Lucene search
K
SyntacticsincEasync

4 matches found

CVE
CVE
added 2022/07/11 12:56 p.m.101 views

CVE-2022-1952

The CVE-2022-1952 issue affects the WordPress eaSYNC Booking plugin (Hotels/Restaurant/Car Rental) versions prior to 1.1.16. It stems from insufficient input validation of an AJAX action, with an allowlist of valid file extensions defined but not used during validation. This leads to arbitrary fi...

9.8CVSS10AI score0.23487EPSS
In wildWeb
CVE
CVE
added 2025/05/31 11:18 a.m.65 views

CVE-2025-4691

CVE-2025-4691 applies to the Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking for WordPress. The vulnerability is an Insecure Direct Object Reference that allows unauthenticated attackers to view details of any booking request via the view_request_details endpoint. Aff...

5.3CVSS6.7AI score0.00279EPSS
CVE
CVE
added 2023/08/08 12:30 p.m.41 views

CVE-2023-38384

CVE-2023-38384 is an unauthenticated reflected XSS in the WordPress EaSYNC Booking plugin (EaSYNC) up to version 1.3.7. Root cause per sources is improper input handling leading to XSS when user-controlled data is reflected in the page. Affected product: EaSYNC WordPress plugin for booking. Impac...

7.1CVSS6.1AI score0.00331EPSS
CVE
CVE
added 2025/05/15 8:7 p.m.29 views

CVE-2024-9450

The CVE-2024-9450 entry concerns the Free Booking Plugin for Hotels, Restaurants and Car Rentals (WordPress). Affected versions are prior to 1.3.15, where updating plugin settings lacks a CSRF check. This enables a logged-in subscriber to change settings via CSRF, potentially altering configurati...

6.5CVSS6.8AI score0.00164EPSS