Primary

Context

VikBooking Hotel Booking Engine & PMS Missing Authorization Vulnerability Allowing CSRF Exploitation

Vulnerability

Patched

A missing authorization vulnerability has been identified in the VikBooking Hotel Booking Engine & PMS WordPress plugin, affecting versions through 1.7.2. This vulnerability allows for Cross-Site Request Forgery (CSRF) attacks by exploiting incorrectly configured access control security levels.

Impact

Exploitation could enable attackers to force users with higher privileges to perform actions they did not intend to, potentially leading to unauthorized changes in settings or other critical areas.

Remediation

Users of the VikBooking Hotel Booking Engine & PMS WordPress plugin should update to version 1.7.3 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

6.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

6.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VikBooking Hotel Booking Engine & PMS Missing Authorization Vulnerability Allowing CSRF Exploitation

Vulnerability

Impact

Remediation

Affected Products

VikBooking Hotel Booking Engine & PMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating