Created
June 7, 2018 20:11
-
-
Save B0UG/68d3161af0c0ec85c615ca7452f9755e to your computer and use it in GitHub Desktop.
Booking Calendar by WpDevArt - Unauthenticated Parameter Manipulation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Exploit Title: Booking Calendar by WpDevArt - Unauthenticated Parameter Manipulation | |
# Date: 25/04/2018 | |
# Exploit Author: B0UG | |
# Vendor Homepage: https://wpdevart.com/wordpress-booking-calendar-plugin/ | |
# Software Link: https://wordpress.org/plugins/booking-calendar/ | |
# Version: Tested on version 2.2.2 (Older versions may be affected) | |
# Tested on: WordPress | |
# Category : Webapps | |
# CVE: CVE-2018-10363 | |
I. VULNERABILITY | |
------------------------- | |
Unauthenticated Parameter Manipulation | |
II. BACKGROUND | |
------------------------- | |
Booking Calendar is a WordPress plugin which has been designed to provide reservation systems for WordPress websites. | |
III. DESCRIPTION | |
------------------------- | |
Multiple parameters can be manipulated to allow unauthenticated remote attackers to manipulate the values to change data such as prices. | |
IV. PROOF OF CONCEPT | |
------------------------- | |
POC will be updated as soon as the vendor decides they would like to resolve these issues. | |
V. IMPACT | |
------------------------- | |
Attackers can manipulate values to change data such as prices which can ultimately cause financial losses. | |
VI. SYSTEMS AFFECTED | |
------------------------- | |
WordPress websites running "Booking Calendar" plugin version 2.2.2 (older and newer versions may also be affected). | |
VII. REMEDIATION | |
------------------------- | |
Highly recommend for users to remove the plugin until the vendors have managed to resolve the issues. | |
VIII. DISCLOSURE TIMELINE | |
------------------------- | |
April 24, 2018 1: Vulnerability identified. | |
April 25, 2018 2: Informed developer of the vulnerability. | |
April 25, 2018 3: Vendor replied to discuss the vulnerability in more detail. | |
April 25, 2018 4: Vendor stated that the issues were related to PayPal. | |
May 17, 2018 5: Explained in further detail of the issues and how they can be resolved. | |
May 17, 2018 6: Vendor acknowledges my response and states it has been passed to their developers. | |
June 7, 2018 7: Enquired if they had managed to resolve the issue. | |
June 7, 2018 8: Vendor stated they are working on a bigger project and will do it in the future. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment