WP-Safety

Simplex Booking Engine Security & Risk Analysis

wordpress.org/plugins/simplex-booking-engine

Simplex Digital Hotel Marketing LTD booking engine plugin for easy installation and seamless integration with WordPress websites.

20 active installs v2.0.4 PHP 7.2+ WP 5.7+ Updated Dec 24, 2025
hotel-booking-engine
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Simplex Booking Engine Safe to Use in 2026?

Generally Safe

Score 100/100

Simplex Booking Engine has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "simplex-booking-engine" v2.0.4 plugin exhibits several significant security concerns, primarily due to a lack of authentication and authorization checks on its exposed entry points. All five identified entry points, including AJAX handlers and REST API routes, are unprotected, creating a wide attack surface that could be exploited by unauthenticated users. While the plugin demonstrates good practices regarding SQL queries (100% prepared statements) and output escaping (100% escaped), these strengths are overshadowed by the critical risk of unauthorized access and manipulation of booking data. The absence of nonce checks further exacerbates this risk, making it easier for attackers to forge requests. The plugin's vulnerability history is clean, with no recorded CVEs, which might suggest a lower perceived target or a lack of thorough past analysis. However, this absence of historical issues should not be mistaken for current security robustness, especially given the identified weaknesses in its access control mechanisms.

Key Concerns

  • AJAX handlers without authentication
  • REST API routes without permission callbacks
  • Total entry points unprotected
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Simplex Booking Engine Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Simplex Booking Engine Release Timeline

v2.0.4Current
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.1.21
v1.1.20
v1.1.18
v1.1.16
v1.1.15
v1.1.14
v1.1.12
v1.1.10
v1.1.09
v1.1.08
v1.1.06
v1.1.0
v1.0.27
v1.0.26.3
v1.0.26.2
Code Analysis
Analyzed Apr 16, 2026

Simplex Booking Engine Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
37 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
3
Bundled Libraries
0

Output Escaping

100% escaped37 total outputs
Attack Surface
5 unprotected

Simplex Booking Engine Attack Surface

Entry Points5
Unprotected5

AJAX Handlers 4

authwp_ajax_fetch_frontend_htmlincludes/admin/pages/class-simplexbe-settings-page-engine.php:21
noprivwp_ajax_fetch_frontend_htmlincludes/admin/pages/class-simplexbe-settings-page-engine.php:22
authwp_ajax_get_hotel_datasimplex-booking-engine.php:80
noprivwp_ajax_get_hotel_datasimplex-booking-engine.php:81

