/

CVE-2022-1952 Report - Details, Severity, & Advisories

CVE-2022-1952 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2022-1952?

CVE-2022-1952 is a critical vulnerability in the Free Booking Plugin for Hotels, Restaurant, and Car Rental WordPress plugin before version 1.1.16. Caused by insufficient input validation, this issue allows for arbitrary file uploads and remote code execution. Websites using the vulnerable plugin version are at risk, making it essential for administrators to update to a secure version.

Who is impacted by this?

CVE-2022-1952 affects users of the Free Booking Plugin for Hotels, Restaurant, and Car Rental WordPress plugin, as well as the eaSYNC plugin for WordPress, specifically versions before 1.1.16. This vulnerability allows for arbitrary file uploads and remote code execution. Users of these plugins should update to a secure version to mitigate potential risks.

What to do if CVE-2022-1952 affected you

If you're affected by the CVE-2022-1952 vulnerability, it's crucial to take action to protect your website. Follow these simple steps:

  1. Check the version of the Free Booking Plugin or eaSYNC plugin on your WordPress site. If it's below 1.1.16, you're affected.

  2. Update the plugin to version 1.1.16 or later through the WordPress plugin management interface or by downloading the latest version from the plugin's repository.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2022-1952 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It affects the Free Booking Plugin for Hotels, Restaurant, and Car Rental WordPress plugin before version 1.1.16 and is caused by insufficient input validation, leading to arbitrary file uploads and remote code execution. To mitigate this vulnerability, update the plugin to version 1.1.16 or later.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-434, which involves unrestricted file uploads with dangerous types.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2022-1952 Report - Details, Severity, & Advisories

CVE-2022-1952 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2022-1952?

CVE-2022-1952 is a critical vulnerability in the Free Booking Plugin for Hotels, Restaurant, and Car Rental WordPress plugin before version 1.1.16. Caused by insufficient input validation, this issue allows for arbitrary file uploads and remote code execution. Websites using the vulnerable plugin version are at risk, making it essential for administrators to update to a secure version.

Who is impacted by this?

CVE-2022-1952 affects users of the Free Booking Plugin for Hotels, Restaurant, and Car Rental WordPress plugin, as well as the eaSYNC plugin for WordPress, specifically versions before 1.1.16. This vulnerability allows for arbitrary file uploads and remote code execution. Users of these plugins should update to a secure version to mitigate potential risks.

What to do if CVE-2022-1952 affected you

If you're affected by the CVE-2022-1952 vulnerability, it's crucial to take action to protect your website. Follow these simple steps:

  1. Check the version of the Free Booking Plugin or eaSYNC plugin on your WordPress site. If it's below 1.1.16, you're affected.

  2. Update the plugin to version 1.1.16 or later through the WordPress plugin management interface or by downloading the latest version from the plugin's repository.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2022-1952 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It affects the Free Booking Plugin for Hotels, Restaurant, and Car Rental WordPress plugin before version 1.1.16 and is caused by insufficient input validation, leading to arbitrary file uploads and remote code execution. To mitigate this vulnerability, update the plugin to version 1.1.16 or later.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-434, which involves unrestricted file uploads with dangerous types.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2022-1952 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2022-1952?

CVE-2022-1952 is a critical vulnerability in the Free Booking Plugin for Hotels, Restaurant, and Car Rental WordPress plugin before version 1.1.16. Caused by insufficient input validation, this issue allows for arbitrary file uploads and remote code execution. Websites using the vulnerable plugin version are at risk, making it essential for administrators to update to a secure version.

Who is impacted by this?

CVE-2022-1952 affects users of the Free Booking Plugin for Hotels, Restaurant, and Car Rental WordPress plugin, as well as the eaSYNC plugin for WordPress, specifically versions before 1.1.16. This vulnerability allows for arbitrary file uploads and remote code execution. Users of these plugins should update to a secure version to mitigate potential risks.

What to do if CVE-2022-1952 affected you

If you're affected by the CVE-2022-1952 vulnerability, it's crucial to take action to protect your website. Follow these simple steps:

  1. Check the version of the Free Booking Plugin or eaSYNC plugin on your WordPress site. If it's below 1.1.16, you're affected.

  2. Update the plugin to version 1.1.16 or later through the WordPress plugin management interface or by downloading the latest version from the plugin's repository.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2022-1952 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It affects the Free Booking Plugin for Hotels, Restaurant, and Car Rental WordPress plugin before version 1.1.16 and is caused by insufficient input validation, leading to arbitrary file uploads and remote code execution. To mitigate this vulnerability, update the plugin to version 1.1.16 or later.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-434, which involves unrestricted file uploads with dangerous types.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.