CVE-2022-27862: 
WordPress vulnerability analysis and mitigation

CVE-2022-27862 affects VikBooking Hotel Booking Engine & PMS WordPress plugin versions 1.5.3 and below. The vulnerability was discovered and disclosed on April 18, 2022, allowing unauthenticated attackers to upload and execute dangerous file types, including PHP shells (Patchstack).

The vulnerability is classified as an Arbitrary File Upload issue with a CVSS score of 9.8, indicating critical severity. It falls under the OWASP Top 10 category A1: Injection. The vulnerability requires no authentication to exploit, making it particularly dangerous (Patchstack).

This vulnerability could allow malicious actors to upload any type of file to the affected website, including backdoors which can then be executed to gain further access to the website. The high CVSS score of 9.8 indicates that this vulnerability is highly dangerous and expected to become mass exploited (Patchstack).

The vulnerability has been fixed in version 1.5.4 of the VikBooking plugin. Users are advised to update to version 1.5.4 or later immediately to remove the vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until users update to a fixed version (Patchstack).