WPBookit WordPress Plugin Missing Authorization Vulnerability Allows Unauthenticated Data Exposure
Vulnerability
A vulnerability in the WPBookit plugin for WordPress, present in all versions through 1.0.8, allows unauthenticated users to access sensitive customer information. This issue arises from a lack of proper authorization checks on the 'get_customer_list' route, enabling the retrieval of data such as names, email addresses, phone numbers, dates of birth, and gender.
Impact
Exploitation of this vulnerability leads to unauthorized access to sensitive customer information.
Reproduction
The vulnerability can be reproduced by sending a request to the 'get_customer_list' route without authentication. This can be done using a tool like Postman or through a custom script that omits the necessary authentication headers. Once the request is sent, the response will include sensitive customer data, demonstrating the lack of authorization on this endpoint.
Remediation
Users are advised to update the WPBookit plugin to version 1.0.9 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.