4 matches found
WordPress VikBooking Hotel Booking Engine & PMS Plugin < 1.6.8 is vulnerable to Insecure Direct Object References (IDOR)
Software VikBooking Hotel Booking Engine & PMS Type Plugin Vulnerable versions 1.6.8 Fixed in 1.6.8 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-2441 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 7959a03a58d4...
CVE-2024-2441
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they...
CVE-2024-2441
CVE-2024-2441 (VikBooking plugin) : The VikBooking Hotel Booking Engine & PMS for WordPress (before 1.6.8) suffers an insecure direct object reference (IDOR) flaw in its access control, allowing an authenticated user with subscriber privileges or higher to directly access menus and plugin setting...
CVE-2024-2441 VikBooking < 1.6.8 - Insecure Direct Object References
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they...