Lucene search
HistoryMay 14, 2024 - 3:19 p.m.
CVE-2024-2441
cve-2024-2441
vikbooking
hotel booking engine
pms
wordpress
plugin
vulnerability
direct access
menus
authenticated user
subscriber privileges
bypass authorization
settings
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8’s they shouldn’t be allowed to.
Affected configurations
Node
vikwpvikbooking_hotel_booking_engine_\&_pmsRange<1.6.8
| Vendor | Product | Version | CPE |
|---|---|---|---|
| vikwp | vikbooking_hotel_booking_engine_\&_pms | * | cpe:2.3:a:vikwp:vikbooking_hotel_booking_engine_\&_pms:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "VikBooking Hotel Booking Engine & PMS",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "1.6.8"
}
],
"defaultStatus": "unaffected"
}
]Related
wpexploit
wpexploit
VikBooking < 1.6.8 - Insecure Direct Object References
2024-04-19 00:00:00
wpvulndb
wpvulndb
VikBooking < 1.6.8 - Insecure Direct Object References
2024-04-19 00:00:00
cvelist
cvelist
CVE-2024-2441 VikBooking < 1.6.8 - Insecure Direct Object References
2024-05-10 06:00:02
nvd
nvd
CVE-2024-2441
2024-05-14 15:19:20
wordfence
wordfence