WP-Safety

SeatReg Security & Risk Analysis

wordpress.org/plugins/seatreg

Create and manage online registrations. Design your own registration layout and manage bookings.

400 active installs v1.67.5 PHP 7.2.28+ WP 5.3+ Updated Mar 11, 2026
event-managementonline-bookingonline-registrationreservationseat-plan
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 30, 2025
Plugin page Download
Safety Verdict

Is SeatReg Safe to Use in 2026?

Generally Safe

Score 99/100

SeatReg has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 30, 2025Updated 23d ago
Risk Assessment

The "seatreg" v1.67.6 plugin exhibits a mixed security posture. While it shows strengths in its use of prepared statements for SQL queries and proper output escaping, significant concerns arise from its extensive attack surface and insufficient authentication checks. The high number of unprotected AJAX handlers and REST API routes presents a considerable risk, as these can be exploited by unauthenticated users to interact with potentially sensitive functionalities. The taint analysis further highlights this, with a high number of flows identified with unsanitized paths, particularly those flagged as high severity, indicating potential for injection vulnerabilities.

The plugin's vulnerability history, while showing no currently unpatched CVEs, does reveal a past medium-severity vulnerability related to Cross-Site Scripting. This, combined with the taint analysis findings, suggests a pattern where input sanitization and validation may not always be robust, leaving it susceptible to certain types of attacks if not thoroughly addressed. The presence of bundled libraries like TCPDF and Stripe PHP, while not inherently a risk, warrants attention to ensure they are up-to-date and free from known vulnerabilities.

In conclusion, "seatreg" v1.67.6 has made positive strides in areas like database security and output handling. However, the substantial number of unprotected entry points and the concerning taint analysis results necessitate immediate attention to mitigate risks associated with unauthenticated access and potential input-based vulnerabilities. Addressing these weaknesses is crucial for improving the overall security of the plugin.

Key Concerns

  • Large attack surface without auth (AJAX)
  • Large attack surface without auth (REST API)
  • High severity taint flows
  • Bundled library TCPDF
  • Bundled library Stripe PHP
  • Low number of nonce checks
  • Low number of capability checks
Vulnerabilities
1

SeatReg Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-13463medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SeatReg <= 1.56.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 30, 2025 Patched in 1.56.1 (1d)
Code Analysis
Analyzed Mar 16, 2026

SeatReg Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
93 prepared
Unescaped Output
105
953 escaped
Nonce Checks
5
Capability Checks
3
File Operations
14
External Requests
1
Bundled Libraries
2

Bundled Libraries

TCPDFStripe PHP

SQL Query Safety

93% prepared100 total queries

Output Escaping

90% escaped1058 total outputs
Data Flows
15 unsanitized

Data Flow Analysis

16 flows15 with unsanitized paths
<booking_status> (php\pages\booking_status.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
34 unprotected

SeatReg Attack Surface

Entry Points37
Unprotected34

AJAX Handlers 32

authwp_ajax_get_seatreg_layout_and_bookingsphp\seatreg_functions.php:3590
authwp_ajax_seatreg_update_layoutphp\seatreg_functions.php:3606
authwp_ajax_seatreg_seat_password_checkphp\seatreg_functions.php:3651
noprivwp_ajax_seatreg_seat_password_checkphp\seatreg_functions.php:3652
authwp_ajax_seatreg_check_couponphp\seatreg_functions.php:3673
noprivwp_ajax_seatreg_check_couponphp\seatreg_functions.php:3674
authwp_ajax_seatreg_fetch_bookings_and_infophp\seatreg_functions.php:3697
noprivwp_ajax_seatreg_fetch_bookings_and_infophp\seatreg_functions.php:3698
authwp_ajax_seatreg_booking_submitphp\seatreg_functions.php:3712
noprivwp_ajax_seatreg_booking_submitphp\seatreg_functions.php:3713
authwp_ajax_seatreg_resend_receiptphp\seatreg_functions.php:3778
noprivwp_ajax_seatreg_resend_receiptphp\seatreg_functions.php:3779
authwp_ajax_seatreg_get_room_statsphp\seatreg_functions.php:3805
authwp_ajax_seatreg_delete_api_tokenphp\seatreg_functions.php:3814
authwp_ajax_seatreg_custom_payment_icon_uploadphp\seatreg_functions.php:3829
authwp_ajax_seatreg_create_api_tokenphp\seatreg_functions.php:3860
authwp_ajax_seatreg_get_booking_managerphp\seatreg_functions.php:3884
authwp_ajax_seatreg_confirm_del_bookingsphp\seatreg_functions.php:3918
authwp_ajax_seatreg_search_bookingsphp\seatreg_functions.php:3981
authwp_ajax_seatreg_add_booking_with_managerphp\seatreg_functions.php:4000
authwp_ajax_seatreg_edit_bookingphp\seatreg_functions.php:4122
authwp_ajax_seatreg_save_booking_approved_email_custom_textphp\seatreg_functions.php:4173
authwp_ajax_seatreg_upload_imagephp\seatreg_functions.php:4196
authwp_ajax_seatreg_remove_imgphp\seatreg_functions.php:4229
authwp_ajax_seatreg_remove_custom_payment_imgphp\seatreg_functions.php:4251
authwp_ajax_seatreg_send_test_emailphp\seatreg_functions.php:4269
authwp_ajax_seatreg_get_booking_logsphp\seatreg_functions.php:4293
authwp_ajax_seatreg_get_registration_logsphp\seatreg_functions.php:4308
authwp_ajax_seatreg_booking_payment_status_changephp\seatreg_functions.php:4323
authwp_ajax_seatreg_create_payment_logphp\seatreg_functions.php:4344
authwp_ajax_seatreg_inspect_booking_csvphp\seatreg_functions.php:4361
authwp_ajax_seatreg_import_bookingsphp\seatreg_functions.php:4383

