Welcome to WordPress Community Forum. Please login or sign up.

Nov 25, 2024, 12:25 PM

Login with username, password and session length

Shoutbox


Recent

Members
Stats
  • Total Posts: 55
  • Total Topics: 45
  • Online today: 5
  • Online ever: 136 (Apr 17, 2022, 11:37 PM)
Users Online
  • Users: 0
  • Guests: 8
  • Total: 8
8 Guests, 0 Users

WordPress eaSYNC plugin <= 1.1.15 - Arbitrary File Upload Vulnerability

Started by Kailash, Jun 15, 2022, 09:58 AM

Previous topic - Next topic

WordPress Premium Themes


Kailash

WordPress eaSYNC plugin <= 1.1.15 - Unauthenticated Arbitrary File Upload vulnerability

Plugin name: Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC
Vulnerable versions: <= 1.1.15
Fixed in: 1.1.16
CVE ID: CVE-2022-1952
Classification: Arbitrary File Upload
Publicly disclosed: 2022-06-15

Vulnerability Details

Unauthenticated Arbitrary File Upload vulnerability discovered by cydave in WordPress eaSYNC plugin (versions <= 1.1.15).

Solution

Update the WordPress eaSYNC plugin to the latest available version (at least 1.1.16).

Plugin Link: https://wordpress.org/plugins/easync-booking/

WordPress Premium Themes