Headline
CVE-2022-27863: WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Sensitive Data Exposure vulnerability - Patchstack
Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests.
vikbooking
Software
VikBooking Hotel Booking Engine & PMS
Vulnerable Versions
<= 1.5.3
Fixed in version
1.5.4
CVE
CVE-2022-27863
References
Credits
Classification
Information Disclosure
OWASP Top 10
A3: Sensitive Data Exposure
Disclosure Date
2022-04-18
CVSS 3.0 score
Can be exploited remotely without any authentication.
Are your websites subject to this vulnerability?
Details
Sensitive Data Exposure vulnerability discovered by Huli (Cymetrics) in WordPress VikBooking Hotel Booking Engine & PMS plugin (versions <= 1.5.3).
Solution
Update the WordPress VikBooking Hotel Booking Engine & PMS plugin to the latest available version (at least 1.5.4).
Found a vulnerability that puts your sites at risk?
Found a vulnerability? Help us secure the web and join our community of ethical hackers.
Are you the developer of this software? Hire our researchers for a thorough security audit.
Related news
Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form.