WP-Safety

MyBooking Reservation Engine Security & Risk Analysis

wordpress.org/plugins/mybooking-reservation-engine

Mybooking Reservation Engine WordPress plugin.

100 active installs v2.6.0 PHP 7.2+ WP 5.2+ Updated Dec 18, 2025
booking-enginebooking-systemcar-rental-reservationonline-booking-engineonline-booking-system
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MyBooking Reservation Engine Safe to Use in 2026?

Generally Safe

Score 100/100

MyBooking Reservation Engine has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The 'mybooking-reservation-engine' v2.6.0 plugin exhibits a generally strong security posture based on the provided static analysis. A notable strength is the absence of known CVEs and a complete lack of unpatched vulnerabilities, indicating a history of secure development or diligent patching. Furthermore, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and implementing nonce checks, which are crucial for preventing common WordPress attacks. The limited number of external HTTP requests and the absence of direct file operations also contribute positively to its security profile.

However, a significant area of concern arises from the output escaping. With 52% of outputs properly escaped, a substantial portion (48%) remains unescaped. This presents a considerable risk of Cross-Site Scripting (XSS) vulnerabilities, as untrusted input could be rendered directly in the user's browser, potentially leading to malicious script execution. Additionally, while there are no unauthenticated AJAX handlers or REST API routes, the presence of 30 shortcodes represents a significant attack surface. Although no specific unprotected entry points were identified in the static analysis, the sheer number of shortcodes warrants careful examination for potential vulnerabilities that might not be immediately apparent.

Key Concerns

  • Significant portion of outputs unescaped
  • Large attack surface via shortcodes
  • Bundled outdated Select2 library
Vulnerabilities
None known

MyBooking Reservation Engine Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

MyBooking Reservation Engine Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
1177
1264 escaped
Nonce Checks
10
Capability Checks
0
File Operations
0
External Requests
8
Bundled Libraries
1

Bundled Libraries

Select24.0.1

SQL Query Safety

100% prepared8 total queries

Output Escaping

52% escaped2441 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
mybooking_plugin_onboarding_login_page (includes\settings\mybooking-plugin-onboarding.php:179)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

