WordPress eaSYNC Booking <1.1.16 - Arbitrary File Upload

WordPress eaSync Booking plugin bundle for hotel, restaurant and car rental before 1.1.16 is susceptible to arbitrary file upload. The plugin contains insufficient input validation of an AJAX action. An allowlist of valid file extensions is defined but is not used during the validation steps. An...

EUVD-2025-9818

Malicious code in bioql PyPI...

EUVD-2023-42201

Malicious code in bioql PyPI...

CVE-2025-4691

The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'viewrequestdetails' due to missing validation on a user controlled key. This makes it...

CVE-2025-4691

The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'viewrequestdetails' due to missing validation on a user controlled key. This makes it...

CVE-2025-4691 Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking <= 1.3.21 - Insecure Direct Object Reference to Sensitive Information Exposure

The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'viewrequestdetails' due to missing validation on a user controlled key. This makes it...

CVE-2025-4691 Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking <= 1.3.21 - Insecure Direct Object Reference to Sensitive Information Exposure

The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'viewrequestdetails' due to missing validation on a user controlled key. This makes it...

PT-2025-23399 · WordPress · Easync Booking

Name of the Vulnerable Software and Affected Versions: eaSYNC Booking plugin for WordPress versions prior to 1.3.22 Description: The issue allows unauthenticated attackers to view the details of any booking request due to missing validation on a user-controlled key, specifically via the 'view...

WordPress plugin eaSYNC Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-38384

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Syntactics, Inc. EaSYNC plugin = 1.3.7 versions...

CVE-2025-32219

Missing Authorization vulnerability in Syntactics, Inc. eaSYNC easync-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eaSYNC: from n/a through = 1.3.19...

CVE-2025-32219

Missing Authorization vulnerability in Syntactics, Inc. eaSYNC easync-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eaSYNC: from n/a through = 1.3.19...

CVE-2025-32219 WordPress eaSYNC plugin <= 1.3.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in Syntactics, Inc. eaSYNC easync-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eaSYNC: from n/a through = 1.3.19...

CVE-2025-32219

Technical details about CVE-2025-32219 are not provided in the supplied documents. The available materials confirm a Missing Authorization issue in eaSYNC Booking plugin versions up to 1.3.19, but no exploit, impact, or remediation specifics are disclosed. Monitor for updates.

CVE-2025-32219 WordPress eaSYNC plugin <= 1.3.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in Syntactics, Inc. eaSYNC allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects eaSYNC: from n/a through 1.3.19...

PT-2025-14987 · Easync · Easync

Name of the Vulnerable Software and Affected Versions: eaSYNC versions 1.3.19 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. Recommendations: For versions 1.3.19 and earlie...

WordPress plugin eaSYNC 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2023-38384

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Syntactics, Inc. EaSYNC plugin = 1.3.7 versions...

CVE-2023-38384

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Syntactics, Inc. EaSYNC plugin = 1.3.7 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Syntactics, Inc. EaSYNC plugin = 1.3.7 versions...