Vulnerability Description
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting (categories for example) despite initial settings prohibiting such access. This vulnerability resembles broken access control, enabling unauthorized users to modify critical VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 configurations.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vikwp | Vikbooking Hotel Booking Engine \& Pms | < 1.6.8 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/c0640d3a-80b3-4cad-a3cf-fb5d86558e91/ExploitThird Party Advisory
- https://wpscan.com/vulnerability/c0640d3a-80b3-4cad-a3cf-fb5d86558e91/ExploitThird Party Advisory
FAQ
What is CVE-2024-2749?
CVE-2024-2749 is a vulnerability with a CVSS score of 5.9 (MEDIUM). The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to man...
How severe is CVE-2024-2749?
CVE-2024-2749 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-2749?
Check the references section above for vendor advisories and patch information. Affected products include: Vikwp Vikbooking Hotel Booking Engine \& Pms.