WP-Safety

XML Travel Portal Widget Security & Risk Analysis

wordpress.org/plugins/oganro-reservation-widget

WordPress Widget which connect to wholesalers/suppliers or GDS through XML APIs to power B2B or B2C travel websites.

50 active installs v2.0 PHP + WP 3.9+ Updated Aug 16, 2016
apib2b-travel-portal-widgetb2c-travel-portal-widgetdynamicgds
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEJun 19, 2025
Plugin page Download
Safety Verdict

Is XML Travel Portal Widget Safe to Use in 2026?

Use With Caution

Score 63/100

XML Travel Portal Widget has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jun 19, 2025Updated 9yr ago
Risk Assessment

The oganro-reservation-widget plugin v2.0 exhibits a generally good security posture based on static code analysis. It demonstrates strong practices with no identified dangerous functions, exclusively using prepared statements for SQL queries, and properly escaping almost all output. The limited attack surface, with only one shortcode and no unprotected entry points, is also a positive indicator. However, the presence of a known, unpatched medium-severity vulnerability (CSRF) is a significant concern that overrides many of the otherwise positive findings. The vulnerability history indicates a pattern of Cross-Site Request Forgery issues, which warrants attention and suggests a potential weakness in how user actions are handled or validated, even if current static analysis doesn't flag specific flows.

Key Concerns

  • Unpatched CVE (Medium Severity)
  • Vulnerability History indicates CSRF pattern
  • Zero Nonce Checks
Vulnerabilities
1

XML Travel Portal Widget Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-49968medium · 4.3Cross-Site Request Forgery (CSRF)

XML Travel Portal Widget <= 2.0 - Cross-Site Request Forgery

Jun 19, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

XML Travel Portal Widget Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
162 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

99% escaped164 total outputs
Attack Surface

XML Travel Portal Widget Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[ogn_rw_widget_screen] ogn-rw-reservation-widget.php:21
WordPress Hooks 1
actionadmin_menuogn-rw-reservation-widget.php:39
Maintenance & Trust

XML Travel Portal Widget Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedAug 16, 2016
PHP min version
Downloads14K

Community Trust

Rating96/100
Number of ratings4
Active installs50
Alternatives

XML Travel Portal Widget Alternatives

Oganro Travel Portal Search Widget for HotelBeds APITUDE API

Oganro Travel Portal Search Widget for HotelBeds APITUDE API

oganro-travel-portal-search-widget-for-hotelbeds-apitude-api

C
63

Oganro HotelBeds search widget will enable for you to build a Wordpress based travel portal website or OTA website without having to worry about all X &hellip;

10 1 unpatched
Pixel Tag Manager for WooCommerce – Google Analytics 4, Google Ads, and More Pixels

Pixel Tag Manager for WooCommerce – Google Analytics 4, Google Ads, and More Pixels

pixel-manager-for-woocommerce

A
100

Pixel Tag Manager for WooCommerce is a powerful plugin to monitor eCommerce events with seamless integration. Track Google Analytics 4, Google Ads, Bi &hellip;

3K No CVEs
Oganro: Hotels, Flights, Transfers, Car Hire, Excursion Search Box

Oganro: Hotels, Flights, Transfers, Car Hire, Excursion Search Box

oganro-travel-online-booking-system

A
85

Travel portal search box, customisable plugin to create search and book travel website with Hotels, Flights, Car Hire, Transfer and Excursions.

70 No CVEs
Meta for WooCommerce

Meta for WooCommerce

facebook-for-woocommerce

A
93

Get the Official Meta for WooCommerce plugin for powerful ways to help grow your business.

500K 3 CVEs
PixelYourSite – Your smart PIXEL (TAG) & API Manager

PixelYourSite – Your smart PIXEL (TAG) & API Manager

pixelyoursite

A
89

Add Meta Pixel with Conversion API, Google Analytics (GA4) + Consent Mode, Google Tag Manager, and Head & Footer scripts.

500K 11 CVEs
Developer Profile

XML Travel Portal Widget Developer Profile

Oganro

8 plugins · 190 total installs

81
trust score
Avg Security Score
81/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect XML Travel Portal Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/oganro-reservation-widget/css/ogn_rw_jquery_ui.css/wp-content/plugins/oganro-reservation-widget/css/ogn_rw_bootstrap_min.css/wp-content/plugins/oganro-reservation-widget/js/ogn_rw_bootstrap_min.js/wp-content/plugins/oganro-reservation-widget/js/ogn_rw_sb_script.js/wp-content/plugins/oganro-reservation-widget/css/ogn_rw_reservation_admin.css/wp-content/plugins/oganro-reservation-widget/css/ogn_rw_tinytools_toggleswitch_min.css/wp-content/plugins/oganro-reservation-widget/js/ogn_rw_jscolor.js/wp-content/plugins/oganro-reservation-widget/js/ogn_rw_tinytools_toggleswitch_min.js+1 more
Script Paths
/wp-content/plugins/oganro-reservation-widget/js/ogn_rw_bootstrap_min.js/wp-content/plugins/oganro-reservation-widget/js/ogn_rw_sb_script.js/wp-content/plugins/oganro-reservation-widget/js/ogn_rw_jscolor.js/wp-content/plugins/oganro-reservation-widget/js/ogn_rw_tinytools_toggleswitch_min.js/wp-content/plugins/oganro-reservation-widget/js/ogn_rw_admin_sb_script.js

HTML / DOM Fingerprints

CSS Classes
ogn_rw_search_boxogn_rw_admin_formogn_rw_title_colorogn_rw_label_colorogn_rw_border_radiusogn_rw_opacityogn_rw_border_widthogn_rw_border_color+9 more
Data Attributes
ogn_rw_srch_wdgt_optogn_rw_sb_submit_urlogn_rw_sb_autocomplete_urlogn_rw_sb_nightsogn_rw_sb_background_colorogn_rw_sb_background_rgba+21 more
Shortcode Output
[ogn_rw_widget_screen]
FAQ

Frequently Asked Questions about XML Travel Portal Widget