Vulnerability CVE-2022-27862


Published: 2022-04-19

Description:
Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form.

Type:

CWE-434

(Unrestricted Upload of File with Dangerous Type)

 References:
https://wordpress.org/plugins/vikbooking/#developers
https://patchstack.com/database/vulnerability/vikbooking/wordpress-vikbooking-hotel-booking-engine-pms-plugin-1-5-3-arbitrary-file-upload-leading-to-rce

Copyright 2026, cxsecurity.com

 

Back to Top