CVE-2023-32501 WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.6.1 is vulnerable to Cross Site Request Forgery (CSRF)

2023-11-0922:18:56

CWE-352

Patchstack

www.cve.org

wordpress

vikbooking

cross site request forgery

e4j

pms plugin

cve-2023-32501

AI Score

Confidence

High

EPSS

0.001

Percentile

24.1%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.6.1 versions.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "vikbooking",
    "product": "VikBooking Hotel Booking Engine & PMS",
    "vendor": "E4J s.r.l.",
    "versions": [
      {
        "changes": [
          {
            "at": "1.6.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.6.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/vikbooking/wordpress-vikbooking-hotel-booking-engine-pms-plugin-1-6-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve