QID 150794

Date Published: 2024-02-14

QID 150794: WordPress Booking Calendar Plugin: Unauthenticated SQL Injection Vulnerability (CVE-2024-1207)

Booking Calendar plugin is an nice and user friendly tool for creating reservation systems for your WordPress website.

The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Affected Versions:
WordPress Booking Calendar Plugin before 9.9.1

QID Detection Logic:
This QID sends a HTTP GET request and checks for vulnerable version of WordPress plugin running on the target application.

An unauthorized attacker could use this weakness to get into the system, access the database, take sensitive information, and control the database by making changes or deletions using SQL commands.

CVSS V3 rated as Critical - 9.8 severity.

CVSS V2 rated as Critical - 10 severity.

Solution

Customers are advised to upgrade to Booking Calendar 9.9.1 or later version to remediate this vulnerability.

Vendor References

Wordfence - www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/booking/booking-calendar-99-unauthenticated-sql-injection

CVEs related to QID 150794

CVE-2024-1207 |

Software Advisories

Advisory ID	Software	Component	Link
WP Booking Calendar			wordpress.org/plugins/booking/#developers

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].