Cross-Site Request Forgery in VikBooking Hotel Booking Engine by e4jvikwp
CVE-2026-57723
7.4HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 1 July 2026
What is CVE-2026-57723?
A security flaw exists in VikBooking Hotel Booking Engine & PMS that enables Cross-Site Request Forgery (CSRF), permitting unauthorized commands to be transmitted from a user that the web application trusts. This vulnerability can lead to unauthorized actions on behalf of authenticated users, potentially allowing attackers to exploit path traversal vulnerabilities. All versions up to and including 1.8.12 are susceptible to this security issue, making it crucial for users to implement security measures to mitigate any risks.
Affected Version(s)
VikBooking Hotel Booking Engine & PMS <= 1.8.12