Vikwp Vikbooking_hotel_booking_engine_\&_pms
7 CVEs affecting Vikwp Vikbooking_hotel_booking_engine_\&_pms. Latest disclosed: 2025-05-15. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-11641 | High | 8.8 | 2025-01-26 | The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is… |
CVE-2024-2441 | High | 8.1 | 2024-05-14 | The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privilege… |
CVE-2023-25707 | Medium | 6.3 | 2023-05-23 | Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.12 versions. |
CVE-2024-2749 | Medium | 5.9 | 2024-05-14 | The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permittin… |
CVE-2023-24396 | Medium | 5.9 | 2023-04-06 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.11 versions. |
CVE-2024-13616 | Medium | 4.8 | 2025-05-15 | The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege use… |
CVE-2023-32501 | Medium | 4.3 | 2023-11-09 | Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.6.1 versions. |