WP Booking System

8 May 2019

Vulnerability Details: Authenticated SQL Injection in WP Booking System

The changelog for the latest version of WP Booking System is “Security Improvements”. Looking at the changes made we found that refers to fixing several SQL injection vulnerabilities, though not through the most ideal method, as they were fixed with usage of the function esc_sql() instead of prepared statements. The vulnerabilities could have been exploited by logged in WordPress users and through cross-site request forgery (CSRF).

…

[Read more]

19 May 2017

Vulnerability Details: Persistent Cross-Site Scripting (XSS) Vulnerability in WP Booking System

An advisory was released by the JPCERT/CC and IPA that a persistent cross-site scripting vulnerability had been fixed in version 1.4 of the plugin WP Booking System, which was discovered by “Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University”. In looking at the changes made in that version we found that this involved form submissions for the plugin.

…

[Read more]

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

Tag Archives: WP Booking System

Vulnerability Details: Authenticated SQL Injection in WP Booking System

Vulnerability Details: Persistent Cross-Site Scripting (XSS) Vulnerability in WP Booking System