To plugin page

Fixed

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Arbitrary File Upload leading to RCE

9.8

CVSS 3.1 score Critical severity

Monitoring Coming soon

Find out about vulnerable plugins in your websites for free.

Scan your website

Software

VikBooking Hotel Booking Engine & PMS

Type

Plugin

Vulnerable versions

<= 1.5.3

Fixed in

1.5.4

PSID

0ca443ff8370

CVE ID

CVE-2022-27862

Classification

Arbitrary File Upload

OWASP Top 10

A1: Injection

Required privilege

Can be exploited remotely without any authentication.

Credits

Huli (Cymetrics)

Publicly disclosed

2022-04-18

Details

Arbitrary File Upload leading to RCE discovered by Huli (Cymetrics) in WordPress VikBooking Hotel Booking Engine & PMS plugin (versions <= 1.5.3).

Solution

Update the WordPress VikBooking Hotel Booking Engine & PMS plugin to the latest available version (at least 1.5.4).

References

CVE-2022-27862 Plugin changelog

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Arbitrary File Upload leading to RCE

Details

Solution

References

Other known vulnerabilities for VikBooking Hotel Booking Engine & PMS

Submit vulnerabilities and become a verified Alliance member

All solutions

WordPress security

Patchstack

Social

All solutions

WordPress Security

Patchstack

Social

© 2022 Patchstack

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Arbitrary File Upload leading to RCE

Details

Solution

References

Other known vulnerabilities for VikBooking Hotel Booking Engine & PMS

Submit vulnerabilities and become a verified Alliance member

All solutions

WordPress security

Patchstack

Social

All solutions

WordPress Security

Patchstack

Social

© 2022 Patchstack

Let us know if we have missed a vulnerability reported elsewhere

Thank you for contributing!