CVE-2024-1634
📋 TL;DR
This vulnerability in the Scheduling Plugin – Online Booking for WordPress allows unauthenticated attackers to disconnect the plugin from the startbooking service and delete connection data, disrupting booking functionality. It affects all WordPress sites using the plugin up to version 3.5.10.
💻 Affected Systems
- Scheduling Plugin – Online Booking for WordPress
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers cause service disruption by disconnecting the plugin, leading to loss of booking data and operational downtime for businesses relying on online scheduling.
Likely Case
Unauthenticated users exploit the flaw to disconnect the plugin, resulting in temporary loss of booking capabilities until reconnection.
If Mitigated
With proper access controls or patching, the impact is minimal, as only authorized users can manage plugin settings.
🎯 Exploit Status
Exploitation requires sending a crafted request to the vulnerable function, which is straightforward due to missing authentication checks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 3.5.11 or later
Vendor Advisory: https://wordpress.org/plugins/calendar-booking/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Scheduling Plugin – Online Booking' and click 'Update Now' if available. 4. Alternatively, download the latest version from the WordPress plugin repository and upload it manually.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily deactivate the plugin to prevent exploitation until patching is possible.
wp plugin deactivate calendar-booking
Restrict Access via Firewall
linuxBlock unauthorized access to the plugin's admin functions using a web application firewall (WAF) or .htaccess rules.
# Example .htaccess rule to block specific paths
RewriteRule ^wp-content/plugins/calendar-booking/.*\.php$ - [F,L]
🧯 If You Can't Patch
- Monitor logs for unauthorized access attempts to plugin functions and implement network segmentation to limit exposure.
- Use a WAF to block malicious requests targeting the vulnerable endpoint and regularly backup plugin data to recover from disruptions.
🔍 How to Verify
Check if Vulnerable:
Check the plugin version in WordPress admin under Plugins > Installed Plugins; if version is 3.5.10 or lower, it is vulnerable.Check Version:
wp plugin get calendar-booking --field=versionVerify Fix Applied:
After updating, confirm the plugin version is 3.5.11 or higher in the same location and test that unauthorized disconnection requests are blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to '/wp-admin/admin-ajax.php' with action 'cbsb_disconnect_settings' from unauthenticated IPs.
Network Indicators:
- Spikes in traffic to WordPress admin endpoints from external sources without authentication.
SIEM Query:
source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND action="cbsb_disconnect_settings" AND user="-"🔗 References
- https://wordpress.org/plugins/calendar-booking/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/60e642f9-74ff-47f1-a49d-99c8fdb26f4a?source=cve
- https://wordpress.org/plugins/calendar-booking/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/60e642f9-74ff-47f1-a49d-99c8fdb26f4a?source=cve
