Huli

**Name of the Vulnerable Software and Affected Versions** E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin version 1.5.3 and earlier **Description** The issue allows for Arbitrary File Upload leading to Remote Code Execution (RCE) via the signature upload on the booking form, enabling attackers to upload and execute dangerous file types, such as PHP shells. **Recommendations** For versions 1.5.3 and earlier, update to a version later than 1.5.3 to resolve the issue. As a temporary workaround, consider disabling the signature upload feature on the booking form until a patch is available. Restrict access to the booking form to minimize the risk of exploitation. Avoid using the vulnerable plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin versions <= 1.5.3 **Description** The issue allows attackers to obtain booking data by guessing or brute-forcing easily predictable booking IDs via search POST requests to API endpoints such as `/api/search`. The `booking id` variable is vulnerable to this type of attack. This can lead to sensitive information exposure. **Recommendations** For E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin versions <= 1.5.3, update to a version greater than 1.5.3 to resolve the issue. As a temporary workaround, consider restricting access to the search functionality to minimize the risk of exploitation. Avoid using easily predictable `booking id` values in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** The Salon booking system Free and pro WordPress plugins versions prior to 7.6.3 **Description** The issue allows unauthenticated users to search other's bookings and retrieve sensitive information, including full name, email, and phone number of the person who booked it, due to improper authorization when searching bookings. **Recommendations** For versions prior to 7.6.3, update to version 7.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the booking search functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** The Salon booking system Free and Pro WordPress plugins versions prior to 7.6.3 **Description** The issue is related to improper authorization in some endpoints of the plugin, which could allow customers to access all bookings and other customers' data. **Recommendations** For versions prior to 7.6.3, update to version 7.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected endpoints until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Booking Package WordPress plugin versions prior to 1.5.29 **Description** The issue allows unauthenticated users to obtain sensitive data due to the disclosure of a token used for exporting the ical representation of the booking calendar. This token is returned in the json response when an unauthenticated user performs a booking. **Recommendations** For versions prior to 1.5.29, update to version 1.5.29 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Amelia WordPress plugin versions prior to 1.0.49 **Description** The issue concerns a lack of proper authorization when managing appointments. This allows any customer to update the booking status of others and retrieve sensitive information about bookings, including the full name and phone number of the person who made the booking. **Recommendations** For versions prior to 1.0.49, update to version 1.0.49 or later to resolve the issue. As a temporary workaround, consider restricting access to appointment management features to minimize the risk of unauthorized updates or data retrieval.

**Name of the Vulnerable Software and Affected Versions** Amelia WordPress plugin versions prior to 1.0.48 **Description** The issue allows any customer to send paid test SMS notifications and retrieve sensitive information about the admin, such as email, account balance, and payment history. A malicious actor can abuse this to drain the account balance by sending SMS notifications. **Recommendations** For versions prior to 1.0.48, update to version 1.0.48 or later to resolve the issue. As a temporary workaround, consider restricting access to the Amelia SMS service to prevent unauthorized use.

**Name of the Vulnerable Software and Affected Versions** Amelia WordPress plugin version 1.0.46 and earlier **Description** The issue allows any customer to update other's bookings and retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it, due to improper authorisation when managing appointments. **Recommendations** For Amelia WordPress plugin version 1.0.46 and earlier, update to version 1.0.47 or later to resolve the issue.