CVE Catalog

CVE-2026-57723

HighCVSS 7.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

A CSRF vulnerability in VikBooking Hotel Booking Engine & PMS allows an attacker to perform operations leading to Path Traversal. This issue affects all versions up to and including 1.8.12.

Risk Assessment

An attacker can exploit CSRF to manipulate files on the server, potentially leading to unauthorized data access or system compromise.

Recommendation

Immediately update the VikBooking Hotel Booking Engine & PMS plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Path Traversal. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.12.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS