WP Hotel Booking Plugin Sensitive Information Exposure Vulnerability

A vulnerability allowing sensitive information exposure has been identified in the WP Hotel Booking plugin for WordPress, affecting all versions through 2.2.7. The issue arises because the plugin's 'hotel_booking_fetch_customer_info' AJAX action is accessible to unauthenticated users without adequate capability checks. It relies solely on a nonce for protection, enabling unauthorized attackers to retrieve sensitive customer data such as full names, addresses, phone numbers, and email addresses. Exploitation requires a valid email address and a publicly accessible nonce.

Impact

Exploitation of this vulnerability allows unauthenticated users to access sensitive customer information, including names, addresses, phone numbers, and email addresses.

Reproduction

To reproduce this vulnerability, send a request to the 'hotel_booking_fetch_customer_info' AJAX action without authentication. Include a valid email address and a publicly accessible nonce. The response will contain sensitive customer information associated with the provided email address.

Remediation

Users are advised to update the WP Hotel Booking plugin to version 2.2.8 or later, where this vulnerability has been patched.