Lucene search
K

22 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-36745

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.0028EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-28452

Malicious code in bioql PyPI...

5.9CVSS5.2AI score0.00392EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-8458

Malicious code in bioql PyPI...

6.5CVSS9.2AI score0.00341EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/29 2:30 p.m.3 views

CVE-2025-22670

Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.7.2...

6.5CVSS7.2AI score0.00341EPSS
Exploits0References1
CVE
CVE
added 2025/03/27 2:14 p.m.45 views

CVE-2025-22670

CVE-2025-22670 describes a CSRF to Settings Change vulnerability in the WordPress VikBooking Hotel Booking Engine & PMS plugin. The issue affects VikBooking versions up to 1.7.2 (including 1.7.2 and earlier). It is classified with a CVSS v3.1 base score of 6.5 (Medium) and is described in connect...

6.5CVSS7.2AI score0.00341EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:10 a.m.6 views

CVE-2024-32563

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VikBooking Hotel Booking Engine & PMS allows Reflected XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.6.7...

7.1CVSS5.2AI score0.00394EPSS
Exploits0References1
NVD
NVD
added 2025/01/26 12:15 p.m.12 views

CVE-2024-11641

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugi...

8.8CVSS0.00334EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/05/15 12:0 a.m.9 views

WordPress VikBooking Hotel Booking Engine & PMS Plugin < 1.6.8 is vulnerable to Insecure Direct Object References (IDOR)

Software VikBooking Hotel Booking Engine & PMS Type Plugin Vulnerable versions 1.6.8 Fixed in 1.6.8 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-2441 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 7959a03a58d4...

6.5AI score0.0061EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2024/04/18 10:15 a.m.13 views

CVE-2024-32563

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VikBooking Hotel Booking Engine & PMS allows Reflected XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.6.7...

7.1CVSS6.9AI score0.00394EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/18 9:57 a.m.22 views

CVE-2024-32563 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VikBooking Hotel Booking Engine & PMS allows Reflected XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.6.7...

7.1CVSS7.1AI score0.00394EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/18 9:57 a.m.12 views

CVE-2024-32563 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VikBooking Hotel Booking Engine & PMS allows Reflected XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.6.7...

7.1CVSS6.9AI score0.00394EPSS
Exploits0References1
CVE
CVE
added 2024/04/18 9:57 a.m.68 views

CVE-2024-32563

CVE-2024-32563 : VikBooking Hotel Booking Engine & PMS on WordPress has an improper input neutralization issue that enables a reflected XSS vulnerability in the web page generation process. The related Red Hat entry confirms the same CVE details and the VikBooking reference, noting the vulnerabil...

7.1CVSS5.2AI score0.00394EPSS
Exploits0References1
Prion
Prion
added 2023/11/09 11:15 p.m.18 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin = 1.6.1 versions...

6.8CVSS7.3AI score0.0028EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/04/06 2:15 p.m.11 views

CVE-2023-24396

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin = 1.5.11 versions...

5.9CVSS5.4AI score0.00392EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/02/15 12:0 a.m.9 views

WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software VikBooking Hotel Booking Engine & PMS Type Plugin Vulnerable versions = 1.5.12 Fixed in 1.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25707 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 425db90a957f...

8.8CVSS6.6AI score0.00232EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/05/16 3:15 p.m.18 views

CVE-2022-1407

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS...

6.5CVSS0.00524EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/05/16 2:30 p.m.20 views

CVE-2022-1407 VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS...

6.3AI score0.00524EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/04/21 12:0 a.m.408 views

VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack XSS will be triggered in...

6.5CVSS0.8AI score0.00524EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/04/21 12:0 a.m.20 views

VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ PHP File Upload

The plugin does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code PoC Edit/add a Characteristics /wp-admin/admin.php?option=comvikbooking=carat and upload a fake GIF with PHP code in it as a...

7.2CVSS0.3AI score0.01467EPSS
Exploits2Affected Software1
NVD
NVD
added 2022/04/19 9:15 p.m.22 views

CVE-2022-27863

Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin = 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests...

5.3CVSS0.01067EPSS
Exploits0References2
Rows per page
Query Builder