CVE-2023-38384

CVE-2023-38384 is an unauthenticated reflected XSS in the WordPress EaSYNC Booking plugin (EaSYNC) up to version 1.3.7. Root cause per sources is improper input handling leading to XSS when user-controlled data is reflected in the page. Affected product: EaSYNC WordPress plugin for booking. Impac...

CVE-2023-38384 WordPress eaSYNC Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Syntactics, Inc. EaSYNC plugin = 1.3.7 versions...

PT-2023-26394 · Unknown · Easync Plugin

Name of the Vulnerable Software and Affected Versions: EaSYNC plugin versions prior to 1.3.8 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to stea...

WordPress plugin eaSYNC cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Free Booking Plugin f...

WordPress eaSYNC Plugin <= 1.3.11 is vulnerable to Cross Site Scripting (XSS)

Software eaSYNC Type Plugin Vulnerable versions = 1.3.11 Fixed in 1.3.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-38384 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 53f8bac4a479 Credits OZ1NG TOOR, LISA Require...

WordPress eaSYNC Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)

Software eaSYNC Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6ed96527855d Credits Rafie Muhammad Patchstack Required...

CVE-2022-1952 eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload

The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An...

WordPress eaSYNC plugin <= 1.1.15 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by cydave in WordPress eaSYNC plugin versions = 1.1.15. Solution Update the WordPress eaSYNC plugin to the latest available version at least 1.1.16...

eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload

The plugin suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validatio...

eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload

The plugin suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validatio...

WordPress Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC plugin <= 1.1.9 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC plugin versions = 1.1.9. Solution Update the WordPress Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC plugin to the latest available versio...