CVE-2024-13616 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege user…
Medium CVSS: 4.8

CVE-2024-13616

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Vendor
Vikwp
Product
Vikbooking Hotel Booking Engine \& Pms
CWE
CWE-79
Yayın Tarihi
2025-05-15 20:15:39
Güncelleme
2025-06-10 13:10:20
Source Identifier
contact@wpscan.com
KEV Date Added
-

Kategoriler

CWE-79 Vikbooking Hotel Booking Engine \& Pms MEDIUM Vikwp 2025

Referanslar

https://wpscan.com/vulnerability/44b3a2d9-a2e1-43dd-b27a-1ad9d6015c9b/ https://wpscan.com/vulnerability/44b3a2d9-a2e1-43dd-b27a-1ad9d6015c9b/