Vulnerabilities > Vikwp

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-26	CVE-2024-11641	Cross-Site Request Forgery (CSRF) vulnerability in Vikwp Vikbooking Hotel Booking Engine & PMS The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. network low complexity vikwp CWE-352	8.8
2023-11-09	CVE-2023-32501	Unspecified vulnerability in Vikwp Vikbooking Hotel Booking Engine & PMS Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. network low complexity vikwp	8.8
2023-05-23	CVE-2023-25707	Unspecified vulnerability in Vikwp Vikbooking Hotel Booking Engine & PMS Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. network low complexity vikwp	8.8
2023-04-06	CVE-2023-24396	Cross-site Scripting vulnerability in Vikwp Vikbooking Hotel Booking Engine & PMS Auth. network low complexity vikwp CWE-79	4.8
2022-05-30	CVE-2022-1528	Unspecified vulnerability in Vikwp VIK Booking The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting network low complexity vikwp	6.1
2022-05-16	CVE-2022-1407	Unspecified vulnerability in Vikwp Hotel Booking Engine & PMS The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. network low complexity vikwp	6.5
2022-05-16	CVE-2022-1408	Unspecified vulnerability in Vikwp Hotel Booking Engine & PMS The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed network low complexity vikwp	4.8
2022-05-16	CVE-2022-1409	Unspecified vulnerability in Vikwp Hotel Booking Engine & PMS The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code network low complexity vikwp	7.2
2022-04-19	CVE-2022-27862	Unspecified vulnerability in Vikwp Vikbooking Hotel Booking Engine & Property Management System Plugin Arbitrary File Upload leading to RCE in E4J s.r.l. network low complexity vikwp critical	9.8
2022-04-19	CVE-2022-27863	Unspecified vulnerability in Vikwp Vikbooking Hotel Booking Engine & Property Management System Plugin Sensitive Information Exposure in E4J s.r.l. network low complexity vikwp	5.3

Vulnerabilities > Vikwp {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Vikwp"}]}

Vulnerabilities > Vikwp