Lucene search
K

4 matches found

Patchstack
Patchstack
added 2024/05/15 12:0 a.m.9 views

WordPress VikBooking Hotel Booking Engine & PMS Plugin < 1.6.8 is vulnerable to Insecure Direct Object References (IDOR)

Software VikBooking Hotel Booking Engine & PMS Type Plugin Vulnerable versions 1.6.8 Fixed in 1.6.8 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-2441 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 7959a03a58d4...

6.5AI score0.0061EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2024/05/14 3:19 p.m.19 views

CVE-2024-2441

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they...

8.1CVSS6.3AI score0.0061EPSS
Exploits2References1
CVE
CVE
added 2024/05/10 6:0 a.m.76 views

CVE-2024-2441

CVE-2024-2441 (VikBooking plugin) : The VikBooking Hotel Booking Engine & PMS for WordPress (before 1.6.8) suffers an insecure direct object reference (IDOR) flaw in its access control, allowing an authenticated user with subscriber privileges or higher to directly access menus and plugin setting...

8.1CVSS6.5AI score0.0061EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2024/05/10 6:0 a.m.24 views

CVE-2024-2441 VikBooking < 1.6.8 - Insecure Direct Object References

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they...

6.5AI score0.0061EPSS
Exploits2References1
Rows per page
Query Builder