Does Online Lesson Booking have any unpatched vulnerabilities?

No. All known vulnerabilities in Online Lesson Booking have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Online Lesson Booking compatible with WordPress 6.9.4?

According to WordPress.org data, Online Lesson Booking 0.9.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Online Lesson Booking compatible with PHP 7.0+?

Online Lesson Booking requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Online Lesson Booking updated?

Online Lesson Booking was last updated on Jan 6, 2026. Frequent updates are generally a positive security signal.

What is Online Lesson Booking's security score?

Online Lesson Booking has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Online Lesson Booking Security & Risk Analysis

wordpress.org/plugins/online-lesson-booking-system

このプラグインはマンツーマンのオンラインレッスン向けにスケジューラと予約フォームを提供するものです。 This plug-in supplies the reservation-form and scheduler for the one-to-one online lesson.

600 active installs v0.9.9 PHP 7.0+ WP 3.5+ Updated Jan 6, 2026

appointmentbookinglessonreservationtimetable

A · Safe

CVEs total2

Unpatched0

Last CVEJun 10, 2019

Plugin page Download

Safety Verdict

Is Online Lesson Booking Safe to Use in 2026?

Generally Safe

Score 99/100

Online Lesson Booking has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jun 10, 2019Updated 2mo ago

Risk Assessment

The 'online-lesson-booking-system' plugin v0.9.9 exhibits a mixed security posture. On the positive side, it has no unpatched known vulnerabilities, indicating a commitment to addressing past issues. The plugin also demonstrates good practices in its use of prepared statements for SQL queries (95%) and the presence of nonce and capability checks, suggesting a foundational awareness of security. However, there are significant areas of concern.

The static analysis reveals a concerning number of unsanitized paths in taint analysis (8 out of 15 flows), which, despite not being classified as critical or high severity in this scan, represents a latent risk for input manipulation. Furthermore, the output escaping is only properly implemented in 38% of cases, leaving a substantial portion of user-facing output vulnerable to Cross-Site Scripting (XSS) attacks. The presence of the `unserialize` function is a critical warning sign, as it can be exploited for Remote Code Execution if untrusted data is passed to it.

The vulnerability history shows two past CVEs, with a high and a medium severity, both related to XSS and CSRF. The fact that these vulnerabilities were reported and, presumably, patched, is good, but the types of vulnerabilities suggest that improper handling of user input and lack of robust protection against malicious requests have been historical weaknesses. The absence of any current unpatched vulnerabilities is a positive, but the static analysis findings, particularly concerning output escaping and unsanitized taint flows, indicate that similar issues may still exist in this version.

Key Concerns

Unsanitized taint flows present
Low output escaping coverage
Use of unserialize function
Historical high severity CVE
Historical medium severity CVE

Vulnerabilities

Online Lesson Booking Security Vulnerabilities

CVEs by Year

2 CVEs in 2019

2019

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2019-5972medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Online Lesson Booking <= 0.8.6 - Cross-Site Scripting

Jun 10, 2019 Patched in 0.8.7 (1688d)

CVE-2019-5973high · 8.8Cross-Site Request Forgery (CSRF)

Online Lesson Booking <= 0.8.6 - Cross-Site Request Forgery

Jun 10, 2019 Patched in 0.8.7 (1688d)

Code Analysis

Analyzed Mar 16, 2026

Online Lesson Booking Code Analysis

Dangerous Functions

Raw SQL Queries

60 prepared

Unescaped Output

150

91 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = unserialize( $r['data'] );class\my-history.php:604

SQL Query Safety

95% prepared63 total queries

Output Escaping

38% escaped241 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

15 flows8 with unsanitized paths

showDailySchedule (class\my-shortcodes.php:9)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Online Lesson Booking Attack Surface

Entry Points18

Unprotected0

Shortcodes 18

[olb_calendar] class\my-calendar.php:5

[olb_daily_schedule] class\my-functions.php:193

[olb_weekly_schedule] class\my-functions.php:196

[olb_edit_schedule] class\my-functions.php:199

[olb_reserve_form] class\my-functions.php:202

[olb_cancel_form] class\my-functions.php:205

[olb_report_form] class\my-functions.php:208

[olb_refer_members_info] class\my-functions.php:211

[olb_refer_members_history] class\my-functions.php:214

[olb_members_history] class\my-functions.php:217

[olb_members_schedule] class\my-functions.php:220

[olb_teachers_history] class\my-functions.php:223

[olb_teachers_schedule] class\my-functions.php:226

[olb_member_data] class\my-functions.php:229

[olb_if_expire] class\my-functions.php:232

[olb_if_member] class\my-functions.php:235

[olb_if_manager] class\my-functions.php:238

[olb_ticket_logs] class\my-functions.php:241

WordPress Hooks 82

actionadmin_enqueue_scriptsclass\my-adminpage.php:5

filterolb_get_user_dataclass\my-auth.php:5

actioninitclass\my-auth.php:6

filterolb_is_not_expireclass\my-auth.php:49

filterolb_to_user_emailclass\my-formaction.php:5

filterolb_to_teacher_emailclass\my-formaction.php:6

filterolb_email_valuesclass\my-formaction.php:7

actionwidgets_initclass\my-functions.php:98

actionwidgets_initclass\my-functions.php:99

actionwidgets_initclass\my-functions.php:100

actioninitclass\my-functions.php:102

actionadmin_bar_menuclass\my-functions.php:112

actionwp_before_admin_bar_renderclass\my-functions.php:113

actionadmin_headclass\my-functions.php:114

actionwp_dashboard_setupclass\my-functions.php:115

actionadmin_menuclass\my-functions.php:116

filteradmin_footer_textclass\my-functions.php:117

actionadmin_head-profile.phpclass\my-functions.php:118

filterpre_site_transient_update_coreclass\my-functions.php:119

filtercron_schedulesclass\my-functions.php:137

actionolb_cronclass\my-functions.php:138

actionwpclass\my-functions.php:139

actionadmin_noticesclass\my-functions.php:141

actionadmin_initclass\my-functions.php:143

actionmanage_users_columnsclass\my-functions.php:144

actionmanage_users_custom_columnclass\my-functions.php:145

filtermanage_users_sortable_columnsclass\my-functions.php:146

filterrequestclass\my-functions.php:147

actionwp_loginclass\my-functions.php:148

actionwp_logoutclass\my-functions.php:149

filteruser_contactmethodsclass\my-functions.php:151

actionshow_user_profileclass\my-functions.php:152

actionedit_user_profileclass\my-functions.php:153

actionuser_registerclass\my-functions.php:154

actionprofile_updateclass\my-functions.php:155

actiondelete_userclass\my-functions.php:156

actiontemplate_redirectclass\my-functions.php:157

actiontemplate_redirectclass\my-functions.php:158

actionwp_headclass\my-functions.php:159

actionwp_enqueue_scriptsclass\my-functions.php:160

actionpublish_postclass\my-functions.php:161

actiontrash_postclass\my-functions.php:162

actionpublish_pageclass\my-functions.php:163

actiontrash_pageclass\my-functions.php:164

actionadmin_menuclass\my-functions.php:166

filterolb_errorclass\my-functions.php:168

filterolb_can_reservationclass\my-functions.php:169

filterolb_can_cancellationclass\my-functions.php:170

filterolb_added_profileclass\my-functions.php:171

filterolb_added_profile_adminclass\my-functions.php:172

filterolb_update_termclass\my-functions.php:173

filterolb_update_logclass\my-functions.php:174

filterolb_line_of_logsclass\my-functions.php:175

filterolb_admin_pretending_userclass\my-functions.php:176

filterthe_contentclass\my-functions.php:177

actionolb_users_custom_columnclass\my-functions.php:179

