CVE-2024-9450: Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking < 1.3.15 - Subscriber+ PayPal Settings Update

Description

The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack

Classification

CVE ID: CVE-2024-9450

Problem Types

CWE-352 Cross-Site Request Forgery (CSRF)

Affected Products

Vendor: Unknown

Product: Free Booking Plugin for Hotels, Restaurants and Car Rentals

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 9.14% (scored less or equal to compared to others)

EPSS Date: 2025-06-04 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-9450
https://wpscan.com/vulnerability/f4b9568a-af74-40df-89c1-550e8515ca0a/

Timeline

2025-05-15 21:40:24 UTC
CVE

Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking < 1.3.15 - Subscriber+ PayPal Settings Update