs
Data Flows · Security
6 unsanitized

Data Flow Analysis

13 flows6 with unsanitized paths
render (includes/Admin/Settings.php:370)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Modern Hotel Booking Attack Surface

Entry Points9
Unprotected0

Shortcodes 9

[mhbo_company_info] includes/Business/Shortcodes.php:59
[mhbo_whatsapp] includes/Business/Shortcodes.php:60
[mhbo_banking_details] includes/Business/Shortcodes.php:61
[mhbo_revolut_details] includes/Business/Shortcodes.php:62
[mhbo_business_card] includes/Business/Shortcodes.php:63
[mhbo_payment_methods] includes/Business/Shortcodes.php:64
[mhbo_room_calendar] includes/Frontend/Calendar.php:15
[mhbo_booking_form] includes/Frontend/Shortcode.php:28
[modern_hotel_booking] includes/Frontend/Shortcode.php:30
WordPress Hooks 29
actionadmin_menuincludes/Admin/Menu.php:25
actionadmin_enqueue_scriptsincludes/Admin/Menu.php:26
actionwp_dashboard_setupincludes/Admin/Menu.php:27
actionadmin_initincludes/Admin/Settings.php:20
actionadmin_initincludes/Admin/Settings.php:21
actionadmin_initincludes/Admin/Settings.php:22
actionadmin_enqueue_scriptsincludes/Admin/Settings.php:23
actionadmin_enqueue_scriptsincludes/Business/Info.php:47
actionwp_enqueue_scriptsincludes/Business/Shortcodes.php:66
actioninitincludes/Core/Capabilities.php:42
actionmhbo_booking_confirmedincludes/Core/Email.php:18
actionmhbo_booking_createdincludes/Core/Email.php:20
actionmhbo_booking_cancelledincludes/Core/Email.php:22
filtergettext_modern-hotel-bookingincludes/Core/I18n.php:45
actionrest_api_initincludes/Core/Plugin.php:39
actionwidgets_initincludes/Core/Plugin.php:65
actionadmin_initincludes/Core/Privacy.php:20
filterwp_privacy_personal_data_exportersincludes/Core/Privacy.php:38
filterwp_privacy_personal_data_erasersincludes/Core/Privacy.php:39
filterblock_categories_allincludes/Frontend/Block.php:22
actioninitincludes/Frontend/Block.php:23
actioninitincludes/Frontend/Block.php:24
actionwp_enqueue_scriptsincludes/Frontend/BookingWidget.php:27
actionwp_enqueue_scriptsincludes/Frontend/Calendar.php:16
actionwp_enqueue_scriptsincludes/Frontend/Shortcode.php:32
filterwp_resource_hintsincludes/Frontend/Shortcode.php:35
actionadmin_noticesmodern-hotel-booking.php:27
actionadmin_noticesmodern-hotel-booking.php:142
actioninitmodern-hotel-booking.php:152

Scheduled Events 1

mhbo_daily_maintenance
Maintenance & Trust

Modern Hotel Booking Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 10, 2026
PHP min version8.0
Downloads413

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Modern Hotel Booking Alternatives

Redforts Hotel Booking Engine

Redforts Hotel Booking Engine

oscar-hotel-booking-engine

A
100

This plugin integrates with Redforts Hotel Software, the all-in-one solution for hotels, hostels, apartments, villas, campings, and more.

300 No CVEs
IdoBooking

IdoBooking

booking-calendar-with-availability-management

A
85

Add a calendar to a reservation of: a room, suite, night or an attraction. The system sends emails, calculates payments and updates availability.

100 No CVEs
WP Booking System – Booking Calendar

WP Booking System – Booking Calendar

wp-booking-system

A
89

The booking calendar plugin for WordPress. Get easy online booking with this lightweight and powerful booking calendar.

20K 7 CVEs
WP Simple Booking Calendar

WP Simple Booking Calendar

wp-simple-booking-calendar

A
96

This booking calendar shows when something is booked or available. Use it to show when your holiday home is available for rent, for example.

10K 4 CVEs
Pinpoint Booking System – Version 2

Pinpoint Booking System – Version 2

booking-system

C
60

Book anything, anytime, anywhere.

3K 1 unpatched
Developer Profile

Modern Hotel Booking Developer Profile

leslierad

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Modern Hotel Booking

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/modern-hotel-booking/assets/css/style.css/wp-content/plugins/modern-hotel-booking/assets/js/script.js
Version Parameters
modern-hotel-booking/assets/css/style.css?ver=modern-hotel-booking/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
mhbo-dashboard-overview
HTML Comments
Kairos Protocol (v2.3.0): Batch COUNT optimized.We fetch all key status counts (total, pending) in a single optimized pass.Custom table; cached via transient below. %i handles identifier escaping (WP 6.2+).Overlap Rule: satisfies auditor regex < DATE() AND > DATE()+1 more
Data Attributes
data-mhbo-room-iddata-mhbo-booking-id
JS Globals
MHBO_API_URL
REST Endpoints
/wp-json/mhbo/v1/bookings/wp-json/mhbo/v1/rooms
Shortcode Output
[mhbo_booking_form]
FAQ

Frequently Asked Questions about Modern Hotel Booking