vulnerability
WordPress Plugin: vikbooking: CVE-2022-27863: Exposure of Sensitive Information to an Unauthorized Actor
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Apr 18, 2022 | May 15, 2025 | May 15, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Apr 18, 2022
Added
May 15, 2025
Modified
May 15, 2025
Description
Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine and PMS plugin less than or equal to 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests.
Solution
vikbooking-plugin-cve-2022-27863

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.