Vulnerabilities > Vikwp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-09 | CVE-2023-32501 | Cross-Site Request Forgery (CSRF) vulnerability in Vikwp Vikbooking Hotel Booking Engine & PMS Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. | 8.8 |
| 2023-05-23 | CVE-2023-25707 | Cross-Site Request Forgery (CSRF) vulnerability in Vikwp Vikbooking Hotel Booking Engine & PMS Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. | 8.8 |
| 2023-04-06 | CVE-2023-24396 | Cross-site Scripting vulnerability in Vikwp Vikbooking Hotel Booking Engine & PMS Auth. | 4.8 |
| 2022-05-30 | CVE-2022-1528 | Cross-site Scripting vulnerability in Vikwp VIK Booking The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting | 4.3 |
| 2022-05-16 | CVE-2022-1407 | Cross-Site Request Forgery (CSRF) vulnerability in Vikwp Hotel Booking Engine & PMS The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. | 4.3 |
| 2022-05-16 | CVE-2022-1408 | Cross-site Scripting vulnerability in Vikwp Hotel Booking Engine & PMS The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 3.5 |
| 2022-05-16 | CVE-2022-1409 | Unrestricted Upload of File with Dangerous Type vulnerability in Vikwp Hotel Booking Engine & PMS The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code | 6.5 |
| 2022-04-19 | CVE-2022-27862 | Unrestricted Upload of File with Dangerous Type vulnerability in Vikwp Vikbooking Hotel Booking Engine & Property Management System Plugin Arbitrary File Upload leading to RCE in E4J s.r.l. | 7.5 |
| 2022-04-19 | CVE-2022-27863 | Information Exposure vulnerability in Vikwp Vikbooking Hotel Booking Engine & Property Management System Plugin Sensitive Information Exposure in E4J s.r.l. | 5.0 |
| 2021-08-16 | CVE-2021-24519 | Cross-site Scripting vulnerability in Vikwp CAR Rental Management System The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue | 3.5 |