MyBooking Reservation Engine Attack Surface

Entry Points30
Unprotected0

Shortcodes 30

[mybooking_rent_engine_selector] includes\shortcodes\class-mybooking-shortcodes.php:100
[mybooking_rent_engine_selector_wizard] includes\shortcodes\class-mybooking-shortcodes.php:103
[mybooking_rent_engine_product_listing] includes\shortcodes\class-mybooking-shortcodes.php:106
[mybooking_rent_engine_complete] includes\shortcodes\class-mybooking-shortcodes.php:109
[mybooking_rent_engine_summary] includes\shortcodes\class-mybooking-shortcodes.php:112
[mybooking_rent_engine_reservation] includes\shortcodes\class-mybooking-shortcodes.php:115
[mybooking_rent_engine_products_search] includes\shortcodes\class-mybooking-shortcodes.php:118
[mybooking_rent_engine_products] includes\shortcodes\class-mybooking-shortcodes.php:121
[mybooking_rent_engine_product] includes\shortcodes\class-mybooking-shortcodes.php:124
[mybooking_rent_engine_planning] includes\shortcodes\class-mybooking-shortcodes.php:127
[mybooking_rent_engine_product_week_planning] includes\shortcodes\class-mybooking-shortcodes.php:130
[mybooking_rent_engine_shift_picker] includes\shortcodes\class-mybooking-shortcodes.php:133
[mybooking_rent_engine_new_customer] includes\shortcodes\class-mybooking-shortcodes.php:136
[mybooking_activities_engine_search] includes\shortcodes\class-mybooking-shortcodes.php:141
[mybooking_activities_engine_activities] includes\shortcodes\class-mybooking-shortcodes.php:144
[mybooking_activities_engine_activity] includes\shortcodes\class-mybooking-shortcodes.php:147
[mybooking_activities_engine_shopping_cart] includes\shortcodes\class-mybooking-shortcodes.php:150
[mybooking_activities_engine_summary] includes\shortcodes\class-mybooking-shortcodes.php:153
[mybooking_activities_engine_order] includes\shortcodes\class-mybooking-shortcodes.php:156
[mybooking_transfer_selector] includes\shortcodes\class-mybooking-shortcodes.php:161
[mybooking_transfer_choose_vehicle] includes\shortcodes\class-mybooking-shortcodes.php:164
[mybooking_transfer_checkout] includes\shortcodes\class-mybooking-shortcodes.php:167
[mybooking_transfer_summary] includes\shortcodes\class-mybooking-shortcodes.php:170
[mybooking_transfer_reservation] includes\shortcodes\class-mybooking-shortcodes.php:173
[mybooking_contact] includes\shortcodes\class-mybooking-shortcodes.php:178
[mybooking_testimonials] includes\shortcodes\class-mybooking-shortcodes.php:184
[mybooking_content_slider] includes\shortcodes\class-mybooking-shortcodes.php:191
[mybooking_product_slider] includes\shortcodes\class-mybooking-shortcodes.php:198
[mybooking_password_forgotten] includes\shortcodes\class-mybooking-shortcodes.php:204
[mybooking_change_password] includes\shortcodes\class-mybooking-shortcodes.php:207
WordPress Hooks 38
actioninitincludes\cpt\class-mybooking-cpt.php:23
actionadd_meta_boxesincludes\cpt\mybooking-plugin-cpt-product-slider.php:7
actionsave_postincludes\cpt\mybooking-plugin-cpt-product-slider.php:8
actioncustomize_registerincludes\customizer\mybooking-plugin-customizer.php:61
actionwp_enqueue_scriptsincludes\customizer\mybooking-plugin-customizer.php:71
actionadmin_enqueue_scriptsincludes\enqueue\class-mybooking-enqueue.php:20
actionwp_enqueue_scriptsincludes\enqueue\class-mybooking-enqueue.php:21
actionadmin_enqueue_scriptsincludes\enqueue\class-mybooking-enqueue.php:24
actionwp_enqueue_scriptsincludes\enqueue\class-mybooking-enqueue.php:25
actioninitincludes\mybooking-patterns.php:242
actioninitincludes\mybooking-plugin.php:154
actioninitincludes\mybooking-plugin.php:157
actionplugins_loadedincludes\mybooking-plugin.php:163
filterload_textdomain_mofileincludes\mybooking-plugin.php:166
filterbody_classincludes\mybooking-plugin.php:169
actionenqueue_block_editor_assetsincludes\mybooking-plugin.php:175
actionwp_footerincludes\mybooking-plugin.php:178
actionwp_footerincludes\mybooking-plugin.php:181
actionwp_footerincludes\mybooking-plugin.php:184
actionwidgets_initincludes\mybooking-plugin.php:189
actionwidgets_initincludes\mybooking-plugin.php:192
actionwidgets_initincludes\mybooking-plugin.php:195
actionwidgets_initincludes\mybooking-plugin.php:198
actionwidgets_initincludes\mybooking-plugin.php:201
filterpll_the_language_linkincludes\mybooking-plugin.php:1256
actioninitincludes\routes\routes.php:23
actionwp_loadedincludes\routes\routes.php:24
filterstatus_headerincludes\routes\routes.php:115
actionparse_queryincludes\routes\routes.php:121
actiontemplate_redirectincludes\routes\routes.php:126
actiondo_parse_requestincludes\routes\routes.php:136
filtertemplate_includeincludes\routes\routes.php:152
actionadmin_menuincludes\settings\mybooking-plugin-onboarding.php:31
actionadmin_headincludes\settings\mybooking-plugin-onboarding.php:33
actionadmin_initincludes\settings\mybooking-plugin-onboarding.php:35
actionadmin_menuincludes\settings\mybooking-plugin-settings.php:11
actionadmin_headincludes\settings\mybooking-plugin-settings.php:14
actionadmin_initincludes\settings\mybooking-plugin-settings.php:17
Maintenance & Trust

