CVE-2024-2441

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-285
View all →

Vulnerability Description

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they shouldn't be allowed to.

Related Vulnerabilities

CVE-2016-10859

HIGH
CVSS:8.1(High)

cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65).

CWE-2852016

CVE-2016-7143

HIGH
CVSS:8.1(High)

The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE p...

CWE-2852016

CVE-2018-1082

HIGH
CVSS:8.1(High)

A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.

CWE-2852018

CVE-2018-10861

HIGH
CVSS:8.1(High)

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches mast...

CWE-2852018

CVE-2018-14637

HIGH
CVSS:8.1(High)

The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.

CWE-2852018

CVE-2018-15465

HIGH
CVSS:8.1(High)

A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privilege...

CWE-2852018