VYPR

Vikbooking Hotel Booking Engine \& Pms

by Vikwp

Source repositories

CVEs (8)

  • CVE-2025-22670MedMar 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.7.2.

  • CVE-2025-49918MedDec 18, 2025
    risk 0.38cvss 5.9epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Retrieve Embedded Sensitive Data.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.2.

  • CVE-2025-5803MedNov 6, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.2.

  • CVE-2023-32501MedNov 9, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.6.1 versions.

  • CVE-2024-13616May 15, 2025
    risk 0.00cvss epss 0.00

    The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed…

  • CVE-2024-11641Jan 26, 2025
    risk 0.00cvss epss 0.00

    The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated…

  • CVE-2024-2749May 10, 2024
    risk 0.00cvss epss 0.00

    The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or…

  • CVE-2024-2441May 10, 2024
    risk 0.00cvss epss 0.01

    The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin…