CVE-2024-2441

Sažetak

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they shouldn't be allowed to.

Reference

https://wpscan.com/vulnerability/9647e273-5724-4a02-868d-9b79f4bb2b79/
https://wpscan.com/vulnerability/9647e273-5724-4a02-868d-9b79f4bb2b79/

CVSS

Base:	8.1
Impact:	5.2
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Zadnje važnije ažuriranje

05-05-2025 - 17:12

Objavljeno

14-05-2024 - 15:19