Описание
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they shouldn't be allowed to.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.6.8 (исключая)
cpe:2.3:a:vikwp:vikbooking_hotel_booking_engine_\&_pms:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 68%
0.00582
Низкий
8.1 High
CVSS3
Дефекты
CWE-285
Связанные уязвимости
CVSS3: 8.1
github
больше 1 года назад
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they shouldn't be allowed to.
EPSS
Процентиль: 68%
0.00582
Низкий
8.1 High
CVSS3
Дефекты
CWE-285