Critical severity9.8NVD Advisory· Published Jul 11, 2022· Updated Jun 17, 2026
CVE-2022-1952
CVE-2022-1952
Description
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Free Booking Plugin for Hotels, Restaurant and Car Rentaldescription
- Range: <1.1.16
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/ecf61d17-8b07-4cb6-93a8-64c2c4fbbe04nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.