Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Vikbooking Hotel Booking Engine & Pms Security Vulnerabilities

cve
cve

CVE-2022-1407

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS p...

6.5CVSS

6.1AI Score

0.001EPSS

2022-05-16 03:15 PM
55
2
cve
cve

CVE-2022-1408

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.8CVSS

4.8AI Score

0.001EPSS

2022-05-16 03:15 PM
50
5
cve
cve

CVE-2022-1409

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code

7.2CVSS

7AI Score

0.001EPSS

2022-05-16 03:15 PM
51
4
cve
cve

CVE-2022-1528

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting

6.1CVSS

6AI Score

0.001EPSS

2022-05-30 09:15 AM
47
6
cve
cve

CVE-2023-24396

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.11 versions.

5.9CVSS

4.8AI Score

0.001EPSS

2023-04-06 02:15 PM
14
cve
cve

CVE-2023-25707

Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.12 versions.

8.8CVSS

8.8AI Score

0.001EPSS

2023-05-23 01:15 PM
26
cve
cve

CVE-2023-32501

Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.6.1 versions.

8.8CVSS

8.7AI Score

0.001EPSS

2023-11-09 11:15 PM
10
cve
cve

CVE-2024-2441

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they sh...

6.5AI Score

0.0004EPSS

2024-05-14 03:19 PM
31
cve
cve

CVE-2024-2749

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting (categories...

5.9CVSS

6.6AI Score

0.0004EPSS

2024-05-14 03:20 PM
35