CVE-2025-4691 – “Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking Direct Object Reference Vulnerability”

May 31, 2025

CVE ID : CVE-2025-4691

Published : May 31, 2025, 12:15 p.m. | 1 hour, 28 minutes ago

Description : The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the ‘view_request_details’ due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view the details of any booking request. The vulnerability was partially patched in versions 1.3.18 and 1.3.21.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4857 – WordPress Newsletters Plugin Local File Inclusion Vulnerability

Next Article CVE-2025-5375 – PHPGurukul HPGurukul Online Birth Certificate System SQL Injection Vulnerability

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

Report: 71% of tech leaders won’t hire devs without AI skills

Could OpenAI’s rumored browser be a Chrome-killer? Here’s what I’m expecting

My favorite lens and screen-cleaning kit keeps my tech spotless, and it only costs $8

AI’s biggest impact on your workforce is still to come – 3 ways to avoid getting left behind

Remedy offers update on ‘FBC: Firebreak,’ details coming improvements — “We’ve seen many players come into the game and leave within the first hour.”

The details of TC39’s last meeting

The details of TC39’s last meeting

Online Examination System using PHP and MySQL

A tricky, educational quiz: it’s about time..

CAD Sketcher – constraint-based geometry sketcher

CAD Sketcher – constraint-based geometry sketcher

7 Best Free and Open Source Linux FTP Servers

Best Free and Open Source Alternatives to Autodesk FBX Review

CVE-2025-4691 – “Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking Direct Object Reference Vulnerability”

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

CVE-2025-49191 – Apache Atlas Cross-Site Scripting (XSS)

I used every Samsung Galaxy Watch 8 Series model – and my favorite isn’t the Ultra

CVE-2024-48848 – Aspect Disk Overutilization Vulnerability

Quarto is a scientific and technical publishing system

Microsoft pledges to train 1 million UK workers in AI by end of 2025

CVE-2025-6126 – PHPGurukul Rail Pass Management System Cross Site Scripting Vulnerability

FOSS Weekly #25.26: Torvalds-Gates Showdown, Hyprland Premium, Fedora’s 32-bit Debacle, Xfce Themes and More Linux Stuff

The Types of Data Analytics with Real-World Applications

CVE-2025-4691 – “Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking Direct Object Reference Vulnerability”

Related Posts