Lucene search
K

16 matches found

NVD
NVD
added 2025/05/31 12:15 p.m.10 views

CVE-2025-4691

The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'viewrequestdetails' due to missing validation on a user controlled key. This makes it...

5.3CVSS0.00279EPSS
Exploits0References5
CVE
CVE
added 2025/05/31 11:18 a.m.64 views

CVE-2025-4691

CVE-2025-4691 applies to the Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking for WordPress. The vulnerability is an Insecure Direct Object Reference that allows unauthenticated attackers to view details of any booking request via the view_request_details endpoint. Aff...

5.3CVSS6.7AI score0.00279EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 11:32 p.m.5 views

CVE-2022-1952

The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An...

9.8CVSS8.3AI score0.17572EPSS
Exploits2References1
OSV
OSV
added 2025/05/15 8:16 p.m.2 views

CVE-2024-9450

The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack...

6.5CVSS5.8AI score0.00164EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 8:16 p.m.8 views

CVE-2024-9450

The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack...

6.5CVSS0.00164EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.28 views

CVE-2024-9450

The CVE-2024-9450 entry concerns the Free Booking Plugin for Hotels, Restaurants and Car Rentals (WordPress). Affected versions are prior to 1.3.15, where updating plugin settings lacks a CSRF check. This enables a logged-in subscriber to change settings via CSRF, potentially altering configurati...

6.5CVSS6.8AI score0.00164EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.8 views

CVE-2024-9450 Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking < 1.3.15 - Subscriber+ PayPal Settings Update

The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack...

7AI score0.00164EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.2 views

WordPress plugin Free Booking Plugin for Hotels, Restaurants and Car Rentals 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.5CVSS6.5AI score0.00164EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.4 views

PT-2025-21543 · Unknown · Free Booking Plugin

Name of the Vulnerable Software and Affected Versions: Free Booking Plugin for Hotels, Restaurants and Car Rentals versions prior to 1.3.15 Description: The issue concerns the lack of CSRF check when updating settings, which could allow attackers to make a logged-in subscriber change them via a...

6.5CVSS6.4AI score0.00164EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-1952

The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue...

9.8CVSS7.6AI score0.17572EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/07/11 1:15 p.m.4 views

CVE-2022-1952

The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An...

9.8CVSS7.7AI score0.17572EPSS
Exploits2References3
OSV
OSV
added 2022/07/11 1:15 p.m.3 views

CVE-2022-1952

The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An...

9.8CVSS6.1AI score0.17572EPSS
Exploits2References1
Prion
Prion
added 2022/07/11 1:15 p.m.21 views

Input validation

The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An...

7.5CVSS9.9AI score0.17572EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/07/11 12:0 a.m.5 views

WordPress plugin Free Booking Plugin for Hotels, Restaurant and Car Rental 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An arbitrary file upload...

9.8CVSS6.5AI score0.17572EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/07/11 12:0 a.m.5 views

PT-2022-14212

Name of the Vulnerable Software and Affected Versions The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin versions prior to 1.1.16 Description The issue arises from insufficient input validation, leading to arbitrary file upload and subsequently to remote code execution...

9.8CVSS7.6AI score0.17572EPSS
Exploits2References5
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.12 views

WordPress Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC plugin <= 1.1.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC plugin versions = 1.1.9. Solution Update the WordPress Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC plugin to th...

3.3AI score
Exploits0References2Affected Software1
Rows per page
Query Builder