CVE-2024-12274
📋 TL;DR
This vulnerability allows unauthenticated attackers to access exported data files from the Appointment Booking Calendar Plugin for WordPress. The plugin exports settings to a public folder with predictable filenames, exposing potentially sensitive configuration data. Any WordPress site using vulnerable versions of this plugin is affected.
💻 Affected Systems
- Appointment Booking Calendar Plugin and Scheduling Plugin for WordPress
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive plugin configuration data, database credentials, or other exported information that could lead to further compromise of the WordPress site.
Likely Case
Unauthenticated users can download exported configuration files containing plugin settings, which may include API keys, email addresses, or other operational data.
If Mitigated
With proper access controls and file permissions, the impact is limited to potential information disclosure of non-sensitive plugin settings.
🎯 Exploit Status
Exploitation requires guessing predictable filenames in the public export directory; no authentication or special tools needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.1.23
Vendor Advisory: https://wpscan.com/vulnerability/e3176c9a-63f3-4a28-a8a7-8abb2b4100ef/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Appointment Booking Calendar Plugin and Scheduling Plugin'. 4. Click 'Update Now' if available, or download version 1.1.23+ from WordPress repository. 5. Activate the updated plugin.
🔧 Temporary Workarounds
Remove public export files
Linux/UnixManually delete any exported files from the public plugin directory to prevent access
rm -rf /wp-content/plugins/appointment-booking-calendar/export/*
Restrict directory access
ApacheAdd .htaccess rules to block access to the export directory
Add 'Deny from all' to /wp-content/plugins/appointment-booking-calendar/export/.htaccess
🧯 If You Can't Patch
- Disable the plugin entirely until patching is possible
- Implement web application firewall rules to block access to predictable export file patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for 'Appointment Booking Calendar Plugin and Scheduling Plugin' version numberCheck Version:
wp plugin list --name='appointment-booking-calendar' --field=versionVerify Fix Applied:
Confirm plugin version is 1.1.23 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- HTTP 200 responses to requests for /wp-content/plugins/appointment-booking-calendar/export/* files
- Multiple failed attempts to access predictable export filenames
Network Indicators:
- Unusual GET requests to plugin export directory from unauthenticated users
- Traffic patterns showing sequential filename guessing
SIEM Query:
source="web_server" AND (uri_path="/wp-content/plugins/appointment-booking-calendar/export/*" OR user_agent CONTAINS "scanner")