Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests.
References
Link | Resource |
---|---|
https://patchstack.com/database/vulnerability/vikbooking/wordpress-vikbooking-hotel-booking-engine-pms-plugin-1-5-3-sensitive-data-exposure-vulnerability | Release Notes Third Party Advisory |
https://wordpress.org/plugins/vikbooking/#developers | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2022-04-19 14:15
Updated : 2022-04-27 20:44
NVD link : CVE-2022-27863
Mitre link : CVE-2022-27863
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
vikwp
- vikbooking_hotel_booking_engine_\&_property_management_system_plugin