cleantalk
Vulnerabilities and Security Researches

VikBooking Hotel Booking Engine & PMS, CVE-2024-13616

CVE, Research URL

CVE-2024-13616

Home page URL

Security reports for VikBooking Hotel Booking Engine & PMS

Application

VikBooking Hotel Booking Engine & PMS

Published on
May 16, 2025
Research Description
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
Min -, max 1.7.2.
Status
vulnerable
Previous vulnerability researches
Geocache Stat Bar Widget (CVE-2024-11266) , May 17, 2025
New vulnerability
EventON (CVE-2025-48116) , May 18, 2025
Import Export For WooCommerce (CVE-2025-48144) , May 18, 2025
ValidateCertify – Free (CVE-2025-48115) , May 18, 2025
Contact Form builder with drag & drop for WordPress – Kali Forms (CVE-2025-3201) , May 18, 2025
Uncanny Toolkit for LearnDash (CVE-2025-48080) , May 18, 2025