WordPress Plugin Vulnerabilities

Booking Package < 1.5.29 - Unauthenticated Sensitive Data Disclosure

Description

The plugin requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
booking-package
Fixed in 1.5.29

References

CVE
CVE-2022-0709

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
7.5 (high)

Miscellaneous

Original Researcher
huli of Cymetrics
Submitter
huli of Cymetrics
Submitter website
https://cymetrics.io/
Verified
Yes
WPVDB ID
3cd1d8d2-d2a4-45a9-9b5f-c2a56f08be85

Timeline

Publicly Published
2022-03-09 (about 3 years ago)
Added
2022-03-09 (about 3 years ago)
Last Updated
2022-04-17 (about 3 years ago)

Other

Published
Title
Published
2024-04-09
Title
WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score < 7.1.0 - Sensitive Information Exposure via insufficiently protected files
Published
2023-11-30
Title
JetBackup < 2.0.9.9 - Directory Listing Exposing Backups
Published
2025-01-06
Title
Passster – Password Protect Pages and Content < 4.2.11 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
Published
2024-02-02
Title
Total Upkeep < 1.15.9 - Improper Authorization to Unauthenticated Arbitrary File Download
Published
2024-01-15
Title
FastDup – Fastest WordPress Migration & Duplicator < 2.2 - Directory Listing to Account Takeover and Sensitive Data Exposure