A vulnerability was found in e4jvikwp VikBooking Plugin up to 1.8.8. It has been rated as problematic. This issue affects some unknown processing of the component Booking Engine. This manipulation of the argument special_requests causes cross site scripting.

This vulnerability is handled as CVE-2026-6818. The attack can be initiated remotely. There is not any exploit available.