22 matches found
EUVD-2023-36745
Malicious code in bioql PyPI...
EUVD-2023-28452
Malicious code in bioql PyPI...
EUVD-2025-8458
Malicious code in bioql PyPI...
CVE-2025-22670
Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.7.2...
CVE-2025-22670
CVE-2025-22670 describes a CSRF to Settings Change vulnerability in the WordPress VikBooking Hotel Booking Engine & PMS plugin. The issue affects VikBooking versions up to 1.7.2 (including 1.7.2 and earlier). It is classified with a CVSS v3.1 base score of 6.5 (Medium) and is described in connect...
CVE-2024-32563
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VikBooking Hotel Booking Engine & PMS allows Reflected XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.6.7...
CVE-2024-11641
The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugi...
WordPress VikBooking Hotel Booking Engine & PMS Plugin < 1.6.8 is vulnerable to Insecure Direct Object References (IDOR)
Software VikBooking Hotel Booking Engine & PMS Type Plugin Vulnerable versions 1.6.8 Fixed in 1.6.8 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-2441 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 7959a03a58d4...
CVE-2024-32563
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VikBooking Hotel Booking Engine & PMS allows Reflected XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.6.7...
CVE-2024-32563 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VikBooking Hotel Booking Engine & PMS allows Reflected XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.6.7...
CVE-2024-32563 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VikBooking Hotel Booking Engine & PMS allows Reflected XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.6.7...
CVE-2024-32563
CVE-2024-32563 : VikBooking Hotel Booking Engine & PMS on WordPress has an improper input neutralization issue that enables a reflected XSS vulnerability in the web page generation process. The related Red Hat entry confirms the same CVE details and the VikBooking reference, noting the vulnerabil...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin = 1.6.1 versions...
CVE-2023-24396
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin = 1.5.11 versions...
WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.12 is vulnerable to Cross Site Request Forgery (CSRF)
Software VikBooking Hotel Booking Engine & PMS Type Plugin Vulnerable versions = 1.5.12 Fixed in 1.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25707 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 425db90a957f...
CVE-2022-1407
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS...
CVE-2022-1407 VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS...
VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF
The plugin does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack XSS will be triggered in...
VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ PHP File Upload
The plugin does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code PoC Edit/add a Characteristics /wp-admin/admin.php?option=comvikbooking=carat and upload a fake GIF with PHP code in it as a...
CVE-2022-27863
Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin = 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests...