WP-Safety

eaSYNC Booking – Hotels, Restaurants & Car Rentals Security & Risk Analysis

wordpress.org/plugins/easync-booking

Simplify a Customer’s Booking Experience with eaSYNC Booking — a WordPress Booking Plugin for Hotels, Restaurants, and Car Rentals!

100 active installs v1.3.29 PHP 5.6+ WP 3.0+ Updated Jan 12, 2026
booking-calendarbooking-systemcar-bookinghotel-bookingrestaurant-reservation
94
A · Safe
CVEs total5
Unpatched0
Last CVEMay 30, 2025
Download
Safety Verdict

Is eaSYNC Booking – Hotels, Restaurants & Car Rentals Safe to Use in 2026?

Generally Safe

Score 94/100

eaSYNC Booking – Hotels, Restaurants & Car Rentals has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: May 30, 2025Updated 2mo ago
Risk Assessment

The easync-booking plugin exhibits a mixed security posture. On the positive side, it demonstrates a strong commitment to secure coding practices by utilizing prepared statements for nearly all SQL queries (99%) and properly escaping a high percentage of its output (93%). The presence of 52 nonce checks and 37 capability checks indicates an awareness of WordPress security mechanisms. However, a significant concern arises from the large attack surface exposed through unprotected AJAX handlers, with 80 out of 105 handlers lacking authentication checks. This presents a prime opportunity for attackers to trigger unauthorized actions.

The taint analysis reveals 11 flows with unsanitized paths, all marked as high severity. This is a critical finding, suggesting potential vulnerabilities where user input is not adequately validated before being used in sensitive operations, such as file path manipulation. While there are no currently unpatched CVEs, the plugin has a history of 5 known vulnerabilities, including high-severity issues like Authorization Bypass, Missing Authorization, and Cross-Site Scripting. The most recent vulnerability in May 2025 suggests ongoing security challenges.

In conclusion, while the plugin has commendable secure coding fundamentals, the unprotected AJAX endpoints and the high number of critical taint flows are significant weaknesses that demand immediate attention. The historical vulnerability data also points to a need for more robust security testing and development practices to prevent recurrence of these issues. Addressing the unprotected entry points and sanitizing the identified taint flows are crucial steps to improve the plugin's security.

Key Concerns

  • Large attack surface without auth (AJAX)
  • High severity taint flows
  • Bundled outdated library (Freemius v1.0)
  • File operations with unsanitized paths
  • History of 1 high severity CVE
  • History of 4 medium severity CVEs
Vulnerabilities
5

eaSYNC Booking – Hotels, Restaurants & Car Rentals Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2023
2023
3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
4

5 total CVEs

CVE-2025-4691medium · 5.3Authorization Bypass Through User-Controlled Key

Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking <= 1.3.21 - Insecure Direct Object Reference to Sensitive Information Exposure

May 30, 2025 Patched in 1.3.22 (1d)
CVE-2025-32219medium · 4.3Missing Authorization

eaSYNC <= 1.3.19 - Missing Authorization

Apr 4, 2025 Patched in 1.3.21 (43d)
CVE-2024-9450medium · 6.1Cross-Site Request Forgery (CSRF)

Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking <= 1.3.14 - Cross-Site Request Forgery

Mar 2, 2025 Patched in 1.3.15 (90d)
CVE-2023-38384medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

eaSYNC <= 1.3.11 - Reflected Cross-Site Scripting

Jul 20, 2023 Patched in 1.3.12 (257d)
CVE-2022-1952high · 8.8Unrestricted Upload of File with Dangerous Type

Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC <= 1.1.15 - Arbitrary File Upload

Jun 13, 2022 Patched in 1.1.16 (589d)
Code Analysis
Analyzed Mar 16, 2026

eaSYNC Booking – Hotels, Restaurants & Car Rentals Code Analysis

Dangerous Functions
0
Raw SQL Queries
14
1069 prepared
Unescaped Output
78
1104 escaped
Nonce Checks
52
Capability Checks
37
File Operations
1
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