MyBooking Reservation Engine Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 18, 2025
PHP min version7.2
Downloads11K

Community Trust

Rating100/100
Number of ratings1
Active installs100
Alternatives

MyBooking Reservation Engine Alternatives

Beds24 Online Booking

Beds24 Online Booking

beds24-online-booking

A
94

Accept commission free online bookings from your Wordpress website. Suitable for hotels, B&B's, holiday rentals, vacation rentals, apartments …

2K 7 CVEs
Sirvoy Booking Engine

Sirvoy Booking Engine

sirvoy-booking-engine

A
100

Sirvoy booking engine - Non-Commission Direct Bookings from Your Website. Sirvoy can also help you to receive bookings from channels, and much more.

1K No CVEs
Online Buchungssystem – edoobox

Online Buchungssystem – edoobox

booking-system-edoobox

A
100

Simplify event and course management with Edoobox, an intuitive online booking system.

200 No CVEs
bookingkit

bookingkit

bookingkit

A
85

bookingkit allows you to easily make your events and tours bookable - instantly and directly on your website.

80 No CVEs
Bookwize Integrated Cinnamon

Bookwize Integrated Cinnamon

bookwize-integrated-cinnamon

A
85

Integrate Bookwize Hotel Booking Engine in your WordPress website and let visitors check availability and rates and make a booking directly from your …

10 No CVEs
Developer Profile

MyBooking Reservation Engine Developer Profile

Juan

3 plugins · 190 total installs

92
trust score
Avg Security Score
97/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MyBooking Reservation Engine

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mybooking-reservation-engine/mybooking-reservation-engine.css/wp-content/plugins/mybooking-reservation-engine/mybooking-reservation-engine.js/wp-content/plugins/mybooking-reservation-engine/assets/css/mybooking-reservation-engine.css/wp-content/plugins/mybooking-reservation-engine/assets/js/mybooking-reservation-engine.js/wp-content/plugins/mybooking-reservation-engine/assets/css/mybooking-frontend-style.css/wp-content/plugins/mybooking-reservation-engine/assets/css/mybooking-common-styles.css/wp-content/plugins/mybooking-reservation-engine/assets/js/mybooking-translation.js
Script Paths
/wp-content/plugins/mybooking-reservation-engine/mybooking-reservation-engine.js/wp-content/plugins/mybooking-reservation-engine/assets/js/mybooking-reservation-engine.js/wp-content/plugins/mybooking-reservation-engine/assets/js/mybooking-translation.js
Version Parameters
mybooking-reservation-engine/mybooking-reservation-engine.css?ver=mybooking-reservation-engine/mybooking-reservation-engine.js?ver=mybooking-reservation-engine/assets/css/mybooking-reservation-engine.css?ver=mybooking-reservation-engine/assets/js/mybooking-reservation-engine.js?ver=mybooking-reservation-engine/assets/css/mybooking-frontend-style.css?ver=mybooking-reservation-engine/assets/css/mybooking-common-styles.css?ver=mybooking-reservation-engine/assets/js/mybooking-translation.js?ver=

HTML / DOM Fingerprints

CSS Classes
mybooking-frontendmybooking-checkout-formmybooking-search-formmybooking-product-cardmybooking-calendarmybooking-datepickermybooking-tab-contentmybooking-tab-pane+1 more
HTML Comments
<!-- BEGIN Mybooking Reservation Engine --><!-- END Mybooking Reservation Engine --><!-- MYBOOKING Widget: Start --><!-- MYBOOKING Widget: End -->
Data Attributes
data-mb-widgetdata-mb-product-iddata-mb-booking-typedata-mb-rental-iddata-mb-language
JS Globals
MybookingWidgetmybooking_settingsmybooking_translation
REST Endpoints
/wp-json/mybooking/v1/availability/wp-json/mybooking/v1/booking/wp-json/mybooking/v1/products/wp-json/mybooking/v1/locations
Shortcode Output
[mybooking-reservation-form][mybooking-search-form][mybooking-product-details][mybooking-calendar]
FAQ

Frequently Asked Questions about MyBooking Reservation Engine