Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Booking Calendar by WpDevArt - Unauthenticated Parameter Manipulation
# Exploit Title: Booking Calendar by WpDevArt - Unauthenticated Parameter Manipulation
# Date: 25/04/2018
# Exploit Author: B0UG
# Vendor Homepage: https://wpdevart.com/wordpress-booking-calendar-plugin/
# Software Link: https://wordpress.org/plugins/booking-calendar/
# Version: Tested on version 2.2.2 (Older versions may be affected)
# Tested on: WordPress
# Category : Webapps
# CVE: CVE-2018-10363
I. VULNERABILITY
-------------------------
Unauthenticated Parameter Manipulation
II. BACKGROUND
-------------------------
Booking Calendar is a WordPress plugin which has been designed to provide reservation systems for WordPress websites.
III. DESCRIPTION
-------------------------
Multiple parameters can be manipulated to allow unauthenticated remote attackers to manipulate the values to change data such as prices.
IV. PROOF OF CONCEPT
-------------------------
POC will be updated as soon as the vendor decides they would like to resolve these issues.
V. IMPACT
-------------------------
Attackers can manipulate values to change data such as prices which can ultimately cause financial losses.
VI. SYSTEMS AFFECTED
-------------------------
WordPress websites running "Booking Calendar" plugin version 2.2.2 (older and newer versions may also be affected).
VII. REMEDIATION
-------------------------
Highly recommend for users to remove the plugin until the vendors have managed to resolve the issues.
VIII. DISCLOSURE TIMELINE
-------------------------
April 24, 2018 1: Vulnerability identified.
April 25, 2018 2: Informed developer of the vulnerability.
April 25, 2018 3: Vendor replied to discuss the vulnerability in more detail.
April 25, 2018 4: Vendor stated that the issues were related to PayPal.
May 17, 2018 5: Explained in further detail of the issues and how they can be resolved.
May 17, 2018 6: Vendor acknowledges my response and states it has been passed to their developers.
June 7, 2018 7: Enquired if they had managed to resolve the issue.
June 7, 2018 8: Vendor stated they are working on a bigger project and will do it in the future.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment