WP-Safety

WP Hotel Booking WPML Support Security & Risk Analysis

wordpress.org/plugins/wp-hotel-booking-wpml-support

WP Hotel Booking WPML Support Plugin - Support Multi language CMS support for WP Hotel Booking Plugin.

400 active installs v1.8.3 PHP 7.0+ WP 5.8+ Updated Jul 18, 2024
bookinghotelhotel-bookingreservationreservations
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Hotel Booking WPML Support Safe to Use in 2026?

Generally Safe

Score 92/100

WP Hotel Booking WPML Support has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "wp-hotel-booking-wpml-support" v1.8.3 plugin exhibits a generally positive security posture due to the absence of known CVEs and a focus on secure coding practices like prepared statements for all SQL queries. The plugin also avoids dangerous functions, file operations, and external HTTP requests, which are common vectors for vulnerabilities. However, the static analysis reveals a significant concern with the taint analysis. Four identified flows have unsanitized paths, all classified as high severity. This indicates potential for attackers to manipulate data that is processed without proper sanitization, which could lead to various vulnerabilities depending on how this unsanitized data is ultimately used. While the overall vulnerability history is clean, these taint flow issues represent a critical area of weakness that needs immediate attention. The lack of nonce checks and capability checks also contributes to potential security gaps, especially if any of the high-severity taint flows could be triggered by unauthenticated or low-privileged users. In conclusion, the plugin has strengths in its SQL handling and avoidance of other common risky practices, but the high-severity unsanitized taint flows are a significant weakness that outweighs these strengths, warranting caution.

Key Concerns

  • High severity unsanitized taint flows found
  • No nonce checks detected
  • No capability checks detected
  • Some output not properly escaped
Vulnerabilities
None known

WP Hotel Booking WPML Support Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP Hotel Booking WPML Support Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
21 prepared
Unescaped Output
1
5 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared21 total queries

Output Escaping

83% escaped6 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
wpml_hb_checkout_url (inc\class-hbwp-support.php:132)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Hotel Booking WPML Support Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 37
actionadmin_enqueue_scriptsinc\class-hbwp-support.php:38
filterhotel_booking_rooms_dropdowninc\class-hbwp-support.php:64
filterhb_metabox_room_settingsinc\class-hbwp-support.php:71
filterhb_metabox_extra_settingsinc\class-hbwp-support.php:73
filterhb_metabox_coupon_settingsinc\class-hbwp-support.php:75
filterhb_filter_extra_optioninc\class-hbwp-support.php:79
filtermanage_hb_room_capacity_custom_columninc\class-hbwp-support.php:82
filterhb_get_pagesinc\class-hbwp-support.php:85
filterhb_get_page_idinc\class-hbwp-support.php:87
filterthe_contentinc\class-hbwp-support.php:89
filterhb_search_queryinc\class-hbwp-support.php:91
filterhb_room_get_pricing_plansinc\class-hbwp-support.php:93
filterhb_generate_transaction_objectinc\class-hbwp-support.php:95
filterhb_generate_transaction_object_roominc\class-hbwp-support.php:96
filterget_max_capacity_of_roomsinc\class-hbwp-support.php:101
filterhotel_booking_query_search_parserinc\class-hbwp-support.php:103
actionicl_make_duplicateinc\class-hbwp-support.php:105
filterhb_thank_you_urlinc\class-hbwp-support.php:107
actionhotel_booking_cart_after_iteminc\class-hbwp-support.php:109
actionhotel_booking_loop_after_iteminc\class-hbwp-support.php:110
actionhotel_booking_after_select_extrainc\class-hbwp-support.php:111
filterhotel-booking-order-room-idinc\class-hbwp-support.php:113
filterhotel-booking-order-extra-idinc\class-hbwp-support.php:114
filterhb_mini_cart_room_nameinc\class-hbwp-support.php:116
filterhb_mini_cart_extra_nameinc\class-hbwp-support.php:117
filterhb_cart_room_nameinc\class-hbwp-support.php:118
filterhb_cart_extra_nameinc\class-hbwp-support.php:119
filterhb_checkout_room_nameinc\class-hbwp-support.php:120
filterhotel_booking_get_available_roominc\class-hbwp-support.php:122
filterwoocommerce_cart_item_nameinc\class-hbwp-support.php:124
filterhotel_booking_query_search_parserinc\class-hbwp-support.php:126
filterhb_checkout_urlinc\class-hbwp-support.php:127
filterhb_cart_urlinc\class-hbwp-support.php:128
filterhb_search_room_urlinc\class-hbwp-support.php:129
filterhb_room_get_pricing_plansinc\class-hbwp-support.php:804
actionplugins_loadedwp-hotel-booking-wpml-support.php:34
actionadmin_noticeswp-hotel-booking-wpml-support.php:50
Maintenance & Trust

WP Hotel Booking WPML Support Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedJul 18, 2024
PHP min version7.0
Downloads14K

Community Trust

Rating0/100
Number of ratings0
Active installs400
Alternatives

WP Hotel Booking WPML Support Alternatives

VikBooking Hotel Booking Engine & PMS

VikBooking Hotel Booking Engine & PMS

vikbooking

B
82

Famous Booking Engine, PMS and Hotel Reservations plugin for property managers. The best solution for accommodations to drive more direct bookings.

9K 17 CVEs
AweBooking – Hotel Booking System

AweBooking – Hotel Booking System

awebooking

C
63

Awebooking helps you to setup hotel booking system quickly, pleasantly and easily.

1K 1 unpatched
WP Hotel Booking Authorize Payment

WP Hotel Booking Authorize Payment

wp-hotel-booking-authorize-payment

A
100

WP Hotel Booking Authorize Payment Plugin - Support Authorize.Net payment method for WP Hotel Booking plugin.

300 No CVEs
AweBooking & Elementor Integration

AweBooking & Elementor Integration

awebooking-elementor-integration

A
85

This plugin integrated AweBooking widget into Elementor page builder, added AweBooking anywhere in your site.

100 No CVEs
Saksh WP Hotel Booking Lite

Saksh WP Hotel Booking Lite

saksh-wp-hotel-booking-lite

A
92

Saksh WP Hotel Booking Lite is a booking plugin which offer way to sells hotel rooms using woocommerce and caputre online payment.

0 No CVEs
Developer Profile

WP Hotel Booking WPML Support Developer Profile

ThimPress

21 plugins · 209K total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
265 days
View full developer profile
Detection Fingerprints

How We Detect WP Hotel Booking WPML Support

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-hotel-booking-wpml-support/assets/css/hbwpml-admin.css/wp-content/plugins/wp-hotel-booking-wpml-support/assets/js/hbwpml-admin.js
Script Paths
/wp-content/plugins/wp-hotel-booking-wpml-support/assets/js/hbwpml-admin.js
Version Parameters
/wp-content/plugins/wp-hotel-booking-wpml-support/assets/css/hbwpml-admin.css?ver=/wp-content/plugins/wp-hotel-booking-wpml-support/assets/js/hbwpml-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
hbwpml-admin-notice
JS Globals
hbwpml_params
FAQ

Frequently Asked Questions about WP Hotel Booking WPML Support