REST API Routes 4

GET/wp-json/seatreg/v1/echophp\public_api.php:4
GET/wp-json/seatreg/v1/validate-tokenphp\public_api.php:9
GET/wp-json/seatreg/v1/bookingsphp\public_api.php:14
GET/wp-json/seatreg/v1/notification-bookingsphp\public_api.php:19

Shortcodes 1

[seatreg] php\seatreg_shortcode.php:62
WordPress Hooks 28
actionphpmailer_initphp\emails.php:95
actionadmin_enqueue_scriptsphp\enqueue_admin.php:15
actionwp_print_stylesphp\enqueue_public.php:6
actionwp_print_scriptsphp\enqueue_public.php:31
actionwp_enqueue_scriptsphp\enqueue_public.php:55
actionwp_headphp\enqueue_public.php:134
actionwp_headphp\enqueue_public.php:170
actionwp_headphp\enqueue_public.php:180
actionrest_api_initphp\public_api.php:3
actionadmin_menuphp\seatreg_actions.php:8
actionafter_setup_themephp\seatreg_actions.php:11
filtermultilingualpress.hreflang_typephp\seatreg_actions.php:39
actionplugins_loadedphp\seatreg_actions.php:43
actionseatreg_pending_booking_expirationphp\seatreg_actions.php:50
actionadmin_initphp\seatreg_actions.php:56
filtershow_admin_barphp\seatreg_filters.php:7
filtertemplate_includephp\seatreg_filters.php:19
filtertemplate_includephp\seatreg_filters.php:28
actiontemplate_redirectphp\seatreg_filters.php:37
filterinitphp\seatreg_filters.php:46
filteradmin_body_classphp\seatreg_filters.php:137
filteradmin_footer_textphp\seatreg_filters.php:150
filtercron_schedulesphp\seatreg_filters.php:155
actionadmin_post_seatreg_create_submitphp\seatreg_functions.php:3050
actionadmin_post_seatreg_copy_registrationphp\seatreg_functions.php:3078
actionadmin_post_seatreg_delete_registrationphp\seatreg_functions.php:3107
actionadmin_post_seatreg-form-submitphp\seatreg_functions.php:3544
actionadmin_post_seatreg_toggle_companion_appphp\seatreg_functions.php:3560

Scheduled Events 1

seatreg_pending_booking_expiration
Maintenance & Trust

SeatReg Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0
Last updatedMar 11, 2026
PHP min version7.2.28
Downloads28K

Community Trust

Rating100/100
Number of ratings29
Active installs400
Alternatives

SeatReg Alternatives

Checkfront Online Booking System

Checkfront Online Booking System

checkfront-wp-booking

A
85

The Premier Wordpress Plugin for Easy Online Booking of Tours, Activities, Rentals & Accommodations.

2K 1 CVE
Booking Ultra Pro Appointments Booking Calendar Plugin

Booking Ultra Pro Appointments Booking Calendar Plugin

booking-ultra-pro

C
50

Powerful Booking Plugin with amazing dashboard to manage all of your appointments & bookings online.

