Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Vikwp Security Vulnerabilities

cve
cve

CVE-2021-24519

The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue

4.8CVSS

4.6AI Score

0.001EPSS

2021-08-16 11:15 AM
25
cve
cve

CVE-2022-1407

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS p...

6.5CVSS

6.1AI Score

0.001EPSS

2022-05-16 03:15 PM
51
2
cve
cve

CVE-2022-1408

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.8CVSS

4.8AI Score

0.001EPSS

2022-05-16 03:15 PM
46
5
cve
cve

CVE-2022-1409

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code

7.2CVSS

7AI Score

0.001EPSS

2022-05-16 03:15 PM
47
4
cve
cve

CVE-2022-1528

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting

6.1CVSS

6AI Score

0.001EPSS

2022-05-30 09:15 AM
44
6
cve
cve

CVE-2022-27862

Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form.

9.8CVSS

9.5AI Score

0.002EPSS

2022-04-19 09:15 PM
52
cve
cve

CVE-2022-27863

Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests.

5.3CVSS

5.2AI Score

0.001EPSS

2022-04-19 09:15 PM
58
cve
cve

CVE-2023-24396

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.11 versions.

5.9CVSS

4.8AI Score

0.001EPSS

2023-04-06 02:15 PM
10
cve
cve

CVE-2023-25707

Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.12 versions.

8.8CVSS

8.8AI Score

0.001EPSS

2023-05-23 01:15 PM
24
cve
cve

CVE-2023-32501

Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.6.1 versions.

8.8CVSS

8.7AI Score

0.001EPSS

2023-11-09 11:15 PM
7