83 matches found
CVE-2022-1408
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-1407
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS...
WordPress VikBooking plugin < 1.7.2 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions 1.7.2...
CVE-2024-13616
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-13616
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-13616
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-13616
The CVE covers the VikBooking Hotel Booking Engine & PMS WordPress plugin (prior to version 1.7.2). The underlying issue is insufficient sanitization/escaping of certain plugin settings, enabling Stored Cross-Site Scripting even when unfiltered_html is disallowed (e.g., in multisite setups). Affe...
CVE-2024-13616 VikBooking < 1.7.2 - Admin+ Stored XSS
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-13616 VikBooking < 1.7.2 - Admin+ Stored XSS
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
PT-2025-21459 · WordPress · Vikbooking Hotel Booking Engine & Pms
Name of the Vulnerable Software and Affected Versions: VikBooking Hotel Booking Engine & PMS WordPress plugin versions prior to 1.7.2 Description: The issue concerns the VikBooking Hotel Booking Engine & PMS WordPress plugin, where certain settings are not properly sanitized and escaped. This cou...
WordPress plugin VikBooking Hotel Booking Engine & PMS 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2025-22670 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.7.2 - CSRF to Settings Change vulnerability
Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.7.2...
CVE-2024-11641
The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugi...
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.7.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Cross-Site Request Forgery to Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.7.2...
CVE-2024-11641
The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugi...
PT-2025-1676 · WordPress · Vikbooking Hotel Booking Engine & Pms
Name of the Vulnerable Software and Affected Versions: VikBooking Hotel Booking Engine & PMS plugin for WordPress versions up to, and including, 1.7.2 Description: The issue is due to missing or incorrect nonce validation on the save function, making it possible for unauthenticated attackers to...
WordPress VikBooking plugin < 1.6.8 - Insecure Direct Object References vulnerability
Insecure Direct Object References vulnerability discovered by cyc707 in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions 1.6.8...
CVE-2024-2749
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting categorie...
CVE-2024-2441
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they...
WordPress plugin VikBooking Hotel Booking Engine & PMS 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...