Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Booking Calendar by WpDevArt - Unauthenticated Parameter Manipulation
# Exploit Title: Booking Calendar by WpDevArt - Unauthenticated Parameter Manipulation
# Date: 25/04/2018
# Exploit Author: B0UG
# Vendor Homepage: https://wpdevart.com/wordpress-booking-calendar-plugin/
# Software Link: https://wordpress.org/plugins/booking-calendar/
# Version: Tested on version 2.2.2 (Older versions may be affected)
# Tested on: WordPress
# Category : Webapps
# CVE: CVE-2018-10363
I. VULNERABILITY
-------------------------
Unauthenticated Parameter Manipulation
II. BACKGROUND
-------------------------
Booking Calendar is a WordPress plugin which has been designed to provide reservation systems for WordPress websites.
III. DESCRIPTION
-------------------------
Multiple parameters can be manipulated to allow unauthenticated remote attackers to manipulate the values to change data such as prices.
IV. PROOF OF CONCEPT
-------------------------
POC will be updated as soon as the vendor decides they would like to resolve these issues.
V. IMPACT
-------------------------
Attackers can manipulate values to change data such as prices which can ultimately cause financial losses.
VI. SYSTEMS AFFECTED
-------------------------
WordPress websites running "Booking Calendar" plugin version 2.2.2 (older and newer versions may also be affected).
VII. REMEDIATION
-------------------------
Highly recommend for users to remove the plugin until the vendors have managed to resolve the issues.
VIII. DISCLOSURE TIMELINE
-------------------------
April 24, 2018 1: Vulnerability identified.
April 25, 2018 2: Informed developer of the vulnerability.
April 25, 2018 3: Vendor replied to discuss the vulnerability in more detail.
April 25, 2018 4: Vendor stated that the issues were related to PayPal.
May 17, 2018 5: Explained in further detail of the issues and how they can be resolved.
May 17, 2018 6: Vendor acknowledges my response and states it has been passed to their developers.
June 7, 2018 7: Enquired if they had managed to resolve the issue.
June 7, 2018 8: Vendor stated they are working on a bigger project and will do it in the future.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.