WordPress Plugin Vulnerabilities
BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id
Description
The plugin suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointment_id query parameter.
Proof of Concept
curl -s "http://host/thank-you/?appointment_id=$(echo 2 | base64 )" | grep "(service|datetime|customer)" changing the number reveals the customer name tied to this appointment if there is no result then this appointment is not reversed yet.
Affects Plugins
References
CVE
Classification
Type
IDOR
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Hussien Misbah
Submitter
Hussien Misbah
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-12-07 (about 1 years ago)
Added
2022-12-07 (about 1 years ago)
Last Updated
2022-12-07 (about 1 years ago)