3 matches found
CVE-2024-11641
creationtimestamp| type| source ---|---|--- 2025-01-26 11:16:07+00:00| seen| https://infosec.exchange/users/cve/statuses/113894369969710978 2025-01-26 12:15:50+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgnfptvatp2j 2025-01-26 13:06:18+00:00| seen|...
CVE-2024-11641 VikBooking Hotel Booking Engine & PMS <= 1.7.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload
The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugi...
CVE-2024-11641 VikBooking Hotel Booking Engine & PMS <= 1.7.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload
The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugi...