4 matches found
CVE-2022-1952
The CVE-2022-1952 issue affects the WordPress eaSYNC Booking plugin (Hotels/Restaurant/Car Rental) versions prior to 1.1.16. It stems from insufficient input validation of an AJAX action, with an allowlist of valid file extensions defined but not used during validation. This leads to arbitrary fi...
CVE-2025-4691
CVE-2025-4691 applies to the Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking for WordPress. The vulnerability is an Insecure Direct Object Reference that allows unauthenticated attackers to view details of any booking request via the view_request_details endpoint. Aff...
CVE-2023-38384
CVE-2023-38384 is an unauthenticated reflected XSS in the WordPress EaSYNC Booking plugin (EaSYNC) up to version 1.3.7. Root cause per sources is improper input handling leading to XSS when user-controlled data is reflected in the page. Affected product: EaSYNC WordPress plugin for booking. Impac...
CVE-2024-9450
The CVE-2024-9450 entry concerns the Free Booking Plugin for Hotels, Restaurants and Car Rentals (WordPress). Affected versions are prior to 1.3.15, where updating plugin settings lacks a CSRF check. This enables a logged-in subscriber to change settings via CSRF, potentially altering configurati...