cbcvebase.

Syntacticsinc Easync vulnerabilities

4 known vulnerabilities affecting syntacticsinc/easync.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2022-1952P1CRITICALCVSS 9.8ExploitedPoCfixed in 1.1.162022-07-11
CVE-2022-1952 [CRITICAL] CWE-434 CVE-2022-1952: The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is n
nvd
CVE-2024-9450P4MEDIUMCVSS 6.5fixed in 1.3.152025-05-15
CVE-2024-9450 [MEDIUM] CWE-352 CVE-2024-9450: The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack
nvd
CVE-2025-4691P4MEDIUMCVSS 5.3fixed in 1.3.222025-05-31
CVE-2025-4691 [MEDIUM] CWE-639 CVE-2025-4691: The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPres The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'view_request_details' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view the details
nvd
CVE-2023-38384P4MEDIUMCVSS 6.1≤ 1.3.72023-08-08
CVE-2023-38384 [MEDIUM] CWE-79 CVE-2023-38384: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Syntactics, Inc. EaSYNC plugin <= 1.3. Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Syntactics, Inc. EaSYNC plugin <= 1.3.7 versions.
nvd
Syntacticsinc Easync vulnerabilities | cvebase