Lucene search
Huli of CymetricsWPEX-ID:3CD1D8D2-D2A4-45A9-9B5F-C2A56F08BE85HistoryMar 09, 2022 - 12:00 a.m.
Booking Package < 1.5.29 - Unauthenticated Sensitive Data Disclosure
2022-03-0900:00:00
huli of Cymetrics
93
sensitive data disclosure
unauthenticated access
booking package security
EPSS
0.002
Percentile
53.5%
The plugin requires a token for exporting the ical representation of it’s booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability.
When a guest make a booking via sending "action: package_app_public_action" and "mode: sendbooking" request (screenshot: https://i.imgur.com/ql7bqnl.png), there is a field "icalToken" in the response, screenshot: https://i.imgur.com/6hlNcgU.png
If the plugin has ical integration enabled, a threat actor can abuse this feature to download all the booking data, including email and name of all customers.
For example, this file is from demo site and has all the booking information: https://booking-package.saasproject.net/demo-booking/?id=1&ical=445976b9e3f3276019b4763fb138ad9895e0a641
screenshot: https://i.imgur.com/7mum5Jc.png
Related
wpvulndb
wpvulndb
Booking Package < 1.5.29 - Unauthenticated Sensitive Data Disclosure
2022-03-09 00:00:00
nvd
nvd
CVE-2022-0709
2022-04-04 16:15:09
cvelist
cvelist
prion
prion
Spoofing
2022-04-04 16:15:00
patchstack
patchstack
cve
cve
CVE-2022-0709
2022-04-04 16:15:09