Vikbooking Hotel Booking Engine & Pms Security Vulnerabilities and Issues — Vikbooking Hotel Booking Engine & Pms CVE List

Lucene search

VikwpVikbooking Hotel Booking Engine & Pms

11 matches found

CVE•added 2022/05/16 3:15 p.m.•66 views

CVE-2022-1408

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.8CVSS4.8AI score0.00267EPSS

CVE•added 2022/05/16 3:15 p.m.•65 views

CVE-2022-1409

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code

7.2CVSS7AI score0.00861EPSS

CVE•added 2022/05/30 9:15 a.m.•64 views

CVE-2022-1528

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting

6.1CVSS6AI score0.00273EPSS

CVE•added 2022/05/16 3:15 p.m.•63 views

CVE-2022-1407

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS p...

6.5CVSS6.2AI score0.00134EPSS

CVE•added 2024/05/14 3:20 p.m.•59 views

CVE-2024-2749

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting (categories...

5.9CVSS6.6AI score0.00075EPSS

CVE•added 2024/05/14 3:19 p.m.•58 views

CVE-2024-2441

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they sh...

8.1CVSS6.5AI score0.00429EPSS

CVE•added 2025/01/26 12:15 p.m.•42 views

CVE-2024-11641

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugin ...

8.8CVSS8.8AI score0.0008EPSS

CVE•added 2023/05/23 1:15 p.m.•37 views

CVE-2023-25707

Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin

8.8CVSS7.5AI score0.00065EPSS

CVE•added 2023/04/06 2:15 p.m.•27 views

CVE-2023-24396

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin

5.9CVSS5AI score0.00106EPSS

CVE•added 2023/11/09 11:15 p.m.•19 views

CVE-2023-32501

Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin

8.8CVSS8.9AI score0.00096EPSS

CVE•added 2025/05/15 8:15 p.m.•18 views

CVE-2024-13616

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi...

4.8CVSS5.7AI score0.00046EPSS