What is CVE-2022-1952?

CVE-2022-1952 is a vulnerability in Free Booking Plugin For Hotels, Restaurant And Car Rental – Easync, classified under Unrestricted Upload of File with Dangerous Type. Published 2022-07-11.

Is CVE-2022-1952 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Free Booking Plugin For Hotels, Restaurant And Car Rental – Easync

CVE-2022-1952

The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessib…

Vulnerability class: Unrestricted File Upload

EPSS: 0.859 (99.4th percentile) — read the EPSS interpretation.

Affected products

Unknown Free Booking Plugin For Hotels, Restaurant And Car Rental – Easync — versions 1.1.16

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

References

wpscan.com/vulnerability/ecf61d17-8b07-4cb6-93a8-64c2c4fbbe04 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-1952?: CVE-2022-1952 is a vulnerability in Free Booking Plugin For Hotels, Restaurant And Car Rental – Easync, classified under Unrestricted Upload of File with Dangerous Type. Published 2022-07-11.
Is CVE-2022-1952 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.