Amelia Booking WordPress Plugin Insecure Direct Object Reference Vulnerability Allowing Unauthorized Password Changes
Vulnerability
A vulnerability allowing Insecure Direct Object References has been identified in the Amelia Booking plugin for WordPress, affecting versions through 9.1.2. This vulnerability arises from the plugin's user-controlled access to objects, which can be exploited by authenticated users with customer-level permissions or higher. The flaw allows these users to bypass authorization and access system resources, enabling them to change passwords of other users and potentially take over administrator accounts.
Impact
Exploitation of this vulnerability could lead to unauthorized password changes, allowing attackers to gain control over user accounts, including those with administrative privileges.
Reproduction
To reproduce this vulnerability, an authenticated user with customer-level permissions can send a request to the password update endpoint, including the ID of the user whose password is to be changed. The request must be crafted to exploit the Insecure Direct Object Reference, bypassing normal authorization checks.
Remediation
Users are advised to update the Amelia Booking plugin to version 9.2 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.