Simple Bike Rental WordPress Plugin Missing Capability Check Vulnerability Allows Unauthorized Data Access
Vulnerability
A vulnerability exists in the Simple Bike Rental plugin for WordPress, in all versions through 1.0.6. The issue arises from a missing capability check on the 'simpbire_carica_prenotazioni' AJAX action, which allows authenticated attackers with Subscriber-level access and above to access sensitive booking data. This data includes personally identifiable information (PII) such as names, email addresses, and phone numbers.
Impact
Exploitation of this vulnerability leads to unauthorized access to sensitive booking information, including customers' personally identifiable information (PII) such as names, email addresses, and phone numbers.
Reproduction
To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the 'simpbire_carica_prenotazioni' AJAX action without the necessary capability check. This can be done by including the 'security' parameter with a valid nonce for the action, bypassing the authorization requirement and accessing the booking data.
Remediation
Users are advised to update the Simple Bike Rental plugin to version 1.0.7 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.