CVE-2022-27863: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2022-27863 affects E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin versions 1.5.3 and below for WordPress. This sensitive information exposure vulnerability was discovered and disclosed in March 2022, allowing attackers to access booking data by guessing or brute-forcing predictable booking IDs through search POST requests (CVE Mitre, Patchstack).

The vulnerability has been assigned a CVSS score of 5.3 (Low severity) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N. The security issue allows unauthenticated users to access sensitive booking information through predictable booking IDs, which can be exploited via search POST requests (Patchstack).

The vulnerability could allow malicious actors to view sensitive booking information that is normally not accessible to regular users. This exposure of sensitive data could potentially be used to exploit other weaknesses in the system (Patchstack).

The vulnerability has been fixed in version 1.5.4 of the VikBooking Hotel Booking Engine & PMS plugin. Users are advised to update to version 1.5.4 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).