Vulnerabilities > Vikwp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-06 | CVE-2023-24396 | Cross-site Scripting vulnerability in Vikwp Vikbooking Hotel Booking Engine & PMS Auth. | 4.8 |
| 2022-05-30 | CVE-2022-1528 | Unspecified vulnerability in Vikwp VIK Booking The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting | 6.1 |
| 2022-05-16 | CVE-2022-1407 | Unspecified vulnerability in Vikwp Hotel Booking Engine & PMS The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. | 6.5 |
| 2022-05-16 | CVE-2022-1408 | Unspecified vulnerability in Vikwp Hotel Booking Engine & PMS The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
| 2022-04-19 | CVE-2022-27863 | Unspecified vulnerability in Vikwp Vikbooking Hotel Booking Engine & Property Management System Plugin Sensitive Information Exposure in E4J s.r.l. | 5.3 |
| 2021-08-16 | CVE-2021-24519 | Unspecified vulnerability in Vikwp CAR Rental Management System The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue | 4.8 |