Bookster <= 1.1.0 – Unauthenticated Appointment Status Update | CVE 2024-5071 | Plugin Vulnerabilities

Description

The plugin allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved.

Proof of Concept

1. Open the Wordpress where the plugin is installed with default settings.
2. Create an appointment on a service offered. Select the agent and date of appointment. 
3. Provide the user information. Such as name, email, phonenumber, 
Select the payment method and click on submit.
4. Intercept the traffic using burp-suite. Add the parameter "book_status" with value "approved" on "apptInput" json dictionary.
5. Submit the request and observed that the booking status is changed to approved.

Affects Plugins

No known fix

References

CVE

Classification

Type

INCORRECT AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

Miscellaneous

Original Researcher

Roshan Cheriyan

Submitter

Roshan Cheriyan

Submitter twitter

Verified

Yes

WPVDB ID

07b293cf-5174-45de-8606-a782a96a35b3

Timeline

Publicly Published

2024-06-05 (about 26 days ago)

Added

2024-06-05 (about 25 days ago)

Last Updated

2024-06-05 (about 25 days ago)

Other

Published

Title

Published

2024-01-05

Title

Icegram < 3.1.22 - Contributor+ Campaign Status Toggle / Duplication

Published

2022-05-09

Title

Change wp-admin Login < 1.1.0 - Unauthenticated Arbitrary Settings Update

Published

2024-01-29

Title

Avada < 7.11.2 - Subscriber+ Portfolio Permalinks Creation

Published

2022-11-16

Title

SVG Support 2.5-2.5.1 - Author+ Stored XSS

Published

2021-11-09

Title

Get Custom Field Values < 4.0 - Contributors+ Arbitrary Post Metadata Access