CVE-2024-12737
📋 TL;DR
This vulnerability allows attackers to inject malicious scripts via unsanitized parameters in the WP BASE Booking plugin. When high-privilege users like administrators view pages containing the malicious scripts, attackers can steal credentials or perform unauthorized actions. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- WP BASE Booking of Appointments, Services and Events WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could compromise administrator accounts, leading to complete site takeover, data theft, or malware distribution to visitors.
Likely Case
Attackers steal session cookies or credentials from administrators through phishing links, enabling privilege escalation.
If Mitigated
With proper input validation and output escaping, the attack would fail to execute malicious scripts.
🎯 Exploit Status
Reflected XSS attacks are well-understood and easy to weaponize with minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.0.0
Vendor Advisory: https://wpscan.com/vulnerability/997eb9f6-80e1-4bc5-be72-bd6a6f52379c/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'WP BASE Booking' and update to version 5.0.0 or later. 4. Verify update completes successfully.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the WP BASE Booking plugin until patched.
wp plugin deactivate wp-base-booking
Implement WAF rules
allConfigure web application firewall to block XSS payloads targeting the vulnerable parameter.
🧯 If You Can't Patch
- Restrict plugin access to trusted users only using IP whitelisting or authentication requirements.
- Implement Content Security Policy (CSP) headers to mitigate script execution from untrusted sources.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Installed Plugins for WP BASE Booking version. If version is below 5.0.0, site is vulnerable.Check Version:
wp plugin get wp-base-booking --field=versionVerify Fix Applied:
Confirm plugin version shows 5.0.0 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual GET/POST requests containing script tags or JavaScript payloads to plugin endpoints
- Multiple failed login attempts following suspicious parameter requests
Network Indicators:
- HTTP requests with encoded script payloads in query parameters
- Traffic patterns showing repeated access to specific plugin URLs with varying parameters
SIEM Query:
source="wordpress.log" AND ("wp-base-booking" OR "booking") AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")