Course Booking System Missing Authorization Vulnerability in CSV Export
Vulnerability
A vulnerability exists in the Course Booking System plugin for WordPress, in all versions through 6.1.5. The issue arises from a missing capability check in the 'csv-export.php' file, allowing unauthorized access to booking data. This flaw enables unauthenticated attackers to directly retrieve an export of all booking information.
Impact
Exploitation of this vulnerability allows unauthenticated users to access and export sensitive booking data, potentially leading to unauthorized disclosure of personal information.
Reproduction
To reproduce this vulnerability, send a request to the 'csv-export.php' file without the required authorization. This can be done by omitting the necessary capability checks, such as the 'export-nonce' verification. The absence of these checks in versions through 6.1.5 allows for direct access to the booking data export.
Remediation
Users are advised to update the Course Booking System plugin to version 6.1.6 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.