WP-Safety

Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin Security & Risk Analysis

wordpress.org/plugins/tourfic

Hotel, Travel, Car Rental & Tour Booking WordPress plugin. Build a website like Agoda, Booking.com, Airbnb, Enterprise, Avis with WooCommerce

2K active installs v2.21.2 PHP 7.4+ WP 5.4+ Updated Mar 12, 2026
car-rentalhotel-bookingmultivendor-marketplacetour-bookingtravel-booking
93
A · Safe
CVEs total8
Unpatched0
Last CVEJan 24, 2025
Plugin page Download
Safety Verdict

Is Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin Safe to Use in 2026?

Generally Safe

Score 93/100

Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

8 known CVEsLast CVE: Jan 24, 2025Updated 22d ago
Risk Assessment

The Tourfic plugin v2.21.3 exhibits a mixed security posture. While it demonstrates good practices in SQL query preparation (93%) and output escaping (88%), several areas raise concerns. A significant attack surface is exposed with 118 AJAX handlers, of which 22 lack authentication checks, presenting a direct avenue for unauthorized actions. The taint analysis reveals a considerable number of flows with unsanitized paths, including 13 of critical severity, indicating potential for vulnerabilities like Cross-Site Scripting (XSS) or SQL Injection if input is not properly handled. The plugin's history of 8 CVEs, with a recent one in 2025, spanning SQL Injection, Missing Authorization, CSRF, XSS, Deserialization, and Unrestricted Uploads, suggests recurring security weaknesses. The presence of 'unserialize' among dangerous functions, combined with past deserialization vulnerabilities, is particularly concerning for data integrity and security.

Key Concerns

  • 22 AJAX handlers without auth checks
  • 13 High severity taint flows
  • Dangerous function: unserialize
  • History of 3 high severity CVEs
  • History of 5 medium severity CVEs
  • Unrestricted Upload vulnerability history
  • Deserialization of Untrusted Data vulnerability history
  • 27 flows with unsanitized paths
Vulnerabilities
8

Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin Security Vulnerabilities

CVEs by Year

7 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
3
Medium
5

8 total CVEs

CVE-2025-24650high · 7.2Unrestricted Upload of File with Dangerous Type

Tourfic <= 2.15.3 - Authenticated (Admin+) Arbitrary File Upload

Jan 24, 2025 Patched in 2.15.4 (5d)
CVE-2024-12032medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking <= 2.15.3 - Authenticated (Subscriber+) SQL Injection

Dec 24, 2024 Patched in 2.15.4 (1d)
CVE-2024-8860medium · 4.3Missing Authorization

Tourfic <= 2.14.5 - Missing Authorization in Multiple Functions

Sep 13, 2024 Patched in 2.15.0 (347d)
CVE-2024-8319medium · 4.3Cross-Site Request Forgery (CSRF)

Tourfic <= 2.11.20 - Cross-Site Request Forgery in Multiple Functions

Aug 29, 2024 Patched in 2.11.21 (1d)
CVE-2024-29137medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Tourfic <= 2.11.7 - Reflected Cross-Site Scripting

Mar 18, 2024 Patched in 2.11.8 (5d)
CVE-2024-29136high · 8.8Deserialization of Untrusted Data

Tourfic <= 2.11.17 - Authenticated (Subscriber+) PHP Object Injection

Mar 18, 2024 Patched in 2.11.19 (5d)
CVE-2024-29135high · 8.8Unrestricted Upload of File with Dangerous Type

Tourfic <= 2.11.15 - Authenticated (Subscriber+) Arbitrary File Upload

Mar 18, 2024 Patched in 2.11.16 (5d)
CVE-2024-29134medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Tourfic <= 2.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 18, 2024 Patched in 2.11.9 (5d)
Code Analysis
Analyzed Mar 16, 2026

Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin Code Analysis

Dangerous Functions
48
Raw SQL Queries
9
129 prepared
Unescaped Output
1210
9244 escaped
Nonce Checks
90
Capability Checks
67
File Operations
12
External Requests
2
Bundled Libraries
1