500 1 unpatched
IdoBooking

IdoBooking

booking-calendar-with-availability-management

A
85

Add a calendar to a reservation of: a room, suite, night or an attraction. The system sends emails, calculates payments and updates availability.

100 No CVEs
MyBooking Reservation Engine

MyBooking Reservation Engine

mybooking-reservation-engine

A
100

Mybooking Reservation Engine WordPress plugin.

100 No CVEs
Rdv360 Réservation en ligne

Rdv360 Réservation en ligne

rdv360-reservation-en-ligne

A
85

Le plugin permet d'ajouter une page de réservation en ligne rdv360.

100 No CVEs
Developer Profile

SeatReg Developer Profile

Siim Kirjanen

2 plugins · 400 total installs

100
trust score
Avg Security Score
100/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect SeatReg

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/seatreg/css/custom-theme/jquery-ui-1.9.2.custom.min.css/wp-content/plugins/seatreg/css/bootstrap.min.css/wp-content/plugins/seatreg/js/jquery-ui-multidatespicker/jquery-ui.multidatespicker.css/wp-content/plugins/seatreg/css/alertify.core.css/wp-content/plugins/seatreg/css/alertify.default.css/wp-content/plugins/seatreg/js/vanilla-picker/dist/vanilla-picker.csp.css/wp-content/plugins/seatreg/css/seatreg_builder.min.css/wp-content/plugins/seatreg/css/seatreg_admin.min.css+22 more
Script Paths
/wp-content/plugins/seatreg/js/selectableScroll.js/wp-content/plugins/seatreg/js/bootstrap.min.js/wp-content/plugins/seatreg/js/jquery-ui-multidatespicker/jquery-ui.multidatespicker.js/wp-content/plugins/seatreg/js/alertify.js/wp-content/plugins/seatreg/js/jquery.easytabs.js/wp-content/plugins/seatreg/js/vanilla-picker/dist/vanilla-picker.js+14 more
Version Parameters
seatreg/css/custom-theme/jquery-ui-1.9.2.custom.min.css?ver=seatreg/css/bootstrap.min.css?ver=seatreg/js/jquery-ui-multidatespicker/jquery-ui.multidatespicker.css?ver=seatreg/css/alertify.core.css?ver=seatreg/css/alertify.default.css?ver=seatreg/js/vanilla-picker/dist/vanilla-picker.csp.css?ver=seatreg/css/seatreg_builder.min.css?ver=seatreg/css/seatreg_admin.min.css?ver=seatreg/fonts/open-sans/open-sans.css?ver=seatreg/css/jquery.powertip.css?ver=seatreg/js/selectableScroll.js?ver=seatreg/js/bootstrap.min.js?ver=seatreg/js/jquery-ui-multidatespicker/jquery-ui.multidatespicker.js?ver=seatreg/js/alertify.js?ver=seatreg/js/jquery.easytabs.js?ver=seatreg/js/vanilla-picker/dist/vanilla-picker.js?ver=seatreg/js/jquery.powertip.js?ver=seatreg/js/seatreg_admin.min.js?ver=seatreg/js/seatreg_common.js?ver=seatreg/js/seatreg_overview.js?ver=seatreg/js/seatreg_builder.js?ver=seatreg/js/seatreg_options.js?ver=seatreg/js/seatreg_management.js?ver=seatreg/js/seatreg_tools.js?ver=seatreg/js/seatreg_companion_app.js?ver=seatreg/js/jquery.tablesorter.min.js?ver=seatreg/js/dateformat.js?ver=seatreg/js/seatreg_public.js?ver=seatreg/js/seatreg_submit.js?ver=seatreg/js/seatreg_submit_booking.js?ver=

HTML / DOM Fingerprints

CSS Classes
seatreg-builderseatreg-builder-elementsseatreg-builder-elementseatreg-builder-element-contentseatreg-builder-element-optionsseatreg-admin-pageseatreg-overviewseatreg-options+7 more
HTML Comments
SeatReg Admin Page enqueue functionsSeatReg Public enqueue functionsSeatReg Shortcodes
Data Attributes
data-seatreg-element-typedata-seatreg-element-iddata-seatreg-builder-sectiondata-seatreg-builder-fielddata-seatreg-color
JS Globals
seatreg_admin_varsseatreg_public_varsseatreg_submit_varsseatreg_submit_booking_vars
Shortcode Output
[seatreg_booking_form][seatreg_registration_form][seatreg_event_list]
FAQ

Frequently Asked Questions about SeatReg