Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hotel_booking_engine_\&_pms
(Vikwp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-05-16 | CVE-2022-1407 | The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack | Hotel_booking_engine_\&_pms | 6.5 | ||
| 2022-05-16 | CVE-2022-1408 | The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | Hotel_booking_engine_\&_pms | 4.8 | ||
| 2022-05-16 | CVE-2022-1409 | The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code | Hotel_booking_engine_\&_pms | 7.2 |