6.5
CVE-2024-9450
- EPSS 0.16%
- Veröffentlicht 15.05.2025 20:16:00
- Zuletzt bearbeitet 23.01.2026 19:32:27
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginFree Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking < 1.3.15 - Subscriber+ PayPal Settings Update
Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking <= 1.3.14 - Cross-Site Request Forgery
The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack
Mögliche Gegenmaßnahme
eaSYNC Booking – Hotels, Restaurants & Car Rentals: Update to version 1.3.15, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Syntacticsinc ≫ Easync SwPlatformwordpress Version < 1.3.15
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
eaSYNC Booking – Hotels, Restaurants & Car Rentals
Version
*-1.3.14
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.059 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
https://wpscan.com/vulnerability/f4b9568a-af74-40df-89c1-550e8515ca0a/
https://www.wordfence.com/threat-intel/vulnerabilities/id/3a9045e5-ee8b-45f6-8e08-b1bf6b6f7159