vulnerability

WordPress Plugin: vikbooking: CVE-2022-27863: Exposure of Sensitive Information to an Unauthorized Actor

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Apr 18, 2022
Added
May 15, 2025
Modified
May 15, 2025

Description

Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine and PMS plugin less than or equal to 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests.

Solution

vikbooking-plugin-cve-2022-27863
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.