Login Sign Up

CVE-2024-6467

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in the BookingPress WordPress plugin allows authenticated attackers with Subscriber-level access or higher to read arbitrary files from the server and create new files containing that content. This can lead to remote code execution or sensitive information disclosure. All WordPress sites using vulnerable versions of the BookingPress plugin are affected.

💻 Affected Systems

Products:
  • BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin for WordPress
Versions: All versions up to and including 1.1.5
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires at least Subscriber-level WordPress user account (lowest privilege level).

📦 What is this software?

Bookingpress by Reputeinfosystems

View all CVEs affecting Bookingpress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise through arbitrary PHP code execution, leading to data theft, ransomware deployment, or complete site takeover.

🟠

Likely Case

Sensitive file disclosure (database credentials, configuration files) leading to further exploitation or data breach.

🟢

If Mitigated

Limited impact if proper file permissions and web application firewalls block exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but uses simple file manipulation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1.6 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3116857/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find BookingPress plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.1.6+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable BookingPress Plugin

all

Temporarily disable the vulnerable plugin until patching is possible.

wp plugin deactivate bookingpress-appointment-booking

Restrict User Registration

all

Disable new user registration to prevent attackers from obtaining Subscriber accounts.

Set 'Anyone can register' to false in WordPress Settings → General

🧯 If You Can't Patch

  • Implement strict file permissions (755 for directories, 644 for files) to limit file creation/write capabilities.
  • Deploy web application firewall (WAF) rules to block requests to the vulnerable 'bookingpress_save_lite_wizard_settings_func' function.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins for BookingPress version. If version is 1.1.5 or lower, you are vulnerable.

Check Version:

wp plugin get bookingpress-appointment-booking --field=version

Verify Fix Applied:

After updating, verify BookingPress plugin version shows 1.1.6 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

  • POST requests to /wp-admin/admin-ajax.php with action=bookingpress_save_lite_wizard_settings_func
  • Unusual file creation in wp-content/uploads/bookingpress_temp or similar directories
  • PHP error logs showing file read/write operations from BookingPress

Network Indicators:

  • HTTP requests with file path parameters in POST data to admin-ajax.php

SIEM Query:

source="web_access_logs" AND uri="/wp-admin/admin-ajax.php" AND post_data="bookingpress_save_lite_wizard_settings_func"

📊 Metadata

CVE ID: CVE-2024-6467
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: July 17, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON