CVE-2024-2441

Name of the Vulnerable Software and Affected Versions VikBooking Hotel Booking Engine & PMS WordPress plugin versions prior to 1.6.8

Description The issue allows an authenticated user with subscriber privileges or above to bypass authorization and access settings they shouldn't be allowed to. This is due to direct access to menus being permitted.

Recommendations For versions prior to 1.6.8, update to version 1.6.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin to minimize the risk of exploitation.