Vulnerabilities > Vikwp

DATE CVE VULNERABILITY TITLE RISK
2023-11-09 CVE-2023-32501 Cross-Site Request Forgery (CSRF) vulnerability in Vikwp Vikbooking Hotel Booking Engine & PMS
Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L.
network
low complexity
vikwp CWE-352
8.8
8.8
2023-05-23 CVE-2023-25707 Cross-Site Request Forgery (CSRF) vulnerability in Vikwp Vikbooking Hotel Booking Engine & PMS
Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L.
network
low complexity
vikwp CWE-352
8.8
8.8
2023-04-06 CVE-2023-24396 Cross-site Scripting vulnerability in Vikwp Vikbooking Hotel Booking Engine & PMS
Auth.
network
low complexity
vikwp CWE-79
4.8
4.8
2022-05-30 CVE-2022-1528 Cross-site Scripting vulnerability in Vikwp VIK Booking
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting
network
low complexity
vikwp CWE-79
6.1
6.1
2022-05-16 CVE-2022-1407 Cross-Site Request Forgery (CSRF) vulnerability in Vikwp Hotel Booking Engine & PMS
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes.
network
low complexity
vikwp CWE-352
6.5
6.5
2022-05-16 CVE-2022-1408 Cross-site Scripting vulnerability in Vikwp Hotel Booking Engine & PMS
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
network
low complexity
vikwp CWE-79
4.8
4.8
2022-05-16 CVE-2022-1409 Unrestricted Upload of File with Dangerous Type vulnerability in Vikwp Hotel Booking Engine & PMS
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code
network
low complexity
vikwp CWE-434
7.2
7.2
2022-04-19 CVE-2022-27862 Unrestricted Upload of File with Dangerous Type vulnerability in Vikwp Vikbooking Hotel Booking Engine & Property Management System Plugin
Arbitrary File Upload leading to RCE in E4J s.r.l.
network
low complexity
vikwp CWE-434
critical
 9.8
9.8
2022-04-19 CVE-2022-27863 Information Exposure vulnerability in Vikwp Vikbooking Hotel Booking Engine & Property Management System Plugin
Sensitive Information Exposure in E4J s.r.l.
network
low complexity
vikwp CWE-200
5.3
5.3
2021-08-16 CVE-2021-24519 Cross-site Scripting vulnerability in Vikwp CAR Rental Management System
The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue
network
low complexity
vikwp CWE-79
4.8
4.8