WordPress Plugin Vulnerabilities

VikBooking Hotel Booking Engine & PMS < 1.5.4 - Booking Data Disclosure

Description

The plugin has guessable booking IDs, which could allow attackers to retrieve booking data via an IDOR in the search request

Affects Plugins

Plugin icon
vikbooking
Fixed in 1.5.4

References

CVE
CVE-2022-27863

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Huli
Verified
No
WPVDB ID
bc81d2ab-4bdb-4b1c-b475-79ace87bd1c8

Timeline

Publicly Published
2022-04-18 (about 2 years ago)
Added
2022-04-20 (about 2 years ago)
Last Updated
2022-04-21 (about 2 years ago)

Other

Published
Title
Published
2021-01-28
Title
uListing < 1.7 - Unauthenticated Information Disclosure
Published
2024-03-29
Title
Essential Addons for Elementor < 5.9.14 - Unauthenticated Private/Draft Posts Access
Published
2023-12-28
Title
Uncanny Automator < 5.1.0.3 - Sensitive Information Exposure via Log File
Published
2022-02-10
Title
wpDiscuz < 7.3.12 - Sensitive Information Disclosure
Published
2023-07-10
Title
LMS by Masteriyo < 1.6.8 - Information Exposure