CVE-2026-57723
HighCVSS 7.4Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
A CSRF vulnerability in VikBooking Hotel Booking Engine & PMS allows an attacker to perform operations leading to Path Traversal. This issue affects all versions up to and including 1.8.12.
Risk Assessment
An attacker can exploit CSRF to manipulate files on the server, potentially leading to unauthorized data access or system compromise.
Recommendation
Immediately update the VikBooking Hotel Booking Engine & PMS plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Path Traversal. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.12.

