CSRF in Syntacticsinc Easync

CVE-2024-9450

The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.002 (6.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

  • Syntacticsinc Easync
  • Unknown Free Booking Plugin For Hotels, Restaurants And Car Rentals — versions 0

Weakness classification (CWE)

References

  • contact@wpscan.com (Exploit, technical-description, Third Party Advisory, exploit, vdb-entry)

Frequently asked questions

What is CVE-2024-9450?
CVE-2024-9450 is a medium-severity vulnerability in Syntacticsinc Easync, classified under Cross-Site Request Forgery (CSRF). CVSS score: 6.5/10. Published 2025-05-15.
How severe is CVE-2024-9450?
Medium severity. CVSS v3 base score is 6.5 out of 10.