Dangerous Functions Found

unserialize$airport_pickup_price = unserialize( $tf_hotel_airport_pickup_price_value );inc\Admin\Backend_Booking\TF_Hotel_Backend_Booking.php:696
unserialize$airport_pickup_price = unserialize( $tf_hotel_airport_pickup_price_value );inc\Admin\Backend_Booking\TF_Hotel_Backend_Booking.php:748
unserialize$airport_pickup_price = unserialize( $tf_hotel_airport_pickup_price_value );inc\Admin\Backend_Booking\TF_Hotel_Backend_Booking.php:799
unserialize$tour_extras = unserialize( $tour_extras_unserial );inc\Admin\Backend_Booking\TF_Tour_Backend_Booking.php:172
unserialize$room = unserialize( $tf_hotel_exc_value );inc\Admin\TF_Demo_Importer.php:493
unserialize$room = unserialize( $tf_hotel_exc_value );inc\Admin\TF_Demo_Importer.php:536
unserialize$room = unserialize( $tf_hotel_exc_value );inc\Admin\TF_Demo_Importer.php:568
unserialize$post_meta['tf_tours_opt']['disabled_day'] = unserialize( $row[ $column_index ] );inc\Admin\TF_Demo_Importer.php:1202
unserialize$itinerary = unserialize( $tf_hotel_exc_value );inc\Admin\TF_Demo_Importer.php:1272
unserialize$room = unserialize( $tf_hotel_exc_value );inc\Admin\TF_Demo_Importer.php:1857
unserialize$room = unserialize( $tf_aprt_exc_value );inc\Admin\TF_Demo_Importer.php:1900
unserializeif (@unserialize($tf_rep_value) !== false || $tf_rep_value === 'b:0;') {inc\Admin\TF_Options\fields\accordion\TF_accordion.php:22
unserialize$data = @unserialize($tf_rep_value);inc\Admin\TF_Options\fields\accordion\TF_accordion.php:23
unserialize$color_value = ( ! is_array( $this->value ) ) ? unserialize( $this->value ) : $this->value;inc\Admin\TF_Options\fields\color\TF_color.php:13
unserialize$mapdata = unserialize( $mapdata );inc\Admin\TF_Options\fields\map\TF_map.php:18
unserializeif (@unserialize($tf_rep_value) !== false || $tf_rep_value === 'b:0;') {inc\Admin\TF_Options\fields\repeater\TF_repeater.php:32
unserialize$data = @unserialize($tf_rep_value);inc\Admin\TF_Options\fields\repeater\TF_repeater.php:33
unserialize$value = ( ! empty( $this->value ) && ! is_array( $this->value ) ) ? unserialize( $this->value ) : inc\Admin\TF_Options\fields\switch_group\TF_switch_group.php:34
unserialize$data = ( ! is_array( $this->value ) ) ? unserialize( $this->value ) : $this->value;inc\Admin\TF_Options\fields\tab\TF_tab.php:78
unserialize$fields = unserialize( $tf_hotel_fields_value );inc\App\TF_Review.php:409
unserialize$map = unserialize( $tf_apartment_map_value );inc\Classes\Apartment\Apartment.php:2055
unserialize$itineraries = unserialize( $tf_hotel_itineraries_value );inc\Classes\Enqueue.php:142
unserializereturn unserialize( $tf_serialize_date );inc\Classes\Helper.php:194
unserialize$prev_primary = !empty($options['tourfic-design1-global-color']) ? unserialize($options['tourfic-desinc\Classes\Migrator.php:527
unserialize$prev_body_text = !empty($options['tourfic-design1-p-global-color']) ? unserialize($options['tourficinc\Classes\Migrator.php:528
unserialize$prev_template3 = !empty($options['tourfic-template3-bg']) ? unserialize($options['tourfic-template3inc\Classes\Migrator.php:529
unserialize$rooms = unserialize( $old_meta['tf_room'][0] );inc\Classes\Migrator.php:636
unserialize$faqs = unserialize( $old_meta['tf_faqs'][0] );inc\Classes\Migrator.php:650
unserialize$tour_options = unserialize( $old_meta['tf_tours_option'][0] );inc\Classes\Migrator.php:744
unserialize$tour_options = unserialize( $old_meta['tf_tours_option'][0] );inc\Classes\Migrator.php:774
unserialize$hotel_options = unserialize( $old_meta['tf_hotel'][0] );inc\Classes\Migrator.php:823
unserialize$rooms = unserialize( $tf_hotel_rooms_value );inc\Classes\Migrator.php:1147
unserialize$cont_custom_date = unserialize( $cont_custom_date_unserial );inc\Classes\Migrator.php:1521
unserialize$tour_extras = unserialize( $tour_extras_unserial );inc\Classes\Tour\Tour.php:1015
unserialize$tour_extras = unserialize( $tour_extras_unserial );inc\Classes\Tour\Tour.php:1998
unserialize$tf_tour_unserial_fixed_date = unserialize( $tf_tour_unserial_fixed_date );inc\Classes\Tour\Tour.php:3846
unserialize$airport_pickup_price = unserialize( $tf_hotel_airport_pickup_price_value );inc\functions\woocommerce\wc-hotel.php:555
unserialize$airport_pickup_price = unserialize( $tf_hotel_airport_pickup_price_value );inc\functions\woocommerce\wc-hotel.php:607
unserialize$airport_pickup_price = unserialize( $tf_hotel_airport_pickup_price_value );inc\functions\woocommerce\wc-hotel.php:658
unserializereturn unserialize( $tf_serialize_date );inc\functions.php:46
unserialize$unserialize_car_time_slots = !empty($car_time_slots) ? unserialize($car_time_slots) : array();inc\Traits\Action_Helper.php:2165
unserialize$map = unserialize( $tf_apartment_map_value );templates\apartment\single-apartment.php:95
unserialize$faqs = unserialize( $tf_hotel_faqs_value );templates\hotel\single-hotel.php:134
unserialize$unserialize_car_time_slots = !empty($car_time_slots) ? unserialize($car_time_slots) : array();templates\template-parts\car\design-1.php:17
unserialize$faqs = unserialize( $tf_hotel_faqs_value );templates\tour\single-tour.php:183
unserialize$inc = unserialize( $tf_hotel_inc_value );templates\tour\single-tour.php:190
unserialize$exc = unserialize( $tf_hotel_exc_value );templates\tour\single-tour.php:197
unserialize$itineraries = unserialize( $tf_hotel_itineraries_value );templates\tour\single-tour.php:209

Bundled Libraries

Select2

SQL Query Safety

93% prepared138 total queries

Output Escaping

88% escaped10454 total outputs
Data Flows
27 unsanitized

Data Flow Analysis

25 flows27 with unsanitized paths
render (inc\App\Shortcodes\Search_Result.php:23)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
22 unprotected

Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin Attack Surface

Entry Points119
Unprotected22

AJAX Handlers 118

authwp_ajax_tf_check_available_apartmentinc\Admin\Backend_Booking\TF_Apartment_Backend_Booking.php:31
authwp_ajax_tf_check_apartment_aditional_feesinc\Admin\Backend_Booking\TF_Apartment_Backend_Booking.php:32
authwp_ajax_tf_backend_apartment_bookinginc\Admin\Backend_Booking\TF_Apartment_Backend_Booking.php:33
authwp_ajax_tf_check_available_hotelinc\Admin\Backend_Booking\TF_Hotel_Backend_Booking.php:131
authwp_ajax_tf_check_available_roominc\Admin\Backend_Booking\TF_Hotel_Backend_Booking.php:132
authwp_ajax_tf_update_room_fieldsinc\Admin\Backend_Booking\TF_Hotel_Backend_Booking.php:133
authwp_ajax_tf_backend_hotel_bookinginc\Admin\Backend_Booking\TF_Hotel_Backend_Booking.php:134
authwp_ajax_tf_tour_date_time_updateinc\Admin\Backend_Booking\TF_Tour_Backend_Booking.php:137
authwp_ajax_tf_backend_tour_bookinginc\Admin\Backend_Booking\TF_Tour_Backend_Booking.php:138
authwp_ajax_tf_order_status_email_resendinc\Admin\Emails\TF_Handle_Emails.php:38
authwp_ajax_tf_duplicate_post_datainc\Admin\TF_Duplicator.php:12
authwp_ajax_tf_options_saveinc\Admin\TF_Options\classes\TF_Settings.php:38
authwp_ajax_tf_options_resetinc\Admin\TF_Options\classes\TF_Settings.php:39
authwp_ajax_tf_search_settings_autocompleteinc\Admin\TF_Options\classes\TF_Settings.php:40
authwp_ajax_tf_export_datainc\Admin\TF_Options\classes\TF_Settings.php:42
authwp_ajax_themefic_manage_plugininc\Admin\TF_Options\classes\TF_Settings.php:44
authwp_ajax_tf_load_more_iconsinc\Admin\TF_Options\TF_Options.php:39
authwp_ajax_tf_icon_searchinc\Admin\TF_Options\TF_Options.php:40
authwp_ajax_tf_add_hotel_room_availabilityinc\Admin\TF_Options\TF_Options.php:42
authwp_ajax_tf_get_hotel_room_availabilityinc\Admin\TF_Options\TF_Options.php:43
authwp_ajax_tf_reset_room_availabilityinc\Admin\TF_Options\TF_Options.php:44
authwp_ajax_tf_add_apartment_availabilityinc\Admin\TF_Options\TF_Options.php:46
authwp_ajax_tf_get_apartment_availabilityinc\Admin\TF_Options\TF_Options.php:47
authwp_ajax_tf_reset_apt_availabilityinc\Admin\TF_Options\TF_Options.php:48
authwp_ajax_tf_add_tour_availabilityinc\Admin\TF_Options\TF_Options.php:50
authwp_ajax_tf_get_tour_availabilityinc\Admin\TF_Options\TF_Options.php:51
authwp_ajax_save_tour_package_pricinginc\Admin\TF_Options\TF_Options.php:52
authwp_ajax_save_tour_pricing_typeinc\Admin\TF_Options\TF_Options.php:53
authwp_ajax_tf_reset_tour_availabilityinc\Admin\TF_Options\TF_Options.php:54
authwp_ajax_tf_insert_category_datainc\Admin\TF_Options\TF_Options.php:56
authwp_ajax_tf_delete_category_datainc\Admin\TF_Options\TF_Options.php:57
authwp_ajax_tf_insert_post_datainc\Admin\TF_Options\TF_Options.php:58
authwp_ajax_tf_delete_post_datainc\Admin\TF_Options\TF_Options.php:59
authwp_ajax_tf_promo_dashboard_admin_notice_dismiss_callbackinc\Admin\TF_Promo_Notice.php:70
authwp_ajax_tf_promo_notice_custom_post_meta_callbackinc\Admin\TF_Promo_Notice.php:92
authwp_ajax_tf_dashboard_widget_dismissinc\Admin\TF_Promo_Notice.php:106
authwp_ajax_tf_setup_wizard_submitinc\Admin\TF_Setup_Wizard.php:34
authwp_ajax_tf_ajax_install_wooinc\Admin\TF_Setup_Wizard.php:38
authwp_ajax_tf_ajax_activate_wooinc\Admin\TF_Setup_Wizard.php:39
authwp_ajax_tf_theme_installinginc\Admin\TF_Setup_Wizard.php:40
authwp_ajax_tf_travelfic_toolkit_installinginc\Admin\TF_Setup_Wizard.php:41
authwp_ajax_tf_travelfic_toolkit_activateinc\Admin\TF_Setup_Wizard.php:42
authwp_ajax_tf_setup_travelfic_theme_activeinc\Admin\TF_Setup_Wizard.php:43
authwp_ajax_tf_toggle_template_statusinc\App\Template_Builder.php:20
authwp_ajax_tf_load_template_markupinc\App\Template_Builder.php:22
authwp_ajax_tf_get_template_optionsinc\App\Template_Builder.php:23
authwp_ajax_tf_update_term_optionsinc\App\Template_Builder.php:24
authwp_ajax_tf_save_template_builderinc\App\Template_Builder.php:25
authwp_ajax_tf_delete_old_review_fieldsinc\App\TF_Review.php:24
authwp_ajax_tf_add_to_wishlistsinc\App\Wishlist.php:12
noprivwp_ajax_tf_add_to_wishlistsinc\App\Wishlist.php:13
noprivwp_ajax_tf_generate_tableinc\App\Wishlist.php:14
authwp_ajax_tf_remove_wishlistinc\App\Wishlist.php:15
authwp_ajax_tf_apt_room_details_qvinc\Classes\Apartment\Apartment.php:28
noprivwp_ajax_tf_apt_room_details_qvinc\Classes\Apartment\Apartment.php:29
authwp_ajax_tf_apartments_searchinc\Classes\Apartment\Apartment.php:31
noprivwp_ajax_tf_apartments_searchinc\Classes\Apartment\Apartment.php:32
authwp_ajax_tf_shortcode_type_to_locationinc\Classes\Helper.php:21
authwp_ajax_tf_affiliate_activeinc\Classes\Helper.php:22
authwp_ajax_tf_affiliate_installinc\Classes\Helper.php:23
authwp_ajax_tf_checkout_cart_item_removeinc\Classes\Helper.php:25
noprivwp_ajax_tf_checkout_cart_item_removeinc\Classes\Helper.php:26
authwp_ajax_tf_month_reportsinc\Classes\Helper.php:28
noprivwp_ajax_tf_trigger_filterinc\Classes\Helper.php:31
authwp_ajax_tf_trigger_filterinc\Classes\Helper.php:32
noprivwp_ajax_get_car_time_slotsinc\Classes\Helper.php:34
authwp_ajax_get_car_time_slotsinc\Classes\Helper.php:35
authwp_ajax_tf_get_min_max_priceinc\Classes\Helper.php:82
noprivwp_ajax_tf_get_min_max_priceinc\Classes\Helper.php:83
authwp_ajax_tf_archive_gallery_popup_qvinc\Classes\Helper.php:86
noprivwp_ajax_tf_archive_gallery_popup_qvinc\Classes\Helper.php:87
authwp_ajax_tf_room_availabilityinc\Classes\Hotel\Hotel.php:29
noprivwp_ajax_tf_room_availabilityinc\Classes\Hotel\Hotel.php:30
authwp_ajax_tf_hotel_airport_service_priceinc\Classes\Hotel\Hotel.php:31
noprivwp_ajax_tf_hotel_airport_service_priceinc\Classes\Hotel\Hotel.php:32
authwp_ajax_tf_tour_details_qvinc\Classes\Hotel\Hotel.php:33
noprivwp_ajax_tf_tour_details_qvinc\Classes\Hotel\Hotel.php:34
authwp_ajax_tf_hotel_searchinc\Classes\Hotel\Hotel.php:35
noprivwp_ajax_tf_hotel_searchinc\Classes\Hotel\Hotel.php:36
authwp_ajax_tf_remove_room_order_idsinc\Classes\Room\Room.php:20
authwp_ajax_tf_room_searchinc\Classes\Room\Room.php:21
noprivwp_ajax_tf_room_searchinc\Classes\Room\Room.php:22
authwp_ajax_tf_tour_searchinc\Classes\Tour\Tour.php:33
noprivwp_ajax_tf_tour_searchinc\Classes\Tour\Tour.php:34
noprivwp_ajax_tf_tour_booking_popupinc\Classes\Tour\Tour.php:41
authwp_ajax_tf_tour_booking_popupinc\Classes\Tour\Tour.php:42
noprivwp_ajax_tf_tour_price_calculationinc\Classes\Tour\Tour.php:44
authwp_ajax_tf_tour_price_calculationinc\Classes\Tour\Tour.php:45
authwp_ajax_tf_ask_questioninc\Core\Enquiry.php:15
noprivwp_ajax_tf_ask_questioninc\Core\Enquiry.php:16
authwp_ajax_tf_enquiry_bulk_actioninc\Core\Enquiry.php:18
authwp_ajax_tf_enquiry_filter_postinc\Core\Enquiry.php:19
authwp_ajax_tf_enquiry_reply_emailinc\Core\Enquiry.php:20
authwp_ajax_tf_enquiry_filter_mailinc\Core\Enquiry.php:21
authwp_ajax_tf_order_status_editinc\Core\TF_Booking_Details.php:19
authwp_ajax_tf_visitor_details_editinc\Core\TF_Booking_Details.php:20
authwp_ajax_tf_checkinout_details_editinc\Core\TF_Booking_Details.php:21
authwp_ajax_tf_order_bulk_action_editinc\Core\TF_Booking_Details.php:22
authwp_ajax_tf_booking_details_popupinc\Core\TF_Booking_Details.php:23
authwp_ajax_tf_booking_calendar_filterinc\Core\TF_Booking_Details.php:24
authwp_ajax_tf_disable_critical_update_admin_noticeinc\Core\TF_Notice.php:19
noprivwp_ajax_tf_extra_add_to_bookinginc\functions\functions-car.php:29
authwp_ajax_tf_extra_add_to_bookinginc\functions\functions-car.php:30
authwp_ajax_tf_car_searchinc\functions\functions-car.php:582
noprivwp_ajax_tf_car_searchinc\functions\functions-car.php:583
noprivwp_ajax_tf_car_booking_pupupinc\functions\functions-car.php:707
authwp_ajax_tf_car_booking_pupupinc\functions\functions-car.php:708
noprivwp_ajax_tf_car_price_calculationinc\functions\functions-car.php:1005
authwp_ajax_tf_car_price_calculationinc\functions\functions-car.php:1006
authwp_ajax_tf_apartment_bookinginc\functions\woocommerce\wc-apartment.php:11
noprivwp_ajax_tf_apartment_bookinginc\functions\woocommerce\wc-apartment.php:12
authwp_ajax_tf_car_bookinginc\functions\woocommerce\wc-car.php:13
noprivwp_ajax_tf_car_bookinginc\functions\woocommerce\wc-car.php:14
authwp_ajax_tf_hotel_bookinginc\functions\woocommerce\wc-hotel.php:13
noprivwp_ajax_tf_hotel_bookinginc\functions\woocommerce\wc-hotel.php:14
authwp_ajax_tf_tours_bookinginc\functions\woocommerce\wc-tour.php:10
noprivwp_ajax_tf_tours_bookinginc\functions\woocommerce\wc-tour.php:11
authwp_ajax_tf_ajax_install_plugintourfic.php:85

Shortcodes 1

[tourfic_destinations] inc\App\Shortcodes\Hotel_Locations.php:16
WordPress Hooks 198
filtertf_apartment_booking_details_pricing_section_title_changeinc\Admin\Booking_Details\Apartment_Booking_Details.php:90
filtertf_car_booking_details_pricing_section_title_changeinc\Admin\Booking_Details\Car_Booking_Details.php:90
actionwoocommerce_thankyouinc\Admin\Emails\TF_Handle_Emails.php:29
actionwoocommerce_thankyouinc\Admin\Emails\TF_Handle_Emails.php:31
actionwoocommerce_order_status_cancelledinc\Admin\Emails\TF_Handle_Emails.php:33
actiontf_offline_payment_booking_confirmationinc\Admin\Emails\TF_Handle_Emails.php:35
actionin_plugin_update_message-tourfic/tourfic.phpinc\Admin\Notice_Update.php:16
actionafter_plugin_row_tourfic/tourfic.phpinc\Admin\Notice_Update.php:17
filterpost_row_actionsinc\Admin\TF_Duplicator.php:11
actionadd_meta_boxesinc\Admin\TF_Options\classes\TF_Metabox.php:20
actionsave_postinc\Admin\TF_Options\classes\TF_Metabox.php:21
actionadmin_menuinc\Admin\TF_Options\classes\TF_Settings.php:32
actionadmin_initinc\Admin\TF_Options\classes\TF_Settings.php:35
actionadmin_footerinc\Admin\TF_Options\fields\icon\TF_icon.php:15
actionsave_postinc\Admin\TF_Options\TF_Options.php:45
actionsave_postinc\Admin\TF_Options\TF_Options.php:55
filtercron_schedulesinc\Admin\TF_Promo_Notice.php:50
actiontf_promo__schudleinc\Admin\TF_Promo_Notice.php:56
actionadmin_noticesinc\Admin\TF_Promo_Notice.php:69
actionadd_meta_boxesinc\Admin\TF_Promo_Notice.php:91
actionwp_dashboard_setupinc\Admin\TF_Promo_Notice.php:105
actionadmin_menuinc\Admin\TF_Setup_Wizard.php:31
filterwoocommerce_enable_setup_wizardinc\Admin\TF_Setup_Wizard.php:32
actionadmin_initinc\Admin\TF_Setup_Wizard.php:33
actionin_admin_headerinc\Admin\TF_Setup_Wizard.php:35
actionadmin_enqueue_scriptsinc\Admin\TF_Setup_Wizard.php:36
actioninitinc\App\Template_Builder.php:16
filterpost_row_actionsinc\App\Template_Builder.php:17
filtermanage_tf_template_builder_posts_columnsinc\App\Template_Builder.php:18
actionmanage_tf_template_builder_posts_custom_columninc\App\Template_Builder.php:19
actionadmin_footerinc\App\Template_Builder.php:21
filtertemplate_includeinc\App\Template_Builder.php:26
actionsave_post_tf_template_builderinc\App\Template_Builder.php:27
filterelementor/document/urls/editinc\App\Template_Builder.php:29
actionelementor/editor/initinc\App\Template_Builder.php:30
filterelementor/files/allow_unfiltered_uploadinc\App\Template_Builder.php:971
filterelementor/utils/is_archive_templateinc\App\Template_Builder.php:1395
filterelementor_pro/utils/is_archive_templateinc\App\Template_Builder.php:1396
filterelementor_pro/utils/get_preview_query_varsinc\App\Template_Builder.php:1397
filterelementor/frontend/builder_content_datainc\App\Template_Builder.php:1418
actionelementor/editor/after_enqueue_scriptsinc\App\Template_Builder.php:1425
actionadmin_initinc\App\TF_Review.php:20
actionwp_enqueue_scriptsinc\App\TF_Review.php:21
actioncomment_postinc\App\TF_Review.php:22
actionwp_insert_commentinc\App\TF_Review.php:23
actionset_comment_cookiesinc\App\TF_Review.php:25
filtercomments_openinc\App\TF_Review.php:28
filterallow_empty_commentinc\App\TF_Review.php:29
filtercomment_linkinc\App\TF_Review.php:30
filtercomment_post_redirectinc\App\TF_Review.php:31
actionelementor/elements/categories_registeredinc\App\Widgets\Elementor\Register.php:13
actionelementor/widgets/registerinc\App\Widgets\Elementor\Register.php:14
actioninitinc\App\Widgets\TF_Widget_Base.php:16
actionwidgets_initinc\App\Widgets\TF_Widget_Base.php:17
actioninitinc\Classes\Activator.php:29
filterdisplay_post_statesinc\Classes\Activator.php:32
filtertheme_page_templatesinc\Classes\Activator.php:35
filterpage_templateinc\Classes\Activator.php:36
filtertemplate_includeinc\Classes\Activator.php:37
actionwp_after_insert_postinc\Classes\Apartment\Apartment.php:30
actioninitinc\Classes\Apartment\Apartment_CPT.php:65
actionadmin_initinc\Classes\Base.php:28
actionadmin_initinc\Classes\Base.php:29
actionadmin_initinc\Classes\Base.php:30
actionwp_after_insert_postinc\Classes\Car_Rental\Car_Rental.php:17
actioninitinc\Classes\Car_Rental\Car_Rental_CPT.php:86
filterwp_enqueue_scriptsinc\Classes\Enqueue.php:26
actionwp_enqueue_scriptsinc\Classes\Enqueue.php:27
actionelementor/editor/before_enqueue_scriptsinc\Classes\Enqueue.php:28
actionadmin_enqueue_scriptsinc\Classes\Enqueue.php:29
actionadmin_enqueue_scriptsinc\Classes\Enqueue.php:30
actionadmin_enqueue_scriptsinc\Classes\Enqueue.php:32
actionwp_enqueue_scriptsinc\Classes\Enqueue.php:33
actionwp_enqueue_scriptsinc\Classes\Enqueue.php:34
actionwp_enqueue_scriptsinc\Classes\Enqueue.php:35
actionwp_enqueue_scriptsinc\Classes\Enqueue.php:36
actionadmin_enqueue_scriptsinc\Classes\Enqueue.php:37
actionadmin_bar_menuinc\Classes\Helper.php:16
actionadmin_footerinc\Classes\Helper.php:17
actionwp_footerinc\Classes\Helper.php:18
filterrest_prepare_taxonomyinc\Classes\Helper.php:19
filterrest_user_queryinc\Classes\Helper.php:20
actionadmin_initinc\Classes\Helper.php:24
filterwoocommerce_cart_item_subtotalinc\Classes\Helper.php:27
actionadmin_initinc\Classes\Helper.php:38
actioninitinc\Classes\Helper.php:40
filtertemplate_includeinc\Classes\Helper.php:42
filtercomments_templateinc\Classes\Helper.php:43
filtertemplate_includeinc\Classes\Helper.php:44
filtersingle_templateinc\Classes\Helper.php:45
filterafter_setup_themeinc\Classes\Helper.php:46
filtertf_booking_search_actioninc\Classes\Helper.php:47
filterwp_dropdown_catsinc\Classes\Helper.php:48
filterexcerpt_moreinc\Classes\Helper.php:49
actionadmin_menuinc\Classes\Helper.php:56
actionadd_meta_boxesinc\Classes\Helper.php:57
actionadmin_menuinc\Classes\Helper.php:58
actionadd_meta_boxesinc\Classes\Helper.php:59
actionshow_user_profileinc\Classes\Helper.php:60
actionedit_user_profileinc\Classes\Helper.php:61
actionpersonal_options_updateinc\Classes\Helper.php:62
actionedit_user_profile_updateinc\Classes\Helper.php:63
actionadmin_menuinc\Classes\Helper.php:65
filtermenu_orderinc\Classes\Helper.php:66
filtercustom_menu_orderinc\Classes\Helper.php:67
actionadmin_bar_menuinc\Classes\Helper.php:70
actionadmin_initinc\Classes\Helper.php:74
actiontf_before_containerinc\Classes\Helper.php:75
filterupload_mimesinc\Classes\Helper.php:79
filterwp_check_filetype_and_extinc\Classes\Helper.php:80
actionwp_headinc\Classes\Helper.php:89
actiontf_hotel_features_filterinc\Classes\Hotel\Hotel.php:37
actionwp_after_insert_postinc\Classes\Hotel\Hotel.php:38
actionwp_after_insert_postinc\Classes\Hotel\Hotel.php:40
actionwp_after_insert_postinc\Classes\Hotel\Hotel.php:41
actioninitinc\Classes\Hotel\Hotel_CPT.php:68
filtermanage_edit-tf_hotel_columnsinc\Classes\Hotel\Hotel_CPT.php:70
actionmanage_tf_hotel_posts_custom_columninc\Classes\Hotel\Hotel_CPT.php:71
actioninitinc\Classes\Migrator.php:13
actioninitinc\Classes\Migrator.php:14
actioninitinc\Classes\Migrator.php:15
actioninitinc\Classes\Migrator.php:16
actionadmin_initinc\Classes\Migrator.php:18
actioninitinc\Classes\Migrator.php:20
actioninitinc\Classes\Migrator.php:21
actionadmin_initinc\Classes\Migrator.php:22
actioninitinc\Classes\Migrator.php:23
actioninitinc\Classes\Migrator.php:24
actioninitinc\Classes\Migrator.php:25
actioninitinc\Classes\Room\Room_CPT.php:45
filtermanage_edit-tf_room_columnsinc\Classes\Room\Room_CPT.php:47
actionmanage_tf_room_posts_custom_columninc\Classes\Room\Room_CPT.php:48
actiontf_everydate_cron_jobinc\Classes\Tour\Tour.php:30
actionwpinc\Classes\Tour\Tour.php:35
actioninitinc\Classes\Tour\Tour.php:36
actionadmin_footer-edit.phpinc\Classes\Tour\Tour.php:37
actionadmin_footer-post.phpinc\Classes\Tour\Tour.php:38
actionadmin_footer-post-new.phpinc\Classes\Tour\Tour.php:39
actionwp_after_insert_postinc\Classes\Tour\Tour.php:40
actioninitinc\Classes\Tour\Tour_CPT.php:89
actionwoocommerce_before_calculate_totalsinc\Classes\Woocommerce\TF_Vat.php:13
filterwoocommerce_data_storesinc\Classes\Woocommerce\Woocommerce.php:12
actionpublish_tf_apartmentinc\Classes\Woocommerce\Woocommerce.php:13
actionpublish_tf_hotelinc\Classes\Woocommerce\Woocommerce.php:14
actionpublish_tf_toursinc\Classes\Woocommerce\Woocommerce.php:15
actionpublish_tf_carrentalinc\Classes\Woocommerce\Woocommerce.php:16
actionwoocommerce_checkout_update_order_metainc\Classes\Woocommerce\Woocommerce.php:18
filterwoocommerce_order_data_store_cpt_get_orders_queryinc\Classes\Woocommerce\Woocommerce.php:19
filterwoocommerce_order_item_display_meta_keyinc\Classes\Woocommerce\Woocommerce.php:20
filterwoocommerce_hidden_order_itemmetainc\Classes\Woocommerce\Woocommerce.php:21
actionwoocommerce_order_status_changedinc\Classes\Woocommerce\Woocommerce.php:23
actionwoocommerce_saved_order_itemsinc\Classes\Woocommerce\Woocommerce.php:24
actionadmin_menuinc\Core\Enquiry.php:14
filtercron_schedulesinc\Core\Enquiry.php:24
actioninitinc\Core\Enquiry.php:25
actiontf_enquiry_response_scheduleinc\Core\Enquiry.php:26
actioninitinc\Core\Post_Type.php:14
actionadmin_menuinc\Core\TF_Backend_Booking.php:23
actionadmin_menuinc\Core\TF_Booking_Details.php:16
actionadmin_noticesinc\Core\TF_Notice.php:18
actionin_plugin_update_message-tourfic/tourfic.phpinc\Core\TF_Notice.php:21
actionafter_plugin_row_tourfic/tourfic.phpinc\Core\TF_Notice.php:23
actionadmin_initinc\functions\functions-car.php:932
actionwoocommerce_before_calculate_totalsinc\functions\woocommerce\wc-apartment.php:194
filterwoocommerce_get_item_datainc\functions\woocommerce\wc-apartment.php:234
filterwoocommerce_cart_item_permalinkinc\functions\woocommerce\wc-apartment.php:251
actionwoocommerce_checkout_create_order_line_iteminc\functions\woocommerce\wc-apartment.php:300
actionwoocommerce_checkout_order_processedinc\functions\woocommerce\wc-apartment.php:479
actionwoocommerce_store_api_checkout_order_processedinc\functions\woocommerce\wc-apartment.php:660
actionwoocommerce_before_calculate_totalsinc\functions\woocommerce\wc-car.php:308
filterwoocommerce_get_item_datainc\functions\woocommerce\wc-car.php:360
actionwoocommerce_checkout_create_order_line_iteminc\functions\woocommerce\wc-car.php:430
actionwoocommerce_checkout_order_processedinc\functions\woocommerce\wc-car.php:618
actionwoocommerce_store_api_checkout_order_processedinc\functions\woocommerce\wc-car.php:808
actionwoocommerce_before_calculate_totalsinc\functions\woocommerce\wc-hotel.php:841
filterwoocommerce_get_item_datainc\functions\woocommerce\wc-hotel.php:956
filterwoocommerce_cart_item_permalinkinc\functions\woocommerce\wc-hotel.php:972
actionwoocommerce_checkout_create_order_line_iteminc\functions\woocommerce\wc-hotel.php:1082
actionwoocommerce_checkout_order_processedinc\functions\woocommerce\wc-hotel.php:1318
actionwoocommerce_store_api_checkout_order_processedinc\functions\woocommerce\wc-hotel.php:1553
actionwoocommerce_before_calculate_totalsinc\functions\woocommerce\wc-tour.php:1178
filterwoocommerce_get_item_datainc\functions\woocommerce\wc-tour.php:1183
actionwoocommerce_checkout_create_order_line_iteminc\functions\woocommerce\wc-tour.php:1275
actionwoocommerce_checkout_order_processedinc\functions\woocommerce\wc-tour.php:1552
actionwoocommerce_order_status_changedinc\functions\woocommerce\wc-tour.php:1562
actionwoocommerce_store_api_checkout_order_processedinc\functions\woocommerce\wc-tour.php:1775
actionadmin_initinc\functions\woocommerce\wc-tour.php:1832
actionadmin_noticesinc\functions.php:24
actionplugins_loadedinc\functions.php:25
filterget_user_option_meta-box-order_tf_toursinc\Traits\Action_Helper.php:318
filterget_user_option_meta-box-order_tf_apartmentinc\Traits\Action_Helper.php:319
filterget_user_option_meta-box-order_tf_hotelinc\Traits\Action_Helper.php:320
actionadmin_noticesinc\Traits\Action_Helper.php:2607
actionadmin_noticestourfic.php:82
actioninittourfic.php:120
actioninittourfic.php:122
actionbefore_woocommerce_inittourfic.php:124
actionadmin_noticestourfic.php:140

Scheduled Events 3

tf_promo__schudle
tf_everydate_cron_job
tf_enquiry_response_schedule
Maintenance & Trust

Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version7.4
Downloads160K

Community Trust

Rating80/100
Number of ratings15
Active installs2K
Alternatives

Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin Alternatives

WP Travel Engine – Tour Booking Plugin – Tour Operator Software

WP Travel Engine – Tour Booking Plugin – Tour Operator Software

wp-travel-engine

B
76

WP Travel Engine is the most popular tour and travel booking WordPress plugin. Used by over 20,000 travel agency websites.

20K 12 CVEs
WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor

WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor

wte-elementor-widgets

A
97

WP Travel Engine – Elementor Widgets provides 20+ Elementor widgets to create travel and tour booking websites using WP Travel Engine and Elementor.

10K 2 CVEs
Travel Agency Companion – Create Tour & Travel Website Using WP Travel Engine

Travel Agency Companion – Create Tour & Travel Website Using WP Travel Engine

travel-agency-companion

A
92

It is a companion plugin for the Travel Agency theme to create travel and tour booking websites. Use it with WP Travel Engine to make the most of it.

4K No CVEs
Travel Booking Toolkit

Travel Booking Toolkit

travel-booking-toolkit

A
100

The Travel Booking Toolkit plugin works with the WP Travel Engine. It adds special widgets to the Travel Booking theme, making creating travel website &hellip;

4K No CVEs
WP Travel – Ultimate Travel Booking System, Tour Management Engine

WP Travel – Ultimate Travel Booking System, Tour Management Engine

wp-travel

A
92

WP Travel is the optimal choice among the WordPress Travel Booking Plugin and Tour Operator to Create Travel and Trekking Websites Without Coding!

4K 7 CVEs
Developer Profile

Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin Developer Profile

Themefic

11 plugins · 97K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
93 days
View full developer profile
Detection Fingerprints

How We Detect Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tourfic/assets/css/tf-tour-packages.css/wp-content/plugins/tourfic/assets/css/tf-booking.css/wp-content/plugins/tourfic/assets/css/tf-common.css/wp-content/plugins/tourfic/assets/css/tf-frontend.css/wp-content/plugins/tourfic/assets/css/tf-global.css/wp-content/plugins/tourfic/assets/css/tf-hotel-booking.css/wp-content/plugins/tourfic/assets/css/tf-hotel-design.css/wp-content/plugins/tourfic/assets/css/tf-responsive.css+22 more
Script Paths
/wp-content/plugins/tourfic/assets/js/tf-booking.js/wp-content/plugins/tourfic/assets/js/tf-common.js/wp-content/plugins/tourfic/assets/js/tf-frontend.js/wp-content/plugins/tourfic/assets/js/tf-hotel-booking.js/wp-content/plugins/tourfic/assets/js/tf-magnific-popup.js/wp-content/plugins/tourfic/assets/js/tf-owl-carousel.js+7 more
Version Parameters
tourfic/assets/css/tf-tour-packages.css?ver=tourfic/assets/css/tf-booking.css?ver=tourfic/assets/css/tf-common.css?ver=tourfic/assets/css/tf-frontend.css?ver=tourfic/assets/css/tf-global.css?ver=tourfic/assets/css/tf-hotel-booking.css?ver=tourfic/assets/css/tf-hotel-design.css?ver=tourfic/assets/css/tf-responsive.css?ver=tourfic/assets/css/tf-search.css?ver=tourfic/assets/css/tf-single-tour.css?ver=tourfic/assets/css/tf-vendors.css?ver=tourfic/assets/css/tf-custom-css.css?ver=tourfic/assets/css/tf-icons.css?ver=tourfic/assets/css/tf-magnific-popup.css?ver=tourfic/assets/css/tf-owl-carousel.css?ver=tourfic/assets/css/tf-select2.css?ver=tourfic/assets/css/tf-swiper.min.css?ver=tourfic/assets/js/tf-booking.js?ver=tourfic/assets/js/tf-common.js?ver=tourfic/assets/js/tf-frontend.js?ver=tourfic/assets/js/tf-hotel-booking.js?ver=tourfic/assets/js/tf-magnific-popup.js?ver=tourfic/assets/js/tf-owl-carousel.js?ver=tourfic/assets/js/tf-single-tour.js?ver=tourfic/assets/js/tf-swiper.min.js?ver=tourfic/assets/js/tf-custom.js?ver=tourfic/assets/js/tf-select2.js?ver=tourfic/assets/js/tf-app.js?ver=tourfic/assets/js/tf-vendors.js?ver=tourfic/assets/js/tf-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
tourfic-booking-formtf-single-tour-contenttf-hotel-booking-formtf-search-formtf-tour-package-listtf-hotel-apartment-listtf-archive-tourtf-single-hotel
HTML Comments
<!-- Tourfic Elementor Start --><!-- Tourfic Elementor End --><!-- Tourfic Hotel Details Start --><!-- Tourfic Hotel Details End -->+4 more
Data Attributes
data-tourfic-iddata-tf-product-iddata-tf-typedata-tf-hotel-iddata-tf-booking-id
JS Globals
Tourfictf_booking_paramstf_frontend_paramstf_hotel_booking_paramstf_single_tour_params
REST Endpoints
/wp-json/tourfic/v1/search/wp-json/tourfic/v1/hotel_search/wp-json/tourfic/v1/availability/wp-json/tourfic/v1/booking_order/wp-json/tourfic/v1/review_submit
Shortcode Output
[tourfic_tour_packages[tourfic_hotel_booking][tourfic_search][tourfic_single_tour]
FAQ

Frequently Asked Questions about Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin