WP-Safety

ilGhera Restaurant Booking for WordPress Security & Risk Analysis

wordpress.org/plugins/wp-restaurant-booking

ilGhera Restaurant Booking for WordPress is a feature-rich and easy to use reservation system for bars and restaurants.

70 active installs v1.2.2 PHP + WP 5.0+ Updated Oct 8, 2025
barbookingreservationrestaurantticket
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ilGhera Restaurant Booking for WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

ilGhera Restaurant Booking for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The "wp-restaurant-booking" plugin v1.2.2 exhibits a generally strong security posture with a clean vulnerability history and diligent use of prepared statements for SQL queries. The high percentage of properly escaped output and a significant number of nonce checks are positive indicators of secure coding practices. However, there are notable areas of concern that introduce risk.

The primary risk stems from an unprotected AJAX handler, which represents a direct entry point for potential attackers without any authentication or authorization. Furthermore, the presence of unsanitized paths in taint analysis flows, even without a critical or high severity rating, warrants caution as it could be a precursor to path traversal vulnerabilities if exploited in conjunction with other weaknesses. While no known CVEs exist, the absence of vulnerability history doesn't guarantee future immunity.

In conclusion, while the plugin demonstrates good fundamental security practices like prepared statements and output escaping, the unprotected AJAX handler is a critical oversight. The unsanitized path flows, though not currently rated as high severity, also pose a potential risk. Addressing the unprotected AJAX handler and investigating the unsanitized path flows should be prioritized to further harden the plugin's security.

Key Concerns

  • Unprotected AJAX handler
  • Flows with unsanitized paths
  • Low capability check coverage (1 out of 18 AJAX handlers)
Vulnerabilities
None known

ilGhera Restaurant Booking for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

ilGhera Restaurant Booking for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
50
281 escaped
Nonce Checks
20
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

jQuery

Output Escaping

85% escaped331 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

13 flows5 with unsanitized paths
hours_element_callback (admin\class-wprb-admin.php:273)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

ilGhera Restaurant Booking for WordPress Attack Surface

Entry Points29
Unprotected1

AJAX Handlers 18

authwp_ajax_wprb-add-hoursadmin\class-wprb-admin.php:36
authwp_ajax_wprb-add-last-minuteadmin\class-wprb-admin.php:37
authwp_ajax_wprb-add-closing-periodadmin\class-wprb-admin.php:38
authwp_ajax_wprb-add-room-tablesadmin\class-wprb-admin.php:39
authwp_ajax_wprb-hours-availableincludes\class-wprb-reservation-widget.php:33
noprivwp_ajax_wprb-hours-availableincludes\class-wprb-reservation-widget.php:34
authwp_ajax_wprb-check-for-external-seatsincludes\class-wprb-reservation-widget.php:36
noprivwp_ajax_wprb-check-for-external-seatsincludes\class-wprb-reservation-widget.php:37
authwp_ajax_wprb-get-min-bookableincludes\class-wprb-reservation-widget.php:39
noprivwp_ajax_wprb-get-min-bookableincludes\class-wprb-reservation-widget.php:40
authwp_ajax_wprb-get-max-bookableincludes\class-wprb-reservation-widget.php:41
noprivwp_ajax_wprb-get-max-bookableincludes\class-wprb-reservation-widget.php:42
authwp_ajax_wprb-reservationincludes\class-wprb-reservation-widget.php:44
noprivwp_ajax_wprb-reservationincludes\class-wprb-reservation-widget.php:45
authwp_ajax_wprb-change-statusincludes\class-wprb-reservations.php:29
authwp_ajax_wprb-available-tablesincludes\class-wprb-reservations.php:30
authwp_ajax_wprb-archive-update-tablesincludes\class-wprb-reservations.php:31
authwp_ajax_wprb-get-archive-tables-availableincludes\class-wprb-reservations.php:32

