WordPress Plugin Vulnerabilities
Bookster <= 1.1.0 - Unauthenticated Appointment Status Update
Description
The plugin allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved.
Proof of Concept
1. Open the Wordpress where the plugin is installed with default settings. 2. Create an appointment on a service offered. Select the agent and date of appointment. 3. Provide the user information. Such as name, email, phonenumber, Select the payment method and click on submit. 4. Intercept the traffic using burp-suite. Add the parameter "book_status" with value "approved" on "apptInput" json dictionary. 5. Submit the request and observed that the booking status is changed to approved.
Affects Plugins
References
CVE
Classification
Type
INCORRECT AUTHORISATION
OWASP top 10
CWE
Miscellaneous
Original Researcher
Roshan Cheriyan
Submitter
Roshan Cheriyan
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2024-06-05 (about 26 days ago)
Added
2024-06-05 (about 25 days ago)
Last Updated
2024-06-05 (about 25 days ago)