CVE-2020-29047 – This vulnerability allows remote attackers to e... (How to Fix)

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on WordPress sites using the wp-hotel-booking plugin through version 1.10.2. Attackers can exploit insecure deserialization in the plugin's session handling to achieve remote code execution. All WordPress installations with the vulnerable plugin version are affected.

💻 Affected Systems

Products:

WordPress wp-hotel-booking plugin

Versions: Through 1.10.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with the vulnerable plugin version are affected regardless of configuration.

📦 What is this software?

Wp Hotel Booking by Thimpress

View all CVEs affecting Wp Hotel Booking →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary code, install backdoors, steal data, deface websites, or pivot to other systems.

🟠

Likely Case

Remote code execution leading to website defacement, data theft, or installation of malware/backdoors.

🟢

If Mitigated

Attack prevented through proper input validation and secure deserialization practices.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires manipulating the thimpress_hotel_booking_1 cookie to trigger insecure deserialization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.10.3 and later

Vendor Advisory: https://wordpress.org/plugins/wp-hotel-booking/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'WP Hotel Booking' plugin
4. Click 'Update Now' if available
5. If no update available, deactivate and delete the plugin
6. Install the latest version from WordPress repository

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily disable the wp-hotel-booking plugin until patched

wp plugin deactivate wp-hotel-booking

Web Application Firewall rule

all

Block requests containing malicious serialized data in thimpress_hotel_booking_1 cookie

🧯 If You Can't Patch

Implement strict input validation and sanitization for all cookie data
Deploy web application firewall with rules to detect and block deserialization attacks

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins for wp-hotel-booking version 1.10.2 or earlier

Check Version:

wp plugin get wp-hotel-booking --field=version

Verify Fix Applied:

Verify wp-hotel-booking plugin version is 1.10.3 or later in WordPress admin

📡 Detection & Monitoring

Log Indicators:

Unusual PHP errors related to unserialize()
Suspicious POST/GET requests with manipulated cookies
Unexpected process execution from web server

Network Indicators:

HTTP requests with thimpress_hotel_booking_1 cookie containing serialized PHP objects
Unusual outbound connections from web server

SIEM Query:

source="web_logs" AND (cookie="*thimpress_hotel_booking_1*" AND (cookie="*O:*" OR cookie="*C:*" OR cookie="*a:*"))

📊 Metadata

CVE ID: CVE-2020-29047

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

Published: March 3, 2021

Last Updated: November 21, 2024

🔗 References

https://appcheck-ng.com/cve-2020-29047/ Exploit,Third Party Advisory
https://wordpress.org/plugins/wp-hotel-booking/#developers Product,Third Party Advisory
https://appcheck-ng.com/cve-2020-29047/ Exploit,Third Party Advisory
https://wordpress.org/plugins/wp-hotel-booking/#developers Product,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-29047, you might also want to check these: