16 matches found
CVE-2025-4691
The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'viewrequestdetails' due to missing validation on a user controlled key. This makes it...
CVE-2025-4691
CVE-2025-4691 applies to the Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking for WordPress. The vulnerability is an Insecure Direct Object Reference that allows unauthenticated attackers to view details of any booking request via the view_request_details endpoint. Aff...
CVE-2022-1952
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An...
CVE-2024-9450
The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack...
CVE-2024-9450
The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack...
CVE-2024-9450
The CVE-2024-9450 entry concerns the Free Booking Plugin for Hotels, Restaurants and Car Rentals (WordPress). Affected versions are prior to 1.3.15, where updating plugin settings lacks a CSRF check. This enables a logged-in subscriber to change settings via CSRF, potentially altering configurati...
CVE-2024-9450 Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking < 1.3.15 - Subscriber+ PayPal Settings Update
The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack...
WordPress plugin Free Booking Plugin for Hotels, Restaurants and Car Rentals 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2025-21543 · Unknown · Free Booking Plugin
Name of the Vulnerable Software and Affected Versions: Free Booking Plugin for Hotels, Restaurants and Car Rentals versions prior to 1.3.15 Description: The issue concerns the lack of CSRF check when updating settings, which could allow attackers to make a logged-in subscriber change them via a...
VulnCheck KEV: CVE-2022-1952
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue...
CVE-2022-1952
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An...
CVE-2022-1952
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An...
Input validation
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An...
WordPress plugin Free Booking Plugin for Hotels, Restaurant and Car Rental 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An arbitrary file upload...
PT-2022-14212
Name of the Vulnerable Software and Affected Versions The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin versions prior to 1.1.16 Description The issue arises from insufficient input validation, leading to arbitrary file upload and subsequently to remote code execution...
WordPress Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC plugin <= 1.1.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC plugin versions = 1.1.9. Solution Update the WordPress Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC plugin to th...