cleantalk
Vulnerabilities and Security Researches

Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC, CVE-2022-1952

CVE, Research URL

CVE-2022-1952

Home page URL

Security reports for Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC

Application

Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC

Published on
Jul 11, 2022
Research Description
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps.
Affected versions
Min -, max 1.1.10.
Status
vulnerable
Previous vulnerability researches
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC (CVE-2022-4974) , Nov 16, 2024
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC (CVE-2025-32219) , Apr 06, 2025
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC (CVE-2022-1952) , Jun 07, 2024
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC (CVE-2023-38384) , Jun 07, 2024
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC (303b11b3f720ed67e3d2bfcb065436e505f26d37) , Jun 07, 2024
New vulnerability
Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links (CVE-2025-1264) , Apr 07, 2025
Advanced All in One Admin Search by WP Spotlight (CVE-2025-32261) , Apr 06, 2025
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC (CVE-2025-32219) , Apr 06, 2025
Salon booking system (CVE-2025-32220) , Apr 06, 2025
1 Click WordPress Migration Plugin – 100% FREE for a limited time (CVE-2025-32257) , Apr 06, 2025