ГлавнаяУязвимости → CVE-2024-2441
8.1высокая

CVE-2024-2441

Описание

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they shouldn't be allowed to.

Затрагиваемое ПО
Vikwp Vikbooking hotel booking engine \& pms
CVSS
Балл8.1 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Источники
https://wpscan.com/vulnerability/9647e273-5724-4a02-868d-9b79f4bb2b79/https://wpscan.com/vulnerability/9647e273-5724-4a02-868d-9b79f4bb2b79/