Lucene search
+L

CVE-2022-1952

🗓️ 11 Jul 2022 12:56:52Reported by WPScanType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 104 Views🌐 WEB

The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 allows arbitrary file upload and remote code execution

Related
Detection
Affected
Refs
Paths
Social
NVD
Vulners
Node
syntacticsinceasyncRange<1.1.16wordpress
[
  {
    "product": "Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.1.16",
        "status": "affected",
        "version": "1.1.16",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
driver_license_image2upload data/wp-admin/admin-ajax.phpUnauthenticated AJAX action allows arbitrary file upload due to insufficient input validation (CWE-434).CWE-434
actionupload data/wp-admin/admin-ajax.phpUnauthenticated AJAX action allows arbitrary file upload due to insufficient input validation (CWE-434).CWE-434
typeupload data/wp-admin/admin-ajax.phpUnauthenticated AJAX action allows arbitrary file upload due to insufficient input validation (CWE-434).CWE-434
with_driverupload data/wp-admin/admin-ajax.phpUnauthenticated AJAX action allows arbitrary file upload due to insufficient input validation (CWE-434).CWE-434
actionquery param/wp-admin/admin-ajax.phpAJAX response used to reveal/upload location of the shell via easync_success_and_save (CWE-434).CWE-434

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 04:23Current
10High risk
Vulners AI Score10
CVSS 27.5
CVSS 3.19.8
EPSS0.23487
104