WordPress eaSYNC Booking <1.1.16 - Arbitrary File Upload

WordPress eaSync Booking plugin bundle for hotel, restaurant and car rental before 1.1.16 is susceptible to arbitrary file upload. The plugin contains insufficient input validation of an AJAX action. An allowlist of valid file extensions is defined but is not used during the validation steps. An...

EUVD-2025-9818

Malicious code in bioql PyPI...

EUVD-2023-42201

Malicious code in bioql PyPI...

CVE-2023-38384

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Syntactics, Inc. EaSYNC plugin = 1.3.7 versions...

CVE-2025-32219

Missing Authorization vulnerability in Syntactics, Inc. eaSYNC easync-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eaSYNC: from n/a through = 1.3.19...

CVE-2025-32219

Missing Authorization vulnerability in Syntactics, Inc. eaSYNC easync-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eaSYNC: from n/a through = 1.3.19...

CVE-2025-32219 WordPress eaSYNC plugin <= 1.3.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in Syntactics, Inc. eaSYNC easync-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eaSYNC: from n/a through = 1.3.19...

CVE-2023-38384

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Syntactics, Inc. EaSYNC plugin = 1.3.7 versions...

CVE-2023-38384

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Syntactics, Inc. EaSYNC plugin = 1.3.7 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Syntactics, Inc. EaSYNC plugin = 1.3.7 versions...

CVE-2023-38384 WordPress eaSYNC Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Syntactics, Inc. EaSYNC plugin = 1.3.7 versions...

CVE-2023-38384 WordPress eaSYNC Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Syntactics, Inc. EaSYNC plugin = 1.3.7 versions...

CVE-2023-38384

CVE-2023-38384 is an unauthenticated reflected XSS in the WordPress EaSYNC Booking plugin (EaSYNC) up to version 1.3.7. Root cause per sources is improper input handling leading to XSS when user-controlled data is reflected in the page. Affected product: EaSYNC WordPress plugin for booking. Impac...