Unrated severityNVD Advisory· Published May 10, 2024· Updated Mar 14, 2025
VikBooking < 1.6.8 - Insecure Direct Object References
CVE-2024-2441
Description
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they shouldn't be allowed to.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- WordPress/VikBooking Hotel Booking Engine & PMS WordPress plugindescription
- Range: <1.6.8
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/9647e273-5724-4a02-868d-9b79f4bb2b79/mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.