BookingPress < 1.1.23 – Unauthenticated Export File Download | CVE 2024-12274 | Plugin Vulnerabilities

Description

The plugin export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist).

Proof of Concept

1. Create a booking page in http://{YOUR-HOST}/wordpress/my-bookings (optional).
2. Go to Settings > Import/Export > Select to export some information such as Wordpress Users.

As unauthenticated, access https://example.com/wp-content/uploads/bookingpress_export_records/bookingpress_export_data-1.txt (or bookingpress_export_data-2.txt etc if more exports were done) to get some sensitive information of admin user and booking users, etc...(wordpress username, hashed password, email, phone number, smtp password etc)

Affects Plugins

bookingpress-appointment-booking

Fixed in 1.1.23

References

CVE

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Submitter

Thanh Hang

Verified

Yes

WPVDB ID

e3176c9a-63f3-4a28-a8a7-8abb2b4100ef

Timeline

Publicly Published

2024-12-23 (about 1 year ago)

Added

2024-12-23 (about 1 year ago)

Last Updated

2024-12-23 (about 1 year ago)

Other

Published

Title

Published

2025-05-30

Title

WooCommerce Orders & Customers Exporter <= 5.0 - Authenticated (Subscriber+) Information Exposure

Published

2024-10-14

Title

Contact Forms, Live Support, CRM, Video Messages < 1.11.1 - Unauthenticated Information Disclosure

Published

2024-06-20

Title

affiliate-toolkit < 3.4.5 - Unauthenticated Sensitive Information Exposure via Logs

Published

2025-12-15

Title

Fancy Product Designer | WooCommerce WordPress < 6.5.0 - Unauthenticated Information Disclosure via 'url' Parameter

Published

2024-02-20

Title

Error Log Viewer < 1.1.3 - Directory Listing to Sensitive Data Exposure