Lucene search
Roshan CheriyanWPEX-ID:07B293CF-5174-45DE-8606-A782A96A35B3HistoryJun 05, 2024 - 12:00 a.m.
Bookster <= 1.1.0 - Unauthenticated Appointment Status Update
2024-06-0500:00:00
Roshan Cheriyan
8
wordpress
appointment
unauthenticated
burp-suite
exploit
security vulnerability
Description The plugin allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved.
1. Open the Wordpress where the plugin is installed with default settings.
2. Create an appointment on a service offered. Select the agent and date of appointment.
3. Provide the user information. Such as name, email, phonenumber,
Select the payment method and click on submit.
4. Intercept the traffic using burp-suite. Add the parameter "book_status" with value "approved" on "apptInput" json dictionary.
5. Submit the request and observed that the booking status is changed to approved.Related
nvd
nvd
CVE-2024-5071
2024-06-26 06:15:16
vulnrichment
vulnrichment
CVE-2024-5071 Bookster <= 1.1.0 - Unauthenticated Appointment Status Update
2024-06-26 06:00:04
wpvulndb
wpvulndb
Bookster <= 1.1.0 - Unauthenticated Appointment Status Update
2024-06-05 00:00:00
cvelist
cvelist
CVE-2024-5071 Bookster <= 1.1.0 - Unauthenticated Appointment Status Update
2024-06-26 06:00:04
cve
cve
CVE-2024-5071
2024-06-26 06:15:16
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:07B293CF-5174-45DE-8606-A782A96A35B3