CVE-2024-2441

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they...

PT-2024-20389 · WordPress · Vikbooking Hotel Booking Engine & Pms

Name of the Vulnerable Software and Affected Versions: VikBooking Hotel Booking Engine & PMS WordPress plugin versions prior to 1.6.8 Description: The issue allows an authenticated user with subscriber privileges or above to bypass authorization and access settings they shouldn't be allowed to...