Medium severity6.5NVD Advisory· Published May 16, 2022· Updated Jun 17, 2026
CVE-2022-1407
CVE-2022-1407
Description
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/VikBooking Hotel Booking Engine & PMSdescription
- Range: <1.5.8
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/19a9e266-daf6-4cc5-a300-2b5436b6d07dnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.