Lucene search
+L

83 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:17 p.m.6 views

CVE-2022-1408

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS6.1AI score0.00577EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:17 p.m.8 views

CVE-2022-1407

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS...

6.5CVSS5.9AI score0.00524EPSS
Exploits2References1
Patchstack
Patchstack
added 2025/05/19 1:0 a.m.7 views

WordPress VikBooking plugin < 1.7.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions 1.7.2...

4.8CVSS6AI score0.00266EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/17 9:1 p.m.8 views

CVE-2024-13616

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 8:15 p.m.8 views

CVE-2024-13616

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.8CVSS0.00266EPSS
Exploits1References1
OSV
OSV
added 2025/05/15 8:15 p.m.4 views

CVE-2024-13616

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.8CVSS5.8AI score0.00266EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.28 views

CVE-2024-13616

The CVE covers the VikBooking Hotel Booking Engine & PMS WordPress plugin (prior to version 1.7.2). The underlying issue is insufficient sanitization/escaping of certain plugin settings, enabling Stored Cross-Site Scripting even when unfiltered_html is disallowed (e.g., in multisite setups). Affe...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.13 views

CVE-2024-13616 VikBooking < 1.7.2 - Admin+ Stored XSS

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

0.00266EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.11 views

CVE-2024-13616 VikBooking < 1.7.2 - Admin+ Stored XSS

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.7AI score0.00266EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.3 views

PT-2025-21459 · WordPress · Vikbooking Hotel Booking Engine & Pms

Name of the Vulnerable Software and Affected Versions: VikBooking Hotel Booking Engine & PMS WordPress plugin versions prior to 1.7.2 Description: The issue concerns the VikBooking Hotel Booking Engine & PMS WordPress plugin, where certain settings are not properly sanitized and escaped. This cou...

4.8CVSS4.7AI score0.00266EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.2 views

WordPress plugin VikBooking Hotel Booking Engine & PMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.8CVSS4.9AI score0.00266EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/27 2:14 p.m.14 views

CVE-2025-22670 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.7.2 - CSRF to Settings Change vulnerability

Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.7.2...

6.5CVSS0.00341EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:43 a.m.6 views

CVE-2024-11641

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugi...

8.8CVSS7.6AI score0.00334EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/27 11:2 p.m.3 views

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.7.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Cross-Site Request Forgery to Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.7.2...

8.8CVSS7AI score0.00334EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/01/26 12:15 p.m.3 views

CVE-2024-11641

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugi...

8.8CVSS7.8AI score0.00334EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/26 12:0 a.m.3 views

PT-2025-1676 · WordPress · Vikbooking Hotel Booking Engine & Pms

Name of the Vulnerable Software and Affected Versions: VikBooking Hotel Booking Engine & PMS plugin for WordPress versions up to, and including, 1.7.2 Description: The issue is due to missing or incorrect nonce validation on the save function, making it possible for unauthenticated attackers to...

8.8CVSS8.2AI score0.00334EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/05/15 1:41 a.m.5 views

WordPress VikBooking plugin < 1.6.8 - Insecure Direct Object References vulnerability

Insecure Direct Object References vulnerability discovered by cyc707 in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions 1.6.8...

8.1CVSS7AI score0.0061EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2024/05/14 3:20 p.m.3 views

CVE-2024-2749

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting categorie...

5.9CVSS5.8AI score0.0028EPSS
Exploits2References1
OSV
OSV
added 2024/05/14 3:19 p.m.7 views

CVE-2024-2441

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they...

8.1CVSS5.8AI score0.0061EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.5 views

WordPress plugin VikBooking Hotel Booking Engine & PMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.9CVSS6.5AI score0.0028EPSS
Exploits2References2
Rows per page
Query Builder