Vulnerabilities > CVE-2022-1952 - Unspecified vulnerability in Syntactics Free Booking Plugin for Hotels, Restaurant and CAR Rental

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
syntactics
critical

Summary

The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps.

Vulnerable Configurations

Part Description Count
Application
Syntactics
26