actionuser_new_formclass\my-functions.php:180

actionuser_registerclass\my-functions.php:181

filterolb_ex_newuser_profileclass\my-functions.php:182

actionadmin_footerclass\my-functions.php:183

filterwidget_textclass\my-functions.php:190

actionwp_dashboard_setupclass\my-info.php:5

actionolb_plugin_infoclass\my-info.php:6

actionolb_latest_infoclass\my-info.php:7

actionolb_extensions_infoclass\my-info.php:8

filterolb_get_room_dataclass\my-room.php:5

filterolb_get_portraitclass\my-room.php:6

actionplugins_loadedclass\my-settings.php:66

actioninitclass\my-settings.php:67

actionplugins_loadedclass\my-settings.php:69

actionplugins_loadedclass\my-settings.php:70

filterolb_get_user_dataclass\my-ticket.php:5

filterolb_added_profileclass\my-ticket.php:6

filterolb_added_profile_adminclass\my-ticket.php:7

actionolb_reservationclass\my-ticket.php:8

actionolb_cancellationclass\my-ticket.php:9

actionolb_cancellation_by_teacherclass\my-ticket.php:10

filterolb_update_profileclass\my-ticket.php:11

filterolb_update_term_exceptionclass\my-ticket.php:12

filterolb_can_reservationclass\my-ticket.php:13

filterolb_errorclass\my-ticket.php:14

filterolb_email_valuesclass\my-ticket.php:16

Scheduled Events 1

olb_cron

Maintenance & Trust

Online Lesson Booking Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 6, 2026

PHP min version7.0

Downloads36K

Community Trust

Rating80/100

Number of ratings2

Active installs600

Alternatives

Online Lesson Booking Alternatives

SimplyBook.me – Booking and reservations calendar

simplybook

100

Simply add a booking calendar to your site to schedule bookings, reservations, appointments and to collect payments.

20K No CVEs

Booking Package

booking-package

Booking Package is the simplest solution for integrating an online appointment booking calendar system and event calendar into your WordPress website.

10K 6 CVEs

Easy Appointments

easy-appointments

Add Booking system to your WordPress site and manage Appointments with ease. Extremely flexible time management and custom email notifications.

10K 7 CVEs

Easy Booking – WooCommerce Booking & Reservation Plugin

woocommerce-easy-booking-system

100

A simple and flexible WooCommerce booking & reservation plugin to manage dates, availability and pricing on your products.

5K No CVEs

Booking calendar, Appointment Booking System

booking-calendar

Booking calendar plugin is an awesome tool for creating appointment booking calendars and Scheduling systems in a few minutes.

4K 1 unpatched

Developer Profile

Online Lesson Booking Developer Profile

tnomi

3 plugins · 2K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

1688 days

View full developer profile

Detection Fingerprints

How We Detect Online Lesson Booking

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/online-lesson-booking-system/admin.css

HTML / DOM Fingerprints

CSS Classes

wrapmetabox-holderhas-right-sidebarpostboxform-table

HTML Comments

/* 
 * 	管理画面: WP Admin page
 */

/** 
 * 	CSS for admin page
 */

/** 
 * 	プラグインメニュー: Plugin menu
 */

/*
			if ( $olb_options['settings']['ticket_metakey'] != $before['settings']['ticket_metakey'] ) {
				$table = $wpdb->prefix.'usermeta';
				$ret = $wpdb->update( $table, array( 'meta_key' => $olb_options['settings']['ticket_metakey'] ), array( 'meta_key'=>$before['settings']['ticket_metakey'] ));
			}
			*/

Data Attributes

name="olb_options[starttime]"name="olb_options[endtime]"name="olb_options[interval]"name="olb_options[reserve_deadline]"name="olb_options[cancel_deadline]"name="olb_options[preserve_past]"+3 more

JS Globals

OLBsystem

FAQ