REST API Routes 1

GET/wp-json/myplugin/v1/hotel-datasimplex-booking-engine.php:86
WordPress Hooks 42
actionadmin_menuincludes/admin/class-simplexbe-admin-pages.php:34
actionadmin_menuincludes/admin/class-simplexbe-admin-pages.php:35
actionadmin_enqueue_scriptsincludes/admin/class-simplexbe-admin-pages.php:36
actionadmin_initincludes/admin/class-simplexbe-admin-pages.php:37
actionadmin_menuincludes/admin/pages/class-simplexbe-settings-page-deals.php:18
actionadmin_enqueue_scriptsincludes/admin/pages/class-simplexbe-settings-page-deals.php:19
actionadmin_initincludes/admin/pages/class-simplexbe-settings-page-deals.php:20
actionadmin_initincludes/admin/pages/class-simplexbe-settings-page-engine.php:18
actionadmin_menuincludes/admin/pages/class-simplexbe-settings-page-engine.php:19
actionadmin_enqueue_scriptsincludes/admin/pages/class-simplexbe-settings-page-engine.php:20
actionupdate_option_simplexbe_engine_optionsincludes/admin/pages/class-simplexbe-settings-page-engine.php:23
actionwp_enqueue_scriptsincludes/features/elementor/class-simplexbe-elementor-widgets.php:21
actionelementor/editor/after_enqueue_stylesincludes/features/elementor/class-simplexbe-elementor-widgets.php:22
actionelementor/elements/categories_registeredincludes/features/elementor/class-simplexbe-elementor-widgets.php:25
actionelementor/widgets/widgets_registeredincludes/features/elementor/class-simplexbe-elementor-widgets.php:28
actionelementor/widgets/widgets_registeredincludes/features/elementor/class-simplexbe-elementor-widgets.php:29
actionelementor/widgets/widgets_registeredincludes/features/elementor/class-simplexbe-elementor-widgets.php:32
actionelementor/widgets/widgets_registeredincludes/features/elementor/class-simplexbe-elementor-widgets.php:33
actionenqueue_block_editor_assetsincludes/features/gutenberg/blocks/class-simplexbe-block-deals-grid.php:11
actionenqueue_block_assetsincludes/features/gutenberg/blocks/class-simplexbe-block-deals-grid.php:12
actioninitincludes/features/gutenberg/blocks/class-simplexbe-block-deals-grid.php:13
actionenqueue_block_editor_assetsincludes/features/gutenberg/blocks/class-simplexbe-block-deals.php:11
actionenqueue_block_assetsincludes/features/gutenberg/blocks/class-simplexbe-block-deals.php:12
actioninitincludes/features/gutenberg/blocks/class-simplexbe-block-deals.php:13
actionenqueue_block_editor_assetsincludes/features/gutenberg/blocks/class-simplexbe-block-engine.php:11
actionenqueue_block_assetsincludes/features/gutenberg/blocks/class-simplexbe-block-engine.php:12
actioninitincludes/features/gutenberg/blocks/class-simplexbe-block-engine.php:13
actionenqueue_block_editor_assetsincludes/features/gutenberg/blocks/class-simplexbe-block-promo-code.php:11
actionenqueue_block_assetsincludes/features/gutenberg/blocks/class-simplexbe-block-promo-code.php:12
actioninitincludes/features/gutenberg/blocks/class-simplexbe-block-promo-code.php:13
actionenqueue_block_editor_assetsincludes/features/gutenberg/class-simplexbe-gutenberg-blocks.php:27
actionenqueue_block_assetsincludes/features/gutenberg/class-simplexbe-gutenberg-blocks.php:28
filterblock_categories_allincludes/features/gutenberg/class-simplexbe-gutenberg-blocks.php:29
actionwp_enqueue_scriptsincludes/shared/class-simplexbe-deals.php:28
actionadmin_enqueue_scriptsincludes/shared/class-simplexbe-deals.php:29
actionwp_enqueue_scriptsincludes/shared/class-simplexbe-engine.php:34
actionadmin_enqueue_scriptsincludes/shared/class-simplexbe-engine.php:35
actioninitsimplex-booking-engine.php:35
actionplugins_loadedsimplex-booking-engine.php:43
actionwp_enqueue_scriptssimplex-booking-engine.php:77
actionadmin_enqueue_scriptssimplex-booking-engine.php:78
actionrest_api_initsimplex-booking-engine.php:83
Maintenance & Trust

Simplex Booking Engine Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 24, 2025
PHP min version7.2
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

Simplex Booking Engine Alternatives

Astro Booking Engine

Astro Booking Engine

astro-booking-engine

A
100

Use shortcode [astro-booking-engine] to display the booking form. Configure with 5Stelle, Iperbooking, Passepartout, Simple booking, or Vertical booki …

10 No CVEs
Bookwize Integrated Cinnamon

Bookwize Integrated Cinnamon

bookwize-integrated-cinnamon

A
85

Integrate Bookwize Hotel Booking Engine in your WordPress website and let visitors check availability and rates and make a booking directly from your …

10 No CVEs
Softinn Hotel Booking Engine

Softinn Hotel Booking Engine

softinn-booking-engine

A
92

Unlock room booking power on your WP site with Softinn Hotel Booking Engine, tailored for boutique hotels in Southeast Asia.

10 No CVEs
Developer Profile

Simplex Booking Engine Developer Profile

ranisimplex

1 plugin · 20 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Simplex Booking Engine

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/simplex-booking-engine/assets/shared/helper.js/wp-content/plugins/simplex-booking-engine/assets/shared/slick-slider/slick.css/wp-content/plugins/simplex-booking-engine/assets/shared/slick-slider/slick.min.js
Script Paths
/wp-content/plugins/simplex-booking-engine/assets/shared/helper.js/wp-content/plugins/simplex-booking-engine/assets/shared/slick-slider/slick.min.js
Version Parameters
simplex-booking-engine/simplex-booking-engine.php?ver=simplex-booking-engine/assets/shared/helper.js?ver=simplex-booking-engine/assets/shared/slick-slider/slick.css?ver=simplex-booking-engine/assets/shared/slick-slider/slick.min.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-simplexbe-widget-id
JS Globals
SIMPLEXBE_dataSIMPLEXBE_plugin_url
REST Endpoints
/myplugin/v1/hotel-data
Shortcode Output
[simplex_booking]
FAQ

Frequently Asked Questions about Simplex Booking Engine