cve/2024/CVE-2024-2441.md

### [CVE-2024-2441](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2441)
![](https://img.shields.io/static/v1?label=Product&message=VikBooking%20Hotel%20Booking%20Engine%20%26%20PMS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.6.8%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen)

### Description

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they shouldn't be allowed to.

### POC

#### Reference
- https://wpscan.com/vulnerability/9647e273-5724-4a02-868d-9b79f4bb2b79/

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2024-2441](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2441)`
			`![](https://img.shields.io/static/v1?label=Product&message=VikBooking%20Hotel%20Booking%20Engine%20%26%20PMS&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.6.8%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen)`

			`### Description`

			`The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they shouldn't be allowed to.`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/9647e273-5724-4a02-868d-9b79f4bb2b79/`

			`#### Github`
			`No PoCs found on GitHub currently.`