Booking for Appointments and Events Calendar - Amelia Improper Authorization Vulnerability Allowing Unauthenticated Booking Approval
Vulnerability
A vulnerability exists in the Booking for Appointments and Events Calendar - Amelia plugin for WordPress, in all versions through 2.1.2. The issue stems from a logical flaw in the authorization process, where token validation is bypassed for bookings marked as 'waiting'. This flaw enables unauthenticated users to approve any booking in 'waiting' status by sending a specially crafted request to the public admin-ajax endpoint.
Impact
Exploitation of this vulnerability allows for unauthorized approval of bookings that are in 'waiting' status, potentially leading to unauthorized access or actions within the application.
Reproduction
To reproduce this vulnerability, send a request to the admin-ajax endpoint with a token that corresponds to a booking in 'waiting' status. The request can be made without authentication, bypassing the authorization checks that are normally in place.
Remediation
Users are advised to update the Amelia plugin to version 2.3 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.