Vikwp Vikbooking_hotel_booking_engine_\&_pms

7 CVEs affecting Vikwp Vikbooking_hotel_booking_engine_\&_pms. Latest disclosed: 2025-05-15. Critical: 0, High: 2.

Top CVEs affecting Vikwp Vikbooking_hotel_booking_engine_\&_pms
CVESeverityScorePublishedSummary
CVE-2024-11641High8.82025-01-26The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is…
CVE-2024-2441High8.12024-05-14The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privilege…
CVE-2023-25707Medium6.32023-05-23Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.12 versions.
CVE-2024-2749Medium5.92024-05-14The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permittin…
CVE-2023-24396Medium5.92023-04-06Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.11 versions.
CVE-2024-13616Medium4.82025-05-15The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege use…
CVE-2023-32501Medium4.32023-11-09Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.6.1 versions.