CVE-2022-1528

Name of the Vulnerable Software and Affected Versions VikBooking Hotel Booking Engine & PMS WordPress plugin versions prior to 1.5.9

Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the plugin does not properly escape the current URL before putting it back in a JavaScript context.

Recommendations For versions prior to 1.5.9, update to version 1.5.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's JavaScript context until a patch is applied.