Shortcodes 11

[first-name] includes\class-wprb-notifications.php:59
[last-name] includes\class-wprb-notifications.php:60
[email] includes\class-wprb-notifications.php:61
[phone] includes\class-wprb-notifications.php:62
[people] includes\class-wprb-notifications.php:63
[date] includes\class-wprb-notifications.php:64
[time] includes\class-wprb-notifications.php:65
[notes] includes\class-wprb-notifications.php:66
[until] includes\class-wprb-notifications.php:67
[in-outdoor] includes\class-wprb-notifications.php:68
[booking-button] includes\class-wprb-reservation-widget.php:47
WordPress Hooks 31
actionadmin_initadmin\class-wprb-admin.php:30
actionadmin_initadmin\class-wprb-admin.php:31
actionadmin_initadmin\class-wprb-admin.php:32
actionadmin_initadmin\class-wprb-admin.php:33
actionadmin_enqueue_scriptsadmin\class-wprb-admin.php:34
actionadmin_menuadmin\class-wprb-admin.php:35
actionadmin_noticesadmin\ilghera-notice\class-ilghera-notice.php:183
actionadmin_noticesadmin\ilghera-notice\class-ilghera-notice.php:189
actionadmin_noticesadmin\ilghera-notice\class-ilghera-notice.php:195
actionadmin_enqueue_scriptsadmin\ilghera-notice\extension.php:25
filterwp_mail_fromincludes\class-wprb-notifications.php:226
filterwp_mail_from_nameincludes\class-wprb-notifications.php:235
actionwp_enqueue_scriptsincludes\class-wprb-reservation-widget.php:29
actionwp_headincludes\class-wprb-reservation-widget.php:30
actionwp_footerincludes\class-wprb-reservation-widget.php:31
actionadmin_enqueue_scriptsincludes\class-wprb-reservations.php:20
actioninitincludes\class-wprb-reservations.php:21
actionadd_meta_boxesincludes\class-wprb-reservations.php:22
actionsave_postincludes\class-wprb-reservations.php:23
filtermanage_edit-reservation_columnsincludes\class-wprb-reservations.php:24
actionmanage_reservation_posts_custom_columnincludes\class-wprb-reservations.php:25
filtermanage_edit-reservation_sortable_columnsincludes\class-wprb-reservations.php:26
actionload-edit.phpincludes\class-wprb-reservations.php:27
actionadmin_footerincludes\class-wprb-reservations.php:28
actionrestrict_manage_postsincludes\class-wprb-reservations.php:33
filterenter_title_hereincludes\class-wprb-reservations.php:34
filtermonths_dropdown_resultsincludes\class-wprb-reservations.php:35
filterparse_queryincludes\class-wprb-reservations.php:36
actionsave_postincludes\class-wprb-reservations.php:216
filterrequestincludes\class-wprb-reservations.php:1269
actionplugins_loadedwp-restaurant-booking.php:49
Maintenance & Trust

ilGhera Restaurant Booking for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 8, 2025
PHP min version
Downloads9K

Community Trust

Rating34/100
Number of ratings3
Active installs70
Alternatives

ilGhera Restaurant Booking for WordPress Alternatives

Guestplan Booking Widget

Guestplan Booking Widget

guestplan-booking-widget

A
100

Turn website visitors into guests with our Guestplan Booking Widget for your website. Install our booking widget on your website and turn your visitor …

1K No CVEs
Bus Ticket Booking with Seat Reservation

Bus Ticket Booking with Seat Reservation

bus-ticket-booking-with-seat-reservation

C
64

Offer the convenience of seat selection and reservation on your WordPress website. A customized solution for efficient bus ticketing.

900 1 unpatched
ReDi Restaurant Reservation – Instant Availability & Confirmation

ReDi Restaurant Reservation – Instant Availability & Confirmation

redi-restaurant-reservation

A
94

Get your restaurant booming with the ReDi Reservation plugin! Simplify bookings, offer instant confirmations, and customize settings. Try today!

900 8 CVEs
Quick Restaurant Reservations

Quick Restaurant Reservations

quick-restaurant-reservations

C
56

Manage restaurant reservations the easiest way.

600 1 unpatched
Alex Reservations: Smart Restaurant Booking

Alex Reservations: Smart Restaurant Booking

alex-reservations

A
96

Restaurant reservations solution to help you manage your daily bookings.

200 2 CVEs
Developer Profile

ilGhera Restaurant Booking for WordPress Developer Profile

ilGhera

13 plugins · 2K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
129 days
View full developer profile
Detection Fingerprints

How We Detect ilGhera Restaurant Booking for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-restaurant-booking/css/wprb-dashicons.css/wp-content/plugins/wp-restaurant-booking/vendor/harvesthq/chosen/chosen.min.css/wp-content/plugins/wp-restaurant-booking/css/jquery.modal.min.css/wp-content/plugins/wp-restaurant-booking/vendor/harvesthq/chosen/chosen.jquery.min.js/wp-content/plugins/wp-restaurant-booking/js/jquery.modal.min.js/wp-content/plugins/wp-restaurant-booking/css/wprb-admin.css/wp-content/plugins/wp-restaurant-booking/js/tzCheckbox/jquery.tzCheckbox/jquery.tzCheckbox.css/wp-content/plugins/wp-restaurant-booking/js/wprb-admin.js+2 more
Script Paths
/wp-content/plugins/wp-restaurant-booking/js/jquery.modal.min.js/wp-content/plugins/wp-restaurant-booking/js/wprb-admin.js/wp-content/plugins/wp-restaurant-booking/js/tzCheckbox/jquery.tzCheckbox/jquery.tzCheckbox.js

HTML / DOM Fingerprints

CSS Classes
wprbupdate-pluginsupdate-count
Data Attributes
data-plugin_namedata-plugin_uridata-descriptiondata-authordata-versiondata-author_uri+4 more
JS Globals
wprbSettings
FAQ

Frequently Asked Questions about ilGhera Restaurant Booking for WordPress