99% prepared1083 total queries

Output Escaping

93% escaped1182 total outputs
Data Flows
11 unsanitized

Data Flow Analysis

25 flows11 with unsanitized paths
easync_cancellation_settings (easync.php:1775)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
80 unprotected

eaSYNC Booking – Hotels, Restaurants & Car Rentals Attack Surface

Entry Points111
Unprotected80

AJAX Handlers 105

authwp_ajax_easync_get_dateseasync.php:841
noprivwp_ajax_easync_get_dateseasync.php:842
authwp_ajax_easync_calendar_queryeasync.php:981
noprivwp_ajax_easync_validationeasync.php:1245
authwp_ajax_easync_validationeasync.php:1246
noprivwp_ajax_easync_session_storeeasync.php:1623
authwp_ajax_easync_session_storeeasync.php:1624
authwp_ajax_easync_cancellation_settingseasync.php:1774
authwp_ajax_easync_cancellation_settings_careasync.php:1825
authwp_ajax_easync_cancellation_settings_restaueasync.php:1877
authwp_ajax_easync_setting_saveeasync.php:1927
authwp_ajax_easync_reserved_eventeasync.php:2655
noprivwp_ajax_easync_success_and_saveeasync.php:2908
authwp_ajax_easync_success_and_saveeasync.php:2909
authwp_ajax_get_booking_detailseasync.php:3217
noprivwp_ajax_get_booking_detailseasync.php:3218
authwp_ajax_cancel_bookingeasync.php:3243
noprivwp_ajax_cancel_bookingeasync.php:3244
authwp_ajax_cancel_reservationeasync.php:3277
noprivwp_ajax_cancel_reservationeasync.php:3278
authwp_ajax_save_request_cancel_contenteasync.php:3311
noprivwp_ajax_save_request_cancel_contenteasync.php:3312
authwp_ajax_save_request_cancel_content_careasync.php:3595
noprivwp_ajax_save_request_cancel_content_careasync.php:3596
authwp_ajax_save_request_cancel_content_restaueasync.php:3880
noprivwp_ajax_save_request_cancel_content_restaueasync.php:3881
authwp_ajax_request_canceleasync.php:4163
noprivwp_ajax_request_canceleasync.php:4164
authwp_ajax_request_cancel_admineasync.php:4186
noprivwp_ajax_request_cancel_admineasync.php:4187
authwp_ajax_request_cancel_declinedeasync.php:4210
noprivwp_ajax_request_cancel_declinedeasync.php:4211
authwp_ajax_request_cancel_approvedeasync.php:4234
noprivwp_ajax_request_cancel_approvedeasync.php:4235
authwp_ajax_email_reminder7easync.php:4258
noprivwp_ajax_email_reminder7easync.php:4259
authwp_ajax_email_reminder3easync.php:4282
noprivwp_ajax_email_reminder3easync.php:4283
authwp_ajax_email_reminder1easync.php:4306
noprivwp_ajax_email_reminder1easync.php:4307
authwp_ajax_option_hotel_email_notifyeasync.php:4330
noprivwp_ajax_option_hotel_email_notifyeasync.php:4331
authwp_ajax_car_request_canceleasync.php:4353
noprivwp_ajax_car_request_canceleasync.php:4354
authwp_ajax_car_request_cancel_admineasync.php:4377
noprivwp_ajax_car_request_cancel_admineasync.php:4378
authwp_ajax_car_request_cancel_declinedeasync.php:4401
noprivwp_ajax_car_request_cancel_declinedeasync.php:4402
authwp_ajax_car_request_cancel_approvedeasync.php:4425
noprivwp_ajax_car_request_cancel_approvedeasync.php:4426
authwp_ajax_car_email_reminder7easync.php:4449
noprivwp_ajax_car_email_reminder7easync.php:4450
authwp_ajax_car_email_reminder3easync.php:4473
noprivwp_ajax_car_email_reminder3easync.php:4474
authwp_ajax_car_email_reminder1easync.php:4497
noprivwp_ajax_car_email_reminder1easync.php:4498
authwp_ajax_option_car_email_notifyeasync.php:4521
noprivwp_ajax_option_car_email_notifyeasync.php:4522
authwp_ajax_restau_request_canceleasync.php:4540
noprivwp_ajax_restau_request_canceleasync.php:4541
authwp_ajax_restau_request_cancel_admineasync.php:4564
noprivwp_ajax_restau_request_cancel_admineasync.php:4565
authwp_ajax_restau_request_cancel_declinedeasync.php:4588
noprivwp_ajax_restau_request_cancel_declinedeasync.php:4589
authwp_ajax_restau_request_cancel_approvedeasync.php:4612
noprivwp_ajax_restau_request_cancel_approvedeasync.php:4613
authwp_ajax_restau_email_reminder7easync.php:4636
noprivwp_ajax_restau_email_reminder7easync.php:4637
authwp_ajax_restau_email_reminder3easync.php:4660
noprivwp_ajax_restau_email_reminder3easync.php:4661
authwp_ajax_restau_email_reminder1easync.php:4684
noprivwp_ajax_restau_email_reminder1easync.php:4685
authwp_ajax_option_restau_email_notifyeasync.php:4708
noprivwp_ajax_option_restau_email_notifyeasync.php:4709
authwp_ajax_confirm_canceleasync.php:4731
noprivwp_ajax_confirm_canceleasync.php:4732
authwp_ajax_view_request_detailseasync.php:4803
authwp_ajax_view_hotel_requestseasync.php:4845
authwp_ajax_approve_cancel_requesteasync.php:4872
authwp_ajax_decline_cancel_requesteasync.php:4917
authwp_ajax_get_booking_details_careasync.php:4959
noprivwp_ajax_get_booking_details_careasync.php:4960
authwp_ajax_cancel_rentaleasync.php:4987
noprivwp_ajax_cancel_rentaleasync.php:4988
authwp_ajax_confirm_cancel_careasync.php:5021
noprivwp_ajax_confirm_cancel_careasync.php:5022
authwp_ajax_get_booking_details_restaueasync.php:5096
noprivwp_ajax_get_booking_details_restaueasync.php:5097
authwp_ajax_confirm_cancel_restaueasync.php:5139
noprivwp_ajax_confirm_cancel_restaueasync.php:5140
authwp_ajax_view_car_requestseasync.php:5213
authwp_ajax_view_restau_requestseasync.php:5240
authwp_ajax_view_request_details_careasync.php:5266
authwp_ajax_view_request_details_restaueasync.php:5307
authwp_ajax_approve_cancel_request_careasync.php:5368
authwp_ajax_decline_cancel_request_careasync.php:5413
authwp_ajax_approve_cancel_request_restaueasync.php:5455
authwp_ajax_decline_cancel_request_restaueasync.php:5499
authwp_ajax_save_captcha_keyeasync.php:5540
authwp_ajax_delete_timeslot1easync.php:5603
authwp_ajax_delete_timeslot2easync.php:5623
authwp_ajax_delete_timeslot3easync.php:5643
authwp_ajax_delete_timeslot4easync.php:5663
authwp_ajax_delete_timeslot5easync.php:5683
authwp_ajax_myprefix_get_imagerequirements.php:224

Shortcodes 6

[easync_hotel_code] easync.php:891
[easync_booking_room] easync.php:896
[easync_car_code] easync.php:907
[easync_booking_car] easync.php:912
[easync_restau_code] easync.php:924
[easync_booking_restau] easync.php:929
WordPress Hooks 41
actioninitcar_posttype.php:3
actionadd_meta_boxescar_posttype.php:82
actionsave_postcar_posttype.php:313
actionactivated_plugineasync.php:77
actionbl_cron_7day_emaileasync.php:413
actionbl_cron_3day_emaileasync.php:455
actionbl_cron_1day_emaileasync.php:497
actionbl_cron_7day_emaileasync.php:539
actionbl_cron_3day_emaileasync.php:581
actionbl_cron_1day_emaileasync.php:624
actionbl_cron_3day_emaileasync.php:667
actionbl_cron_7day_emaileasync.php:711
actionbl_cron_1day_emaileasync.php:754
actionadmin_menueasync.php:826
actionwp_print_scriptseasync.php:5586
actionin_admin_headereasync.php:5703
actionadmin_footereasync.php:5725
actioninithotel_posttype.php:4
actionadd_meta_boxeshotel_posttype.php:93
actionsave_posthotel_posttype.php:425
actioninitrequirements.php:5
actionadmin_enqueue_scriptsrequirements.php:78
actionadmin_enqueue_scriptsrequirements.php:95
actionadmin_enqueue_scriptsrequirements.php:111
actionadmin_enqueue_scriptsrequirements.php:128
actionadmin_enqueue_scriptsrequirements.php:145
actionadmin_enqueue_scriptsrequirements.php:162
actionadmin_enqueue_scriptsrequirements.php:177
actionadmin_enqueue_scriptsrequirements.php:186
actionadmin_enqueue_scriptsrequirements.php:195
actionadmin_enqueue_scriptsrequirements.php:211
actionthe_postsrequirements.php:239
actionwp_enqueue_scriptsrequirements.php:248
actionadmin_enqueue_scriptsrequirements.php:256
actionadmin_enqueue_scriptsrequirements.php:265
actioninitrestaurant_posttype.php:3
actionadd_meta_boxesrestaurant_posttype.php:139
actionsave_postrestaurant_posttype.php:189
actioninitrestau_table_posttype.php:3
actionadd_meta_boxesrestau_table_posttype.php:86
actionsave_postrestau_table_posttype.php:279

Scheduled Events 4

bl_cron_7day_email
bl_cron_3day_email
bl_cron_1day_email
bl_cron_check_subscription_expiration
Maintenance & Trust

eaSYNC Booking – Hotels, Restaurants & Car Rentals Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 12, 2026
PHP min version5.6
Downloads51K

Community Trust

Rating82/100
Number of ratings17
Active installs100
Alternatives

eaSYNC Booking – Hotels, Restaurants & Car Rentals Alternatives

Emmeo Booking Reception

Emmeo Booking Reception

emmeo-booking-reception

A
100

Front desk / reception dashboard for WP Booking System, MotoPress Hotel Booking, Booking Calendar & WooCommerce Bookings — manage arrivals, depart &hellip;

0 No CVEs
Online Scheduling and Appointment Booking System – Bookly

Online Scheduling and Appointment Booking System – Bookly

bookly-responsive-appointment-booking-tool

A
93

Appointment booking system for WordPress — schedule appointments, manage calendars, send reminders, take payments. Start booking today!

70K 8 CVEs
WP Booking System – Booking Calendar

WP Booking System – Booking Calendar

wp-booking-system

A
89

The booking calendar plugin for WordPress. Get easy online booking with this lightweight and powerful booking calendar.

20K 7 CVEs
WP Hotel Booking

WP Hotel Booking

wp-hotel-booking

D
40

WordPress Hotel Booking Plugin - A complete hotel booking reservation plugin for WordPress.

8K 1 unpatched
Booking calendar, Appointment Booking System

Booking calendar, Appointment Booking System

booking-calendar

B
82

Booking calendar plugin is an awesome tool for creating appointment booking calendars and Scheduling systems in a few minutes.

4K 17 CVEs
Developer Profile

eaSYNC Booking – Hotels, Restaurants & Car Rentals Developer Profile

Syntactics, Inc.

1 plugin · 100 total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
196 days
View full developer profile
Detection Fingerprints

How We Detect eaSYNC Booking – Hotels, Restaurants & Car Rentals

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easync-booking/css/admin-style.css/wp-content/plugins/easync-booking/css/bootstrap.min.css/wp-content/plugins/easync-booking/css/datepicker.css/wp-content/plugins/easync-booking/css/style.css/wp-content/plugins/easync-booking/js/bootstrap.min.js/wp-content/plugins/easync-booking/js/car-booking.js/wp-content/plugins/easync-booking/js/datepicker.js/wp-content/plugins/easync-booking/js/hotel-booking.js+7 more
Script Paths
/wp-content/plugins/easync-booking/js/sync-booking.js/wp-content/plugins/easync-booking/js/sync-booking-admin.js/wp-content/plugins/easync-booking/js/sync-booking-hotel.js/wp-content/plugins/easync-booking/js/sync-booking-restaurant.js/wp-content/plugins/easync-booking/js/sync-booking-car.js/wp-content/plugins/easync-booking/js/jquery-ui.js+5 more
Version Parameters
easync-booking/css/admin-style.css?ver=easync-booking/css/bootstrap.min.css?ver=easync-booking/css/datepicker.css?ver=easync-booking/css/style.css?ver=easync-booking/js/bootstrap.min.js?ver=easync-booking/js/car-booking.js?ver=easync-booking/js/datepicker.js?ver=easync-booking/js/hotel-booking.js?ver=easync-booking/js/jquery-ui.js?ver=easync-booking/js/restaurant-booking.js?ver=easync-booking/js/sync-booking.js?ver=easync-booking/js/sync-booking-admin.js?ver=easync-booking/js/sync-booking-hotel.js?ver=easync-booking/js/sync-booking-restaurant.js?ver=easync-booking/js/sync-booking-car.js?ver=

HTML / DOM Fingerprints

CSS Classes
easync-bookingeasync-booking-admin
HTML Comments
<!-- eaSYNC Booking --><!-- EASYNC BOOKING END
Data Attributes
data-plugin-name="easync-booking"data-plugin-version="1.3.29"
JS Globals
sync_hotel_enablesync_captcha_enablesync_driver_enablesync_paypal_enablesync_car_enablesync_restau_enable+26 more
FAQ

Frequently Asked Questions about eaSYNC Booking – Hotels, Restaurants